Skip to content

Scanning Engine v2 - Module - Kubernetes

Overview

Kubernetes (https://en.wikipedia.org/wiki/Kubernetes) is an open-source container orchestration system for automating software deployment, scaling, and management. Originally designed by Google, the project is now maintained by a worldwide community of contributors, and the trademark is held by the Cloud Native Computing Foundation.

Upon connection to a Kubernetes service, this module attempts to dump the cluster's version, pods, secrets and config information.

Targeting

This module targets TCP ports by IP address or hostname.

Schemas

The schema for the body object of all results generated with .task.module_name equal to kubernetes can be found here. The schema for results is available both in standalone and bundled form.

Examples

These are examples of the .body object for results with .task.module_name equal to kubernetes.

Docker

This example was generated with the Minikube v1.34.0 and Kubernetes v1.31.0 running using the docker driver.

{
  "ssl": true,
  "connected": true,
  "auth_required": false,
  "build": {
    "major": "1",
    "minor": "31",
    "gitVersion": "v1.31.0",
    "gitCommit": "9edcffcde5595e8a5b1a35f88c421764e575afce",
    "buildDate": "2024-08-13T07:28:49Z",
    "goVersion": "go1.22.5",
    "compiler": "gc",
    "platform": "linux/arm64"
  },
  "version": "1.31",
  "pods": [
    {
      "metadata": {
        "name": "etcd-minikube",
        "namespace": "kube-system",
        "uid": "2066bd7e-665a-4518-b849-55127f42c7e4",
        "resourceVersion": "367",
        "creationTimestamp": "2024-10-17T17:54:36Z",
        "labels": {
          "component": "etcd",
          "tier": "control-plane"
        },
        "annotations": {
          "kubeadm.kubernetes.io/etcd.advertise-client-urls": "https://192.168.49.2:2379",
          "kubernetes.io/config.hash": "a5363f4f31e043bdae3c93aca4991903",
          "kubernetes.io/config.mirror": "a5363f4f31e043bdae3c93aca4991903",
          "kubernetes.io/config.seen": "2024-10-17T17:54:33.759910421Z",
          "kubernetes.io/config.source": "file"
        },
        "ownerReferences": [
          {
            "apiVersion": "v1",
            "kind": "Node",
            "name": "minikube",
            "uid": "fd655b2b-b83b-4f35-9fe8-ecd34f8977db",
            "controller": true
          }
        ],
        "managedFields": [
          {
            "manager": "kubelet",
            "operation": "Update",
            "apiVersion": "v1",
            "time": "2024-10-17T17:54:52Z",
            "fieldsType": "FieldsV1",
            "fieldsV1": {
              "f:status": {
                "f:conditions": {
                  ".": {},
                  "k:{\"type\":\"ContainersReady\"}": {
                    ".": {},
                    "f:lastProbeTime": {},
                    "f:lastTransitionTime": {},
                    "f:status": {},
                    "f:type": {}
                  },
                  "k:{\"type\":\"Initialized\"}": {
                    ".": {},
                    "f:lastProbeTime": {},
                    "f:lastTransitionTime": {},
                    "f:status": {},
                    "f:type": {}
                  },
                  "k:{\"type\":\"PodReadyToStartContainers\"}": {
                    ".": {},
                    "f:lastProbeTime": {},
                    "f:lastTransitionTime": {},
                    "f:status": {},
                    "f:type": {}
                  },
                  "k:{\"type\":\"PodScheduled\"}": {
                    ".": {},
                    "f:lastProbeTime": {},