Views:
The following diagram shows the components in a cluster environment to illustrate the data flow and to explain how each component is used within the clusters.
k8s-cluster-customer-dataflow=15ce8387-7492-402b-8acc-0c6a5bf6f78e.png
The following tables provide brief descriptions of the components that make up Kubernetes clusters in Container Security.
Note
Note
Add ports to your firewall or network policy allow lists. This allows Container Security to post component information from clusters to the backend, like health checks and metrics, and to implement features that require communication among in-cluster components.

Default components

Component name
Description
Pod name
Container names
Ports
Usage Controller
Usage Controller regularly reports usage data which is used for Cloud One billing and for determining installed helm versions.
Important
Important
Usage Controller will be deprecated in Vision One.
trendmicro-usage-controller-xxxxxxxxxx-xxxxx
  • controller-manager
  • rbac-proxy
  • 8081
Admission Controller
Admission Controller is used to validate Kubernetes and to perform block or log actions based on deployment policy.
Important
Important
Admission Controller only works with registry:type artifacts.
trendmicro-admission-controller-xxxxxxxxxx-xxxxx
  • trendmicro-admission-controller
  • 443
  • 8443
  • 8083
Note
Note
Port 443 is used for outbound connections from in-cluster to the backend.
Oversight Controller
The Oversight Controller component repeatedly scans Kubernetes resources against continuous policy and handles isolation and termination actions. Used for continuous compliance policy enforcement.
trendmicro-oversight-controller-xxxxxxxxx-xxxxx
  • controller-manager
  • rbac-proxy
  • 8443
  • 8070
  • 8081
Workload Operator
The Workload Operator component detects unique, running container images for the runtime scanning feature and also collects Kubernetes resource data for the Inventory feature.
trendmicro-workload-operator-xxxxxxxxxx-xxxxx
  • trendmicro-workload-operator
 
Policy Operator
The Policy Operator manages the lifecycle of Container Security resources like clusters, policies, and custom rulesets. The Policy Operator also keeps these resources in sync with Vision One and handles authentication token rotation. Other Trend Micro components contact the Policy Operator to get the policy and to request to apply mitigations.
trendmicro-policy-operator-xxxxxxxxxx-xxxxx
  • trendmicro-policy-operator
  • 8070

Runtime security components

Component name
Description
Pod name
Container names
Ports
Scout
Scout provides a runtime security feature, controls runtime rules, and handles event aggregation and uploads. A deamonset is deployed per node.
trendmicro-scout-xxxxx
  • falco
  • scout
 
K8s-metacollector
The k8s-metacollector fetches the metadata from the API server for various Kubernetes resources and transmits the metadata to the in-cluster components, like Falco instances, to decrease the performance impact to Kubernetes API server.
trendmicro-metacollector-xxxxxxxxxx-xxxxx
  • k8s-metacollector
  • 45000
  • 8081
  • 8080
fargate-injector
The fargate-injector component injects scout and falco sidecar containers into a pod running in an EKS Fargate environment.
trendmicro-fargate-injector
  • trendmicro-fargate-injector
  • 443
  • 8443
Note
Note
Port 443 is used for outbound connections from in-cluster to the backend.

Vulnerability scanning components

Component name
Description
Pod name
Container names
Ports
Scan Manager
Scan Manager manages in-cluster vulnerability scans and starts Scan Jobs.
trendmicro-scan-manager-xxxxxxxx-xxxxx
  • scan-manager
  • 443
  • 8080
  • 8070
  • 8071
Note
Note
Port 443 is used for outbound connections from in-cluster to the backend.
Scan Job
Scan Job generates SBOMs for container images and reports to Scan Manager. This pod deploys in the target pod name-space.
Important
Important
We recommend allowing cross-namespace network communication between the IP address of the scan job pod and the IP address of the scan manager pod with port 8070.
trendmicro-scan-job-xxxxxxxxxx-xxxxx
  • scan-job
 

Malware scanning components

Component name
Description
Pod name
Container names
Ports
Malware scanner
Malware scanner provides an in-cluster malware scanning capability to analyze files.
trendmicro-malware-scanner-xxxxxxxxxx-xxxxx
  • malware-scanner
  • 50051