Outcold Solutions LLC

Monitoring Docker - Version 5

Security

Collector

Image

Started from version 5.2 we build our docker.io image from scratch (0 size image). Collector image contains a binary (collector), the set of root certificates and timezone database. Our collector is a statically compiled binary. We use a Go language to produce this binary. We do not use dynamic runtime. Our binary only can do what we programmed it to do.

Alternatively we provide a certified image hosted on RedHat registry. This image is based on RHEL image. We keep it up to date and track vulnerabilities in the base image.

Container configuration

With the default configuration we ask read-only access to the system. Including host paths for docker runtime, proc filesystem, cgroup filesystem. We require read-only access to the API service and limit it with RBAC to be able only to read data from API Server. We require write access only to the place where we write acknowledgement information.

Using secrets to manage configurations

Please follow our instructions to learn how to use secrets to manage Token and License Key.

Internet access

Default license requires internet access for the license verification. We can offer a license, that does not require internet access.

Collector forwards telemetry to our license server. You can turn off telemetry with our configuration.

Connection to Splunk HTTP Event Collector

We recommend to use SSL for connection to Splunk HEC. Please follow our manual on how to configure secure SSL connection between the collector and Splunk HEC.


About Outcold Solutions

Outcold Solutions provides solutions for monitoring Kubernetes, OpenShift and Docker clusters in Splunk Enterprise and Splunk Cloud. We offer certified Splunk applications, which give you insights across all containers environments. We are helping businesses reduce complexity related to logging and monitoring by providing easy-to-use and deploy solutions for Linux and Windows containers. We deliver applications, which help developers monitor their applications and operators to keep their clusters healthy. With the power of Splunk Enterprise and Splunk Cloud, we offer one solution to help you keep all the metrics and logs in one place, allowing you to quickly address complex questions on container performance.