Scanning Engine v2 - Module - Kubernetes¶
Overview¶
Kubernetes (https://en.wikipedia.org/wiki/Kubernetes) is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by a worldwide community of contributors, and the trademark is held by the Cloud Native Computing Foundation.
Upon connection to a Kubernetes service, this module attempts to dump the cluster's version, pods, secrets and config information.
Targeting¶
This module targets TCP ports by IP address or hostname.
Configuration¶
Only the publicly-available configuration keys that can be set in a job's module invocations will be described below. Additional configuration keys may exist, but not be shown here because they are restricted to specific users or because they are permanently set as a static value. If no keys have (required) after their names then invocations of this module need not contain a config key.
Named Keys¶
debug¶
Run module with a debugging configuration.
- Type: boolean
full-mode¶
Enable extraction of information from config maps and secrets.
- Type: boolean
read-timeout¶
Maximum time to wait for response, in seconds.
- Type: integer
- Default:
5
tls¶
Connect using SSL/TLS.
- Type: boolean
Schemas¶
The schema for the body object of all results generated with .task.module_name equal to kubernetes can be found here. The schema for results is available both in standalone and bundled form.
Examples¶
These are examples of the .body object for results with .task.module_name equal to kubernetes.
Docker¶
This example was generated with the Minikube v1.34.0 and Kubernetes v1.31.0 running using the docker driver.
{
"ssl": true,
"connected": true,
"auth_required": false,
"build": {
"major": "1",
"minor": "31",
"gitVersion": "v1.31.0",
"gitCommit": "9edcffcde5595e8a5b1a35f88c421764e575afce",
"buildDate": "2024-08-13T07:28:49Z",
"goVersion": "go1.22.5",
"compiler": "gc",
"platform": "linux/arm64"
},
"version": "1.31",
"pods": [
{
"metadata": {
"name": "etcd-minikube",
"namespace": "kube-system",
"uid": "2066bd7e-665a-4518-b849-55127f42c7e4",
"resourceVersion": "367",
"creationTimestamp": "2024-10-17T17:54:36Z",
"labels": {
"component": "etcd",
"tier": "control-plane"
},
"annotations": {
"kubeadm.kubernetes.io/etcd.advertise-client-urls": "https://192.168.49.2:2379",
"kubernetes.io/config.hash": "a5363f4f31e043bdae3c93aca4991903",
"kubernetes.io/config.mirror": "a5363f4f31e043bdae3c93aca4991903",
"kubernetes.io/config.seen": "2024-10-17T17:54:33.759910421Z",
"kubernetes.io/config.source": "file"
},
"ownerReferences": [
{
"apiVersion": "v1",
"kind": "Node",
"name": "minikube",
"uid": "fd655b2b-b83b-4f35-9fe8-ecd34f8977db",
"controller": true
}
],
"managedFields": [
{
"manager": "kubelet",
"operation": "Update",
"apiVersion": "v1",
"time": "2024-10-17T17:54:52Z",
"fieldsType": "FieldsV1",
"fieldsV1": {
"f:status": {
"f:conditions": {
".": {},
"k:{\"type\":\"ContainersReady\"}": {
".": {},
"f:lastProbeTime": {},
"f:lastTransitionTime": {},
"f:status": {},
"f:type": {}
},
"k:{\"type\":\"Initialized\"}": {
".": {},
"f:lastProbeTime": {},
"f:lastTransitionTime": {},
"f:status": {},
"f:type": {}
},
"k:{\"type\":\"PodReadyToStartContainers\"}": {
".": {},
"f:lastProbeTime": {},
"f:lastTransitionTime": {},
"f:status": {},
"f:type": {}
},
"k:{\"type\":\"PodScheduled\"}": {
".": {},
"f:lastProbeTime": {},
"f:lastTransitionTime": {},
"f:status": {},
"f:type": {}
},
"k:{\"type\":\"Ready\"}": {
".": {},
"f:lastProbeTime": {},
"f:lastTransitionTime": {},
"f:status": {},
"f:type": {}
}
},
"f:containerStatuses": {},
"f:hostIP": {},
"f:hostIPs": {},
"f:phase": {},
"f:podIP": {},
"f:podIPs": {
".": {},
"k:{\"ip\":\"192.168.49.2\"}": {
".": {},
"f:ip": {}
}
},
"f:startTime": {}
}
},
"subresource": "status"
}
]
},
"spec": {
"volumes": [
{
"name": "etcd-certs",
"hostPath": {
"path": "/var/lib/minikube/certs/etcd",
"type": "DirectoryOrCreate"
}
},
{
"name": "etcd-data",
"hostPath": {
"path": "/var/lib/minikube/etcd",
"type": "DirectoryOrCreate"
}
}
],
"containers": [
{
"name": "etcd",
"image": "registry.k8s.io/etcd:3.5.15-0",
"command": [
"etcd",
"--advertise-client-urls=https://192.168.49.2:2379",
"--cert-file=/var/lib/minikube/certs/etcd/server.crt",
"--client-cert-auth=true",
"--data-dir=/var/lib/minikube/etcd",
