Runtime protection enables the use of policy rules to help secure deployed workloads. The cbcontainers-runtime-resolver component is responsible for the enrichment of network events together with their Kubernetes context and sending the events to the Carbon Black Cloud backend.
The cbcontainers-runtime-resolver component receives network events from the cbcontainers-runtime container within the cbcontainers-node-agent DaemonSet pods using inbound gRPC connections. The events have their Kubernetes context attached and are then batched together and sent via gRPC to the Carbon Black Cloud backend.
The Kubernetes information is taken from the API server by using standard Kubernetes in-cluster authentication and communication with the API server. List and watch operations are used with the API server; however, the information is cached locally in the cbcontainers-runtime-resolver to avoid unnecessary network traffic and improve response times.
| Image | cbartifactory/runtime-kubernetes-resolver |
| Opened ports | 8080/TCP |
| Connects to Kubernetes services | kubernetes.default.svc (Kubernetes API server) |
| Connects to backend | runtime.events.containers.carbonblack.io:443(gRPC)
|
| NO_PROXY requirements | The Kubernetes API server IP addresses (resolved from kubernetes.default.svc within the cluster) |
| Requested resources | CPU- 200m, Memory - 64Mi |
| Resource limits | CPU- 900m, Memory - 1Gi |
| Replica count (min & def) | Min- 1, Default - 1 |
| Horizontal Scaling | By default,
Where |
| Tolerances |
|
| Is privileged | No |
