Scanning Engine v2 - Module - Kubernetes¶
Overview¶
Kubernetes (https://en.wikipedia.org/wiki/Kubernetes) is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by a worldwide community of contributors, and the trademark is held by the Cloud Native Computing Foundation.
Upon connection to a Kubernetes service, this module attempts to dump the cluster's version, pods, secrets and config information.
Targeting¶
This module targets TCP ports by IP address or hostname.
Schemas¶
The schema for the body object of all results generated with .task.module_name equal to kubernetes can be found here. The schema for results is available both in standalone and bundled form.
Examples¶
These are examples of the .body object for results with .task.module_name equal to kubernetes.
Docker¶
This example was generated with the Minikube v1.34.0 and Kubernetes v1.31.0 running using the docker driver.
{
"ssl": true,
"connected": true,
"auth_required": false,
"build": {
"major": "1",
"minor": "31",
"gitVersion": "v1.31.0",
"gitCommit": "9edcffcde5595e8a5b1a35f88c421764e575afce",
"buildDate": "2024-08-13T07:28:49Z",
"goVersion": "go1.22.5",
"compiler": "gc",
"platform": "linux/arm64"
},
"version": "1.31",
"pods": [
{
"metadata": {
"name": "etcd-minikube",
"namespace": "kube-system",
"uid": "2066bd7e-665a-4518-b849-55127f42c7e4",
"resourceVersion": "367",
"creationTimestamp": "2024-10-17T17:54:36Z",
"labels": {
"component": "etcd",
"tier": "control-plane"
},
"annotations": {
"kubeadm.kubernetes.io/etcd.advertise-client-urls": "https://192.168.49.2:2379",
"kubernetes.io/config.hash": "a5363f4f31e043bdae3c93aca4991903",
"kubernetes.io/config.mirror": "a5363f4f31e043bdae3c93aca4991903",
"kubernetes.io/config.seen": "2024-10-17T17:54:33.759910421Z",
"kubernetes.io/config.source": "file"
},
"ownerReferences": [
{
"apiVersion": "v1",
"kind": "Node",
"name": "minikube",
"uid": "fd655b2b-b83b-4f35-9fe8-ecd34f8977db",
"controller": true
}
],
"managedFields": [
{
"manager": "kubelet",
"operation": "Update",
"apiVersion": "v1",
"time": "2024-10-17T17:54:52Z",
"fieldsType": "FieldsV1",
"fieldsV1": {
"f:status": {
"f:conditions": {
".": {},
"k:{\"type\":\"ContainersReady\"}": {
".": {},
"f:lastProbeTime": {},
"f:lastTransitionTime": {},
"f:status": {},
"f:type": {}
},
"k:{\"type\":\"Initialized\"}": {
".": {},
"f:lastProbeTime": {},
"f:lastTransitionTime": {},
"f:status": {},
"f:type": {}
},
"k:{\"type\":\"PodReadyToStartContainers\"}": {
".": {},
"f:lastProbeTime": {},
"f:lastTransitionTime": {},
"f:status": {},
"f:type": {}
},
"k:{\"type\":\"PodScheduled\"}": {
".": {},
"f:lastProbeTime": {},
"f:lastTransitionTime": {},
"f:status": {},
"f:type": {}
},
"k:{\"type\":\"Ready\"}": {
".": {},
"f:lastProbeTime": {},
"f:lastTransitionTime": {},
"f:status": {},
"f:type": {}
}
},
"f:containerStatuses": {},
"f:hostIP": {},
"f:hostIPs": {},
"f:phase": {},
"f:podIP": {},
"f:podIPs": {
".": {},
"k:{\"ip\":\"192.168.49.2\"}": {
".": {},
"f:ip": {}
}
},
"f:startTime": {}
}
},
"subresource": "status"
}
]
},
"spec": {
"volumes": [
{
"name": "etcd-certs",
"hostPath": {
"path": "/var/lib/minikube/certs/etcd",
"type": "DirectoryOrCreate"
}
},
{
"name": "etcd-data",
"hostPath": {
"path": "/var/lib/minikube/etcd",
"type": "DirectoryOrCreate"
}
}
],
"containers": [
{
"name": "etcd",
"image": "registry.k8s.io/etcd:3.5.15-0",
"command": [
"etcd",
"--advertise-client-urls=https://192.168.49.2:2379",
"--cert-file=/var/lib/minikube/certs/etcd/server.crt",
"--client-cert-auth=true",
"--data-dir=/var/lib/minikube/etcd",
"--experimental-initial-corrupt-check=true",
"--experimental-watch-progress-notify-interval=5s",
"--initial-advertise-peer-urls=https://192.168.49.2:2380",
"--initial-cluster=minikube=https://192.168.49.2:2380",
"--key-file=/var/lib/minikube/certs/etcd/server.key",
"--listen-client-urls=https://127.0.0.1:2379,https://192.168.49.2:2379",
"--listen-metrics-urls=http://127.0.0.1:2381",
"--listen-peer-urls=https://192.168.49.2:2380",
"--name=minikube",
