Overview
KubeArmor analyzes telemetry data to understand application behavior for container/node forensics. With thousands of nodes deployed (using Open Horizon), sending events streams to a centralized node is not a viable option.
To address the need, Open Horizon functionality was extended by deploying on each serviced edge node an AnyLog agent. The agent receives telemetry data from KubeArmor and hosts it locally (AnyLog appears on each edge node as a local service).
The AnyLog instances (hosting the data) form a decentralized network of nodes that adhere to a protocol that virtualizes edge data to be accessible as a unified and centralized data.
With this setup, KubeArmor users and applications are able to query the distributed data. This approach distributes each query to the edge nodes with relevant data and aggregates individual replies to form a unified reply equivalent to a reply from a cloud based database. A more detailed information on how AnyLog Operates is available with this link - AnyLog Value Proposition.
Users deploying AnyLog to manage the KubeArmor's event data are able to extract real time insight to their data, enable real-time alerts and monitoring and service the data to analysis and AI applications, all of that without cloud contracts and costs.
Deployment Architecture
Each AnyLog is instance is configured to pull data from one or more KubeArmor instances. Users have full discretion where to deploy the AnyLog instances - on the same physical node as KubeArmor or at a remote node.
To host the KubeArmor data, AnyLog is using a gRPC client connector to pull the data and host it locally on the AnyLog node. As each AnyLog node is a member of the AnyLog Network, the distributed data is available through the AnyLog Network services as if the data is centralized, The overall architecture is shown in the diagram below:
Using this architecture 2 AnyLog instances are hosting the KubeARmor event data.