Merge pull request #42 from kubearmor/readme-otel-adaptor-ref

Add OpenTelemetry Reference in README
kubearmor · Oct 18, 2023 · fb0c372 · fb0c372
2 parents 34b9f3b + f566d2c
commit fb0c372
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 13 deletions.
diff --git a/.github/workflows/ci-go.yml b/.github/workflows/ci-go.yml
@@ -44,6 +44,5 @@ jobs:
 
       - name: Run Gosec Security Scanner
         run: |
-          go install github.com/securego/gosec/v2/cmd/gosec@latest
-          gosec -exclude=G204,G304,G107 -exclude-dir=protobuf/ ./...  
+          make gosec
         working-directory: relay-server
diff --git a/README.md b/README.md
@@ -6,16 +6,16 @@ By default, the relay server is deployed with KubeArmor.
 
 ![Kubearmor Relay Server HLD](docs/relay-server.png)
 
-## Streaming Kubearmor events to external SIEM tools
+## Streaming Kubearmor Telemetry to external SIEM tools
 
-KubeArmor emits following types of events:
+KubeArmor emits following types of Telemetry events:
 1. **Alert**: When policy is violated
 2. **Log**: When a pod executes a syscall or any other action (such as file access, process creation, network socket create/connect/accept etc)
 3. **Message**: Internal Kubearmor daemon messages
 
 There are two approaches that one can take to stream the kubearmor events.
 1. Using kubearmor-relay stdout: This is the easiest way i.e. if the SIEM tool connects to the k8s pod logging interface then all the kubearmor events (across all nodes) are available at the kubearmor-relay stdout. [Fluentd](https://docs.fluentd.org/v/0.12/articles/kubernetes-fluentd)/[Microsoft Sentinel](https://techcommunity.microsoft.com/t5/microsoft-sentinel-blog/monitoring-azure-kubernetes-service-aks-with-microsoft-sentinel/ba-p/1583204) does support this mode wherein the `stdout` of the pod can be streamed to the SIEM tool.
-By default the stdout is turned off. To enable it update the environment variable in the deployment yaml `ENABLE_STDOUT_LOGS`, `ENABLE_STDOUT_ALERTS` , `ENABLE_STDOUT_MSGS` as `true `
+By default the stdout is turned off to not impact performance. To enable it update the environment variable in the deployment yaml `ENABLE_STDOUT_LOGS`, `ENABLE_STDOUT_ALERTS` , `ENABLE_STDOUT_MSGS` as `true `
 
 example 
 ```
@@ -29,7 +29,7 @@ example
 
 ```
 
-2. Creating an adapter for the SIEM tool. Kubearmor-relay events could be accessed using its GRPC server ([ref code](https://github.com/kubearmor/kubearmor-client/tree/main/log)) and then the events could be streamed to the SIEM tool (splunk/elk/MS-sentinel ...).
+2. Creating an adapter for the SIEM tool. Kubearmor-relay events could be accessed using its GRPC server ([ref code](https://github.com/kubearmor/kubearmor-client/tree/main/log)) and then the events could be streamed to the SIEM tool (splunk/elk/MS-sentinel ...). An example adaptor is [OpenTemetery-Adapater for KubeArmor](https://github.com/kubearmor/otel-adapter/), The OpenTelemetry KubeArmor receiver connects to KubeArmor-Relay and converts KubeArmor telemetry data to the OpenTelemetry format which in turn can be configured to connect to SIEM Tools like Splunk,Grafana etc. [Here's the tutorial](https://github.com/kubearmor/otel-adapter/blob/main/example/tutorials/tutorial.md) for the same.
 
 <img src="docs/kubearmor-event-stream-arch.png" width="512">
 

diff --git a/relay-server/Makefile b/relay-server/Makefile
@@ -45,12 +45,7 @@ endif
 gosec:
 ifeq (, $(shell which gosec))
 	@{ \
-	set -e ;\
-	GOSEC_TMP_DIR=$$(mktemp -d) ;\
-	cd $$GOSEC_TMP_DIR ;\
-	go mod init tmp ;\
-	go get -u github.com/securego/gosec/v2/cmd/gosec ;\
-	rm -rf $$GOSEC_TMP_DIR ;\
+	go install github.com/securego/gosec/v2/cmd/gosec@latest;\
 	}
 endif
-	cd $(CURDIR); gosec ./...
+	cd $(CURDIR); gosec -exclude=G402 ./...