The cbcontainers-operator is a set of controllers that deploy and manage the Carbon Black Container components. It is deployed as a Kubernetes Deployment and typically has only one pod.

manager

The manager is the main container within the cbcontainers-operator component. It acts as a Kubernetes Custom Resource Controller and it monitors instances of any object type from the cbcontainersagents.operator.containers.carbonblack.io API group. It provisions other Carbon Black Agent components through a CRD object. It requires a connection to the API server and it does not have any open ports.

Image cbartifactory/octarine-operator
Opened ports None
Connects to Kubernetes services kubernetes.default.svc (Kubernetes API server)
Connects to backend defense-prod05.conferdeploy.net:443
NO_PROXY requirements The Kubernetes API server IP addresses (resolved from kubernetes.default.svcwithin the cluster)
Requested resources CPU- 100m, Memory - 64Mi
Resource limits CPU- 500m, Memory - 256Mi
Replica count (min & def) Min- 1, Default - 1
Horizontal Scaling Not required
Tolerances

node.kubernetes.io/memory-pressure:NoSchedule op=Exists

node.kubernetes.io/not-ready:NoExecute op=Exists for 300s

node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Is privileged No

kube-rbac-proxy

The kube-rbac-proxy container acts as a sidecar to the operator’s manager container. Its purpose is to protect the manager from malicious attacks. It protects the operator’s metrics endpoint by requiring callers to have the metrics-reader ClusterRole assigned.

Image cbartifactory/kube-rbac-proxy
Opened ports 8443/TCP
Connects to Kubernetes services kubernetes.default.svc (Kubernetes API server)
Connects to backend No
NO_PROXY requirements The Kubernetes API server IP addresses (resolved from kubernetes.default.svcwithin the cluster)
Requested resources CPU- 20m, Memory - 64Mi
Resource limits CPU- 500m, Memory - 128Mi
Replica count (min & def) Min- 1, Default - 1
Horizontal Scaling Not required
Tolerances

node.kubernetes.io/memory-pressure:NoSchedule op=Exists

node.kubernetes.io/not-ready:NoExecute op=Exists for 300s

node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Is privileged No