Vues :
The following diagram shows the components in a cluster environment to illustrate the data flow and to explain how each component is used within the clusters.
k8s-cluster-customer-dataflow=15ce8387-7492-402b-8acc-0c6a5bf6f78e.png
The following tables provide brief descriptions of the components that make up Kubernetes clusters in Container Security.
Note
Note
Add ports to your firewall or network policy allowlists so that Container Security can access component information, like health checks and metrics, and implement features.

Default components

Component name
Description
Pod name
Container names
 Ports
Usage Controller
Usage Controller regularly reports usage data which is used for Cloud One billing and for determining installed helm versions.
Important
Important
Usage Controller will be deprecated in Vision One.
trendmicro-usage-controller-xxxxxxxxxx-xxxxx
  • controller-manager
  • rbac-proxy
  • 8081
Admission Controller
Admission Controller is used to validate Kubernetes and to perform block or log actions based on deployment policy.
Important
Important
Admission Controller only works with registry:type artifacts.
trendmicro-admission-controller-xxxxxxxxxx-xxxxx
  • trendmicro-admission-controller
  • 443
  • 8443
  • 8083
Oversight Controller
The Oversight Controller component repeatedly scans Kubernetes resources against continuous policy and handles isolation and termination actions. Used for continuous compliance policy enforcement.
trendmicro-oversight-controller-xxxxxxxxx-xxxxx
  • controller-manager
  • rbac-proxy
  • 8443
  • 8070
  • 8081
Workload Operator
The Workload Operator component detects unique, running container images for the runtime scanning feature and also collects Kubernetes resource data for the Inventory feature.
trendmicro-workload-operator-xxxxxxxxxx-xxxxx
  • trendmicro-workload-operator
  

Runtime security components

Component name
Description
Pod name
Container names
 Ports
Scout
Scout provides a runtime security feature, controls runtime rules, and handles event aggregation and uploads. A deamonset is deployed per node.
trendmicro-scout-xxxxx
  • falco
  • scout
  
K8s-metacollector
The k8s-metacollector fetches the metadata from the API server for various Kubernetes resources and transmits the metadata to the in-cluster components, like Falco instances, to decrease the performance impact to Kubernetes API server.
trendmicro-metacollector-xxxxxxxxxx-xxxxx
  • k8s-metacollector
  • 45000
  • 8081
  • 8080
fargate-injector
The fargate-injector component injects scout and falco sidecar containers into a pod running in an EKS Fargate environment.
trendmicro-fargate-injector
  • trendmicro-fargate-injector
  • 443
  • 8443

Vulnerability scanning components

Component name
Description
Pod name
Container names
 Ports
Scan Manager
Scan Manager manages in-cluster vulnerability scans and starts Scan Jobs.
trendmicro-scan-manager-xxxxxxxx-xxxxx
  • scan-manager
  • 443
  • 8080
  • 8070
  • 8071
Scan Job
Scan Job generates SBOMs for container images and reports to Scan Manager. This pod deploys in the target pod name-space.
Important
Important
We recommend allowing cross-namespace network communication between the IP address of the scan job pod and the IP address of the scan manager pod with port 8070.
trendmicro-scan-job-xxxxxxxxxx-xxxxx
  • scan-job
  

Malware scanning components

Component name
Description
Pod name
Container names
 Ports
Malware scanner
Malware scanner provides an in-cluster malware scanning capability to analyze files.
trendmicro-malware-scanner-xxxxxxxxxx-xxxxx
  • malware-scanner
  • 50051