This is the service that will receive all the events from the agents installed in the cluster containers and forward them to the external DOC EXPLOIT system.
For security and performance reasons, it is recommended to install one API per cluster, so that events will travel within the cluster safely and efficiently. The API is designed to receive messages from events produced by one or more agents, these agents can be found in different namespaces within the cluster.
The DOCair team strongly recommends keeping the DOCair API in its own namespace, which by recommendation will be labeled as “docair-client”.
It is recommended to keep the pods of the application/service to be monitored in another namespace (production, development, test, client-app…) while the DOCair API remains in its own namespace (docair-client).
In order to perform the necessary actions within the cluster, the DOCair API will need to be able to communicate with the Kubernetes API on the cluster. The required roles will be discussed in detail in the installation process.
The following figure shows a summary representation of the entire architecture as discussed.
