search
Home

Kubernetes Cluster Component Security

hashtag
Kubernetes Components

Reference: https://kubernetes.io/images/docs/components-of-kubernetes.svgarrow-up-right

hashtag
Control Plane Components

  • kube-apiserver -it is the front end for the Kubernetes control plane.

  • etcd - a consistent and highly-available key value store used as Kubernetes' backing store for all cluster data.

  • kube-scheduler - component that watches for newly created Pods with no assigned node, and selects a node for them to run on.

  • kube-controller-manager - component that runs controller processes (e.g. Node controller, Job controller, etc.)

  • cloud-controller-manager - component that embeds cloud-specific control logic. It only runs controllers that are specific to your cloud provider.

hashtag
Node Components

  • kubelet - an agent that runs on each node in the cluster. It makes sure that containers are running in a Pod.

  • kube-proxy - is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.

  • Container runtime - is responsible for managing the execution and lifecycle of containers within the Kubernetes environment.

circle-info

References:

hashtag
API Server

circle-info

References:

hashtag
Controller Manager

circle-info

References:

hashtag
Scheduler

circle-info

References:

hashtag
Kubelet

circle-info

References:

hashtag
Container Runtime

circle-info

References:

hashtag
KubeProxy

circle-info

References:

hashtag
Pod

circle-info

References:

hashtag
Etcd

circle-info

References:

hashtag
Container Networking

circle-info

References:

hashtag
Client Security

circle-info

References:

hashtag
Storage

circle-info

References:

PreviousOverview of Cloud Native SecurityNextKubernetes Security Fundamentals

Last updated