Cluster resources on a graph

Namespace

A mechanism for isolating resources within a cluster. A namespace includes various objects necessary for an individual workspace (for example, Deployment, Service).

Kaspersky Container Security can group namespaces on the graph and display such a group of objects with the number of entities in it indicated (for example, ).

Pod

An entity that includes one or more containers with shared network resources, as well as a set of rules for running containers included in the pod.

Application

A group of objects in the cluster that is conventionally considered as a single entity in Kaspersky Container Security.

The application is formed from the following objects:

• Deployment → ReplicaSet → other objects (if any).
• DaemonSet → other objects (if any).
• ReplicaSet → other objects (if any).
• StatefulSet → other objects (if any).

Individual pods do not form an application. They continue to function as part of a namespace and are displayed individually on the graph.

Deployment

An object that includes a set of rules that describe pods and the running of applications in them, the number of pod replicas, and the order in which they are replaced if their characteristics change.

DaemonSet

An object responsible for creating and running pods from the same image on all nodes of the cluster. In Kaspersky Container Security, a DaemonSet is used to deploy an agent (node-agent) on each node of the cluster to receive information and manage processes in pods.

Ingress

An object that provides external access to services in the cluster, usually over HTTP and HTTPS.

ReplicaSet

An object that manages pod replication. ReplicaSet maintains a certain number of identical pods.

Secret

An object for storing sensitive data (for example, a password, token, or key). Secret helps avoid storing such data in the application code.

The Secret is created separately from the pods that use such objects to store sensitive data. This reduces the risk of secrets being revealed when creating, viewing, or editing pods.

Service

An object describing the network capabilities of applications in pods. Service combines pods into logical groups, forwards traffic to them, and balances the load among them.

Endpoints

A list of network endpoints that the Service object queries to determine which pods to direct traffic to.

StatefulSet

A workload object used for managing applications by keeping track of and saving their state.

StatefulSet is used in applications that need:

• Persistent unique network IDs
• Persistent storage volumes
• Consistent deployment and scaling
• Consistent automatic update of resources

ConfigMap

An object for storing non-sensitive data in key-value pairs. ConfigMap is used in pods as an environment variable, command line argument, or configuration file within a volume.

Using ConfigMap lets you separate environment-specific configuration settings from images in a container for better portability of your applications.

Persistent volume (PV)

A dedicated persistent resource (volume) for storing pod data in the cluster. PV is independent of pods, stores information contained in it and, when implementing multiple access, allows other pods to use this information.

Persistent volume claim (PVC)

A user-generated request to store data with persistent volume (PV) requirements. For example, a PVC can specify the size of the persistent volume required and the mode of access to data in it (for example, single read access or multiple read/write access).