The cbcontainers-operator
is a set of controllers that deploy and manage the Carbon Black Container components. It is deployed as a Kubernetes Deployment and typically has only one pod.
manager
The manager is the main container within the cbcontainers-operator
component. It acts as a Kubernetes Custom Resource Controller and it monitors instances of any object type from the cbcontainersagents.operator.containers.carbonblack.io
API group. It provisions other Carbon Black Agent components through a CRD object. It requires a connection to the API server and it does not have any open ports.
Image | cbartifactory/octarine-operator |
Opened ports | None |
Connects to Kubernetes services | kubernetes.default.svc (Kubernetes API server) |
Connects to backend | defense-prod05.conferdeploy.net:443 |
NO_PROXY requirements | The Kubernetes API server IP addresses (resolved from kubernetes.default.svc within the cluster) |
Requested resources | CPU- 100m, Memory - 64Mi |
Resource limits | CPU- 500m, Memory - 256Mi |
Replica count (min & def) | Min- 1, Default - 1 |
Horizontal Scaling | Not required |
Tolerances |
|
Is privileged | No |
kube-rbac-proxy
The kube-rbac-proxy
container acts as a sidecar to the operator’s manager container. Its purpose is to protect the manager from malicious attacks. It protects the operator’s metrics endpoint by requiring callers to have the metrics-reader ClusterRole assigned.
Image | cbartifactory/kube-rbac-proxy |
Opened ports | 8443/TCP |
Connects to Kubernetes services | kubernetes.default.svc (Kubernetes API server) |
Connects to backend | No |
NO_PROXY requirements | The Kubernetes API server IP addresses (resolved from kubernetes.default.svc within the cluster) |
Requested resources | CPU- 20m, Memory - 64Mi |
Resource limits | CPU- 500m, Memory - 128Mi |
Replica count (min & def) | Min- 1, Default - 1 |
Horizontal Scaling | Not required |
Tolerances |
|
Is privileged | No |