"--peer-cert-file=/var/lib/minikube/certs/etcd/peer.crt",
"--peer-client-cert-auth=true",
"--peer-key-file=/var/lib/minikube/certs/etcd/peer.key",
"--peer-trusted-ca-file=/var/lib/minikube/certs/etcd/ca.crt",
"--proxy-refresh-interval=70000",
"--snapshot-count=10000",
"--trusted-ca-file=/var/lib/minikube/certs/etcd/ca.crt"
],
"resources": {
"requests": {
"cpu": "100m",
"memory": "100Mi"
}
},
"volumeMounts": [
{
"name": "etcd-data",
"mountPath": "/var/lib/minikube/etcd"
},
{
"name": "etcd-certs",
"mountPath": "/var/lib/minikube/certs/etcd"
}
],
"livenessProbe": {
"httpGet": {
"path": "/livez",
"port": 2381,
"host": "127.0.0.1",
"scheme": "HTTP"
},
"initialDelaySeconds": 10,
"timeoutSeconds": 15,
"periodSeconds": 10,
"successThreshold": 1,
"failureThreshold": 8
},
"readinessProbe": {
"httpGet": {
"path": "/readyz",
"port": 2381,
"host": "127.0.0.1",
"scheme": "HTTP"
},
"timeoutSeconds": 15,
"periodSeconds": 1,
"successThreshold": 1,
"failureThreshold": 3
},
"startupProbe": {
"httpGet": {
"path": "/readyz",
"port": 2381,
"host": "127.0.0.1",
"scheme": "HTTP"
},
"initialDelaySeconds": 10,
"timeoutSeconds": 15,
"periodSeconds": 10,
"successThreshold": 1,
"failureThreshold": 24
},
"terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File",
"imagePullPolicy": "IfNotPresent"
}
],
"restartPolicy": "Always",
"terminationGracePeriodSeconds": 30,
"dnsPolicy": "ClusterFirst",
"nodeName": "minikube",
"hostNetwork": true,
"securityContext": {
"seccompProfile": {
"type": "RuntimeDefault"
}
},
"schedulerName": "default-scheduler",
"tolerations": [
{
"operator": "Exists",
"effect": "NoExecute"
}
],
"priorityClassName": "system-node-critical",
"priority": 2000001000,
"enableServiceLinks": true,
"preemptionPolicy": "PreemptLowerPriority"
},
"status": {
"phase": "Running",
"conditions": [
{
"type": "PodReadyToStartContainers",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2024-10-17T17:54:37Z"
},
{
"type": "Initialized",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2024-10-17T17:54:37Z"
},
{
"type": "Ready",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2024-10-17T17:54:52Z"
},
{
"type": "ContainersReady",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2024-10-17T17:54:52Z"
},
{
"type": "PodScheduled",
"status": "True",
"lastProbeTime": null,
"lastTransitionTime": "2024-10-17T17:54:37Z"
}
],
"hostIP": "192.168.49.2",
"hostIPs": [
{
"ip": "192.168.49.2"
}
],
"podIP": "192.168.49.2",
"podIPs": [
{
"ip": "192.168.49.2"
}
],
"startTime": "2024-10-17T17:54:37Z",
"containerStatuses": [
{
"name": "etcd",
"state": {
"running": {
"startedAt": "2024-10-17T17:54:34Z"
}
},
"lastState": {},
"ready": true,
"restartCount": 0,
"image": "registry.k8s.io/etcd:3.5.15-0",
"imageID": "docker-pullable://registry.k8s.io/etcd@sha256:a6dc63e6e8cfa0307d7851762fa6b629afb18f28d8aa3fab5a6e91b4af60026a",
"containerID": "docker://3d889bff4ad2758eb40d55db7ffd6887e1f9af2b3018a3b8d07b1f499e62bfee",
"started": true
}
],
"qosClass": "Burstable"
}
}
]
}
Live Host¶
This example was generated with a live host on the internet.
{
"ssl": true,
"connected": true,
"auth_required": true,
"build": {
"major": "1",
"minor": "28+",
"gitVersion": "v1.28.13-eks-a737599",
"gitCommit": "9183cd02caedacf6a14583843262d53d6244fc4a",
"buildDate": "2024-08-26T21:27:49Z",
"goVersion": "go1.22.5",
"compiler": "gc",
"platform": "linux/amd64"
},
"version": "1.28+"
}
Changelog¶
v2.0.0 (2025-08-21)¶
- Complete rewrite from Python to Go for improved performance and maintainability.
- Improved error handling and result processing with better logging and validation.
v1.0.0 (2025-05-05)¶
- Initial release of versioning for each module. All modules are being tagged with version number
1.0.0. Going forward: - Major version should be changed when there are changes that impact consumers or clients of the modules.
- Minor version should be changed when there are additions which enrich or enhance the module but shouldn't affect consumers or clients.
- Patch version should be changed when there are bugfixes.