A company is running an application on Amazon Elastic Kubernetes Service (Amazon EKS).

Comprehensive and Detailed Explanation From Exact Extract of DevOps Engineer documents only:

The requirement is to log and analyze Kubernetes control plane activity, including API requests, and to monitor container performance on the worker nodes with the least operational overhead.

Option B is correct because:

Amazon EKS control plane logging can send control plane logs, including API server logs, to Amazon CloudWatch.

CloudWatch Container Insights provides monitoring and performance visibility for containers, pods, nodes, and clusters.

CloudWatch Logs Insights can be used to query and analyze both control plane and node-related logs.

This is the most managed and lowest-overhead solution among the options.

Why the other options are incorrect:

A. CloudTrail is not the primary solution for Kubernetes control plane logs such as API server logs, and deploying Logstash increases operational overhead significantly.

C. Sending logs to Amazon S3 and analyzing them with Athena and QuickSight is more operationally complex and less direct than using native CloudWatch integrations.

D. AWS Distro for OpenTelemetry with Firehose and Redshift adds substantial complexity and operational overhead compared to native EKS and CloudWatch capabilities.