Kaspersky Container Security
2.0
English
Working with clusters  >  Visualization of cluster resources  >  Cluster resources on a graph

Cluster resources on a graph

Kaspersky Container Security scans and displays the resources of the cluster and the links between them. This scan is performed for all clusters with active agents.

Cluster resources are entities or objects that are stored in the orchestrator and used to represent the status of the cluster. With their help, you can get information about running containerized applications, where they are started (nodes), and the resources available to them. Cluster objects also define strategies for managing running applications (for example, restarting or updating).

In the interface of Kaspersky Container Security, the highest-level object (parent object) is the cluster. It includes namespaces in which applications are started. Applications, in turn, include pods and other objects.

A cluster is a set of physical or virtual machines (nodes) that run containerized applications. The following types of nodes are distinguished in Kubernetes:

  • A master node implements API objects and is used to manage the cluster and its resources.
  • A worker node is used to run the workload. A cluster includes one or more worker nodes.

Kaspersky Container Security displays the cluster as a graph using the cluster icon (Cluster icon in Kubernetes).

Depending on the level of detail you want for the cluster resource display, Kaspersky Container Security displays the graph as a graph of namespaces or a graph of applications. The table below shows all objects that may be included in the cluster and are displayed on the graph.

Objects within the cluster

Object

Icon

Description

Namespace

Namespace icon on the graph

A mechanism for isolating resources within a cluster. A namespace includes various objects necessary for an individual workspace (for example, Deployment, Service).

Kaspersky Container Security can group namespaces on the graph and display such a group of objects with the number of entities in it indicated (for example, Namespace group icon on the graph.).

Pod

Pod icon on the graph.

An entity that includes one or more containers with shared network resources, as well as a set of rules for running containers included in the pod.

Application

Application icon on the graph.

A group of objects in the cluster that is conventionally considered as a single entity in Kaspersky Container Security.

The application is formed from the following objects:

  • Deployment → ReplicaSet → other objects (if any).
  • DaemonSet → other objects (if any).
  • ReplicaSet → other objects (if any).
  • StatefulSet → other objects (if any).

Individual pods do not form an application. They continue to function as part of a namespace and are displayed individually on the graph.

Deployment

Deployment object icon on the graph.

An object that includes a set of rules that describe pods and the running of applications in them, the number of pod replicas, and the order in which they are replaced if their characteristics change.

DaemonSet

DaemonSet object icon on the graph.

An object responsible for creating and running pods from the same image on all nodes of the cluster. In Kaspersky Container Security, a DaemonSet is used to deploy an agent (node-agent) on each node of the cluster to receive information and manage processes in pods.

Ingress

Ingress object icon on the graph.

An object that provides external access to services in the cluster, usually over HTTP and HTTPS.

ReplicaSet

ReplicaSet object icon on the graph.

An object that manages pod replication. ReplicaSet maintains a certain number of identical pods.

Secret

Secret object icon on the graph.

An object for storing sensitive data (for example, a password, token, or key). Secret helps avoid storing such data in the application code.

The Secret is created separately from the pods that use such objects to store sensitive data. This reduces the risk of secrets being revealed when creating, viewing, or editing pods.

Service

Service object icon on the graph.

An object describing the network capabilities of applications in pods. Service combines pods into logical groups, forwards traffic to them, and balances the load among them.

Endpoints

Endpoint object icon on the graph.

A list of network endpoints that the Service object queries to determine which pods to direct traffic to.

StatefulSet

StatefulSet object icon on the graph.

A workload object used for managing applications by keeping track of and saving their state.

StatefulSet is used in applications that need:

  • Persistent unique network IDs
  • Persistent storage volumes
  • Consistent deployment and scaling
  • Consistent automatic update of resources

ConfigMap

Configmap object icon on the graph.

An object for storing non-sensitive data in key-value pairs. ConfigMap is used in pods as an environment variable, command line argument, or configuration file within a volume.

Using ConfigMap lets you separate environment-specific configuration settings from images in a container for better portability of your applications.

Persistent volume (PV)

Persistent volume object icon on the graph.

A dedicated persistent resource (volume) for storing pod data in the cluster. PV is independent of pods, stores information contained in it and, when implementing multiple access, allows other pods to use this information.

Persistent volume claim (PVC)

Persistent volume claim object icon on the graph.

A user-generated request to store data with persistent volume (PV) requirements. For example, a PVC can specify the size of the persistent volume required and the mode of access to data in it (for example, single read access or multiple read/write access).

Article ID: 273534, Last review: Dec 5, 2024
Page top