In this article, you will find out how to configure your Kubernetes cluster to record and collect DNS data from your cluster network and have it sent to Lumu to be analyzed, improving the monitoring & response capabilities of your organization.
1. Log in to your Lumu account through the Lumu Portal and navigate to the Integrations screen. Locate the Kubernetes integration in the Available Apps area and click add.
2. Familiarize yourself with the integration details available in the app description and click the activate button to create the integration.
3, Once the integration is created you will be able to see your company uuid and your integration uuid.
The deployment of the integration is divided into several Kubernetes object components defined in several manifests in .yaml format. These files can be downloaded from the following repository. Keep in mind that some values included in these files must be replaced with your company's own data. Please remember that you can always contact us for support should you encounter any difficulties during the customization process.
In the following steps, use the command terminal to run the indicated commands and using the editor of your choice to modify the files' content as needed, replace the example values with your own. The following objects will be created as a result:
1. Select and/or create the folder where the manifests will be downloaded from the repository.
$ mkdir ~/lumu-k8s-ootb$ cd ~/lumu-k8s-ootb2. Clone the Repository
$ git clone https://bitbucket.org/lumuio/kubernetes-feeds.gitEdit the file kubernetes-feeds/manifests/05-lumu-sender-configmap.yaml, and enter the values provided by the Lumu Portal after creating the integration, namely your company uuid and integration uuid.
apiVersion: v1
kind: ConfigMap
metadata:
name: lumu-sender-configmap
namespace: lumu
data:
INPUT_PORT: "7412"
LUMU_COMPANY_ID: <Company UUID>
LUMU_INTEGRATION_ID: <Integration UUID>
... < Omitted lines > ...3. Apply the manifests to the cluster by running the following command.
$ cd kubernetes-feeds/manifests$ kubectl apply -f ./
- This command will display the following output in the terminal.
namespace/lumu createdserviceaccount/lumu-service-account created
clusterrole.rbac.authorization.k8s.io/lumu-cluster-role created
clusterrolebinding.rbac.authorization.k8s.io/lumu-cluster-role-binding created
configmap/lumu-sender-configmap created
deployment.apps/lumu-sender-deployment created
service/lumu-sender-service created
configmap/lumu-receiver-configmap created
deployment.apps/lumu-receiver-deployment created
service/lumu-receiver-service created
- This will download the images from the public DockerHub repository. This process should take a few seconds to complete; however, this may vary depending on the speed of the cluster's internet connection. You can check the status of the deployment with the following command
$ kubectl -n lumu rollout status deployments
- And the output obtained should be similar to the one shown below
Waiting for deployment "lumu-receiver-deployment" rollout to finish: 0 of 1 updated replicas are available...deployment "lumu-receiver-deployment" successfully rolled out
deployment "lumu-sender-deployment" successfully rolled out
4. In the lumu-sender-service logs, you should see something similar to this:
[INFO ] 2022-12-19 20:34:16.462 [[upload]-pipeline-manager] javapipeline - Starting pipeline {:pipeline_id=>"upload", "pipeline.workers"=>16, "pipeline.batch.size"=>50, "pipeline.batch.delay"=>2000, "pipeline.max_inflight"=>800, "pipeline.sources"=>["/usr/share/logstash/pipeline/upload.cfg"], :thread=>"#<Thread:0x61d71ef5 run>"}[INFO ] 2022-12-19 20:34:18.155 [[upload]-pipeline-manager] javapipeline - Pipeline Java execution initialization time {"seconds"=>1.69}
[INFO ] 2022-12-19 20:34:18.230 [[upload]-pipeline-manager] tcp - Automatically switching from json to json_lines codec {:plugin=>"tcp"}
[INFO ] 2022-12-19 20:34:18.440 [[upload]-pipeline-manager] javapipeline - Pipeline started {"pipeline.id"=>"upload"}
[INFO ] 2022-12-19 20:34:18.451 [[upload]<tcp] tcp - Starting tcp input listener {:address=>"0.0.0.0:7412", :ssl_enable=>false}
[INFO ] 2022-12-19 20:34:18.593 [Agent thread] agent - Pipelines running {:count=>1, :running_pipelines=>[:upload], :non_running_pipelines=>[]}
- In the lumu-receiver-service logs you should see something similar to the following:
2023-01-16T20:41:54,870 INFO [output.py:9] Connection with lumu-sender-service established5. After your deployment has started correctly, you must configure CoreDNS to forward DNS data to the receiver.
- First, you must know the IP address of lumu-receiver-service:
kubectl -n lumu get servicesNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
lumu-receiver-service ClusterIP 10.100.108.8 <none> 6000/TCP 25s
lumu-sender-service ClusterIP 10.97.214.136 <none> 7412/TCP 25s
- You should set the IP address of umu-receiver-service in the service definition manifest so that it remains stable.
6. Knowing the IP address of lumu-receiver-service, run the following command:
kubectl -n kube-system edit cm coredns7. Enter the configuration line seen below using the proper IP address:
apiVersion: v1data:Corefile: |.:53 {dnstap tcp://10.100.108.8:6000 fullerrorshealth {lameduck 5s}readyPlease be careful: your cluster may become unstable if this configuration fails.8. After editing the configuration, you’ll need to restart the CoreDNS service using the following command:
kubectl -n kube-system rollout restart deployment coredns
- After the restart you should see the following in the lumu-receiver-service logs:
2023-01-16T20:44:07,561 INFO [input.py:18] Data is being received!
(Before performing any changes, please be sure that you have the necessary tools and permissions to make changes on the cluster)
If the integration has been deployed before May 30, 2023, you must perform the following steps:
1. If you deployed our integration without changing any parameters in the deployment specification, you can apply the changes directly from our public repository.
kubectl apply -f https://bitbucket.org/lumuio/kubernetes-feeds/raw/b51e7cc141665a9b4d1ebc4106586481c5af36a1/manifests/09-lumu-receiver-deployment.yamlIf not, please download the new manifest definition file, make all changes that you need and finally apply.
2. You can see the result of the operation with the command.
kubectl -n lumu rollout status deployment lumu-receiver-deployment3. Once this new manifest is applied, updates to the latest available stable version will be done with the new update method.
1. Restart the current deployment
kubectl -n lumu rollout restart deployment lumu-receiver-deployment2. You can see the result of the operation with the command.
kubectl -n lumu rollout status deployment lumu-receiver-deployment