"--experimental-initial-corrupt-check=true",
"--experimental-watch-progress-notify-interval=5s",
"--initial-advertise-peer-urls=https://192.168.49.2:2380",
"--initial-cluster=minikube=https://192.168.49.2:2380",
"--key-file=/var/lib/minikube/certs/etcd/server.key",
"--listen-client-urls=https://127.0.0.1:2379,https://192.168.49.2:2379",
"--listen-metrics-urls=http://127.0.0.1:2381",
"--listen-peer-urls=https://192.168.49.2:2380",
"--name=minikube",
"--peer-cert-file=/var/lib/minikube/certs/etcd/peer.crt",
"--peer-client-cert-auth=true",
"--peer-key-file=/var/lib/minikube/certs/etcd/peer.key",
"--peer-trusted-ca-file=/var/lib/minikube/certs/etcd/ca.crt",
"--proxy-refresh-interval=70000",
"--snapshot-count=10000",
"--trusted-ca-file=/var/lib/minikube/certs/etcd/ca.crt"
],
"resources": {
"requests": {
"cpu": "100m",
"memory": "100Mi"
}
},
"volumeMounts": [
{
"name": "etcd-data",
"mountPath": "/var/lib/minikube/etcd"
},
{
"name": "etcd-certs",
"mountPath": "/var/lib/minikube/certs/etcd"
}
],
"livenessProbe": {
"httpGet": {
"path": "/livez",
"port": 2381,
"host": "127.0.0.1",
"scheme": "HTTP"
},
"initialDelaySeconds": 10,
"timeoutSeconds": 15,
"periodSeconds": 10,
"successThreshold": 1,
"failureThreshold": 8
},
"readinessProbe": {
"httpGet": {
"path": "/readyz",
"port": 2381,
"host": "127.0.0.1",
"scheme": "HTTP"
},
"timeoutSeconds": 15,
"periodSeconds": 1,
"successThreshold": 1,
"failureThreshold": 3
},
"startupProbe": {
"httpGet": {
"path": "/readyz",
"port": 2381,
"host": "127.0.0.1",
"scheme": "HTTP"
},
"initialDelaySeconds": 10,
"timeoutSeconds": 15,
"periodSeconds": 10,
"successThreshold": 1,
"failureThreshold": 24
},
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"imagePullPolicy": "IfNotPresent"
}
],
"restartPolicy": "Always",
"terminationGracePeriodSeconds": 30,
"dnsPolicy": "ClusterFirst",
"nodeName": "minikube",
"hostNetwork": true,
"securityContext": {
"seccompProfile": {
"type": "RuntimeDefault"
}
},
"schedulerName": "default-scheduler",
"tolerations": [
{
"operator": "Exists",
"effect": "NoExecute"
}
],
"priorityClassName": "system-node-critical",
"priority": 2000001000,
"enableServiceLinks": true,
"preemptionPolicy": "PreemptLowerPriority"
},
"status": {
"phase": "Running",
"conditions": [
{
"type": "PodReadyToStartContainers",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2024-10-17T17:54:37Z"
},
{
"type": "Initialized",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2024-10-17T17:54:37Z"
},
{
"type": "Ready",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2024-10-17T17:54:52Z"
},
{
"type": "ContainersReady",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2024-10-17T17:54:52Z"
},
{
"type": "PodScheduled",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2024-10-17T17:54:37Z"
}
],
"hostIP": "192.168.49.2",
"hostIPs": [
{
"ip": "192.168.49.2"
}
],
"podIP": "192.168.49.2",
"podIPs": [
{
"ip": "192.168.49.2"
}
],
"startTime": "2024-10-17T17:54:37Z",
"containerStatuses": [
{
"name": "etcd",
"state": {
"running": {
"startedAt": "2024-10-17T17:54:34Z"
}
},
"lastState": {},
"ready": true,
"restartCount": 0,
"image": "registry.k8s.io/etcd:3.5.15-0",
"imageID": "docker-pullable://registry.k8s.io/etcd@sha256:a6dc63e6e8cfa0307d7851762fa6b629afb18f28d8aa3fab5a6e91b4af60026a",
"containerID": "docker://3d889bff4ad2758eb40d55db7ffd6887e1f9af2b3018a3b8d07b1f499e62bfee",
"started": true
}
],
"qosClass": "Burstable"
}
}
]
}
Live Host¶
This example was generated with a live host on the internet.
{
"ssl": true,
"connected": true,
"auth_required": true,
"build": {
"major": "1",
"minor": "28+",
"gitVersion": "v1.28.13-eks-a737599",
"gitCommit": "9183cd02caedacf6a14583843262d53d6244fc4a",
"buildDate": "2024-08-26T21:27:49Z",
"goVersion": "go1.22.5",
"compiler": "gc",
"platform": "linux/amd64"
},
"version": "1.28+"
}
Changelog¶
- 2025-05-05: Initial release of versioning to each module. All modules are tagged with a version number "1.0.0". Going forward:
- Major version should be changed when there are changes that impact consumers or clients of the modules
- Minor version should be changed when there are additions which enrich or enhance the module but shouldn’t affect consumers or clients
- Patch version should be changed when there are bugfixes