Connect this data source on your own, using the Hunters platform.
Overview
Table name: aws_eks_control_manager_logs
Kubernetes, or K8s, is an open-source platform that automates the scaling, deployment, and management of application containers. These containers bundle the code and its dependencies, ensuring applications run consistently across different environments. One of Kubernetes' standout features is its ability to run seamlessly across various cloud providers, with services like Amazon EKS offering fully-managed Kubernetes environments.
Control Plane Logs provide insights into the activities and operations of the Control Plane of Kubernetes, which comprises the API Server, Scheduler, Controller Manager, etc. This is mostly about what Kubernetes itself is doing to manage your workload. These logs record events like scheduling decisions, control loops activity, system jobs, and API server requests. They are essential to understand the working and health of the Kubernetes system itself.
Send data to Hunters
To connect AWS EKS Control Plane logs:
Follow this guide to collect logs to CloudWatch within AWS.
Follow this guide to ship logs to a destination bucket using AWS lambda.
Once the export is completed and the logs are collected to S3, follow the steps in this section.
Expected format
API Server Logs
Logs are expected in text format.
I0705 16:59:29.403648 10 trace.go:205] Trace[900000000]\: "Create" url:/api/v1/namespaces/api/pods,user-agent:kube-controller-manager/v1.23.17 (linux/amd64) kubernetes/d5ce2ce/system:serviceaccount:kube-system:replicaset-controller,audit-id:eea6c20d-3830-4b2b-8f89-57718879f60c,client:172.11.4.9,accept:application/vnd.kubernetes.protobuf, _/_,protocol:HTTP/2.0 (05-Jul-2023 16:59:28.771) (total time: 631ms):
Scheduler Logs
Logs are expected in text format.
I0717 06:58:59.000741 11 node_tree.go:65] "Added node in listed group to NodeTree" node="ip-172-2-1-3.us-west-2.compute.internal" zone="us-west-2:\\x00:us-west-2b"
Cloud Controller Manager Logs
Logs are expected in text format.
I0705 17:09:20.540556 11 controller.go:265] Node changes detected, triggering a full node sync on all loadbalancer services
Controller Manager Logs
Logs are expected in text format.
I0717 05:24:59.182706 11 configmap_cafile_content.go:202] "Starting controller" name="client-ca::kube-system::extension-apiserver-authentication::requestheader-client-ca-file"
API Server Audit Logs
Logs are expected in NDJSON format.
{"kind":"Event","apiVersion":"audit.k8s.io/v1","level":"Request","auditID":"b6f50598-a243-4c9e-9c4f-eeeeeeeeee","stage":"ResponseComplete","requestURI":"/api/v1/nodes/ip-172-2-1-1.us-west-2.compute.internal?resourceVersion=0&timeout=10s","verb":"get","user":{"username":"system:node:ip-172-2-1-1.us-west-2.compute.internal","uid":"aws-iam-authenticator:8888838888:SSSSSSSSS","groups":["system:masters","system:authenticated"],"extra":{"accessKeyId":["PPPPPPPPPPP"],"arn":["arn:aws:sts::9999999:assumed-role/k8s66666666667600000006/i-bbbbbbbbbbbbb"],"canonicalArn":["arn:aws:iam::88888838888:role/k8s201955555555500000006"],"principalId":["AAAAAAAAAAA"],"sessionName":["i-ffffff"]}},"sourceIPs":["5.4.7.1"],"userAgent":"kubelet/v1.24.13 (linux/amd64) kubernetes/6305d65","objectRef":{"resource":"nodes","name":"ip-172-2-1-1.us-west-2.compute.internal","apiVersion":"v1"},"responseStatus":{"metadata":{},"code":200},"requestReceivedTimestamp":"2023-07-16T10:56:50.006034Z","stageTimestamp":"2023-07-16T10:56:50.006506Z","annotations":{"authorization.k8s.io/decision":"allow","authorization.k8s.io/reason":""}}
Authenticator Logs
Logs are expected in key-value format.
time="2023-07-04T22:16:20Z" level=info msg="Test MSG response" accesskeyid=ABCDEFG1234 accountid=123456789012 arn="abc:aws:sts::123456789012:test-roles/eks-test-deployment-application-0-us-east-1/i-04b382081234564c7" client="111.0.0.1:11111" method=POST path=/authenticate session=i-04b382012345604c7 userid=TESTUSERID1