Kubernetes cluster components descriptions

The following tables provide brief descriptions of the components that make up Kubernetes clusters in Container Security.

Note

Add ports to your firewall or network policy allowlists so that Container Security can access component information, like health checks and metrics, and implement features.

Default components

Component name

Description

Pod name

Container names

Ports

Usage Controller

Usage Controller regularly reports usage data which is used for Cloud One billing and for determining installed helm versions.

Important

Usage Controller will be deprecated in Vision One.

trendmicro-usage-controller-xxxxxxxxxx-xxxxx

controller-manager
rbac-proxy

8081

Admission Controller

Admission Controller is used to validate Kubernetes and to perform block or log actions based on deployment policy.

Important

Admission Controller only works with registry:type artifacts.

trendmicro-admission-controller-xxxxxxxxxx-xxxxx

trendmicro-admission-controller

443
8443
8083

Oversight Controller

The Oversight Controller component repeatedly scans Kubernetes resources against continuous policy and handles isolation and termination actions. Used for continuous compliance policy enforcement.

trendmicro-oversight-controller-xxxxxxxxx-xxxxx

controller-manager
rbac-proxy

8443
8070
8081

Workload Operator

The Workload Operator component detects unique, running container images for the runtime scanning feature and also collects Kubernetes resource data for the Inventory feature.

trendmicro-workload-operator-xxxxxxxxxx-xxxxx

trendmicro-workload-operator

Runtime security components

Component name	Description	Pod name	Container names	Ports
Scout	Scout provides a runtime security feature, controls runtime rules, and handles event aggregation and uploads. A deamonset is deployed per node.	trendmicro-scout-xxxxx	falco scout
K8s-metacollector	The k8s-metacollector fetches the metadata from the API server for various Kubernetes resources and transmits the metadata to the in-cluster components, like Falco instances, to decrease the performance impact to Kubernetes API server.	trendmicro-metacollector-xxxxxxxxxx-xxxxx	k8s-metacollector	45000 8081 8080
fargate-injector	The fargate-injector component injects scout and falco sidecar containers into a pod running in an EKS Fargate environment.	trendmicro-fargate-injector	`trendmicro-fargate-injector`	443 8443

Vulnerability scanning components

Component name

Description

Pod name

Container names

Ports

Scan Manager

Scan Manager manages in-cluster vulnerability scans and starts Scan Jobs.

trendmicro-scan-manager-xxxxxxxx-xxxxx

scan-manager

443
8080
8070
8071

Scan Job

Scan Job generates SBOMs for container images and reports to Scan Manager. This pod deploys in the target pod name-space.

Important

We recommend allowing cross-namespace network communication between the IP address of the scan job pod and the IP address of the scan manager pod with port 8070.

trendmicro-scan-job-xxxxxxxxxx-xxxxx

scan-job

Malware scanning components

Component name	Description	Pod name	Container names	Ports
Malware scanner	Malware scanner provides an in-cluster malware scanning capability to analyze files.	trendmicro-malware-scanner-xxxxxxxxxx-xxxxx	malware-scanner	50051