Support

Support for business applications

Kaspersky Container Security

Working with clusters

Cluster resources

Kaspersky Container Security
Нет результатов
Online Help
FAQ Forum Contact support Recovery tools

Cluster resources

July 3, 2024

ID 255534

Kaspersky Container Security scans and displays objects included in the cluster and the links between them for all clusters with active Agents. The possible types of objects are presented in the table below.

Components of a cluster infrastructure

Component

Description

Node

Base unit of a cluster where pods with applications are run under the management of services.

In most cases, a node is a physical or virtual machine used for data processing.

A cluster normally includes multiple nodes. The following types of nodes are distinguished as follows:

  • The Master node is responsible for cluster management and providing API settings for the configuration and management of resources in the cluster.
  • A Worker node is used to run applications in containers and ensure compatibility between the applications within the cluster and outside of it. Worker nodes perform the actions started through the API on the master node.

An Agent is added for each node. This Agent manages the node and interacts with the master node of Kubernetes.

Pod

Object consisting of one or more containers of an application (for example, Docker or rkt) that is deployed and run in a runtime environment with shared namespaces and resources. Resources include the following:

  • Shared storage (volumes)
  • Network resources (unique IP address of the cluster)
  • Data on each container (container image version or used port numbers)

Service

Object determining the set of pods and the access policy for them. Interaction between services and pods occurs via intermediate objects known as entry points.

Services provide applications with the capability to exchange data with objects outside of the cluster.

Endpoints

Resource which contains the IP addresses and ports of one or more pods. A service contacts this object for communication with pods.

The following types of entry points are distinguished:

  • Internal IP address of the pod running in the runtime environment in the cluster. These entry points are created automatically and are the most common types used.
  • External IP address of an object residing outside the cluster (for example, an external web server or database).

Persistent volume

Allocated resource for storing cluster data.

Permanent storage helps prevent data loss issues in case there are problems with a pod, and allows data to be used by another pod.

Persistent volume claim

Mechanism for managing cluster data storage by dynamically allocating block drives with the necessary specifications and connecting them to pods.

The request parameters must include the storage volume and the type of access to this storage.

Ingress rules

Set of rules enabling external traffic to reach services within the cluster.

Ingress rules are set in the same namespace in which the services are deployed.

An active Ingress controller is required to route Ingress traffic.

Ingress controller

Resource for balancing traffic to applications in the cluster.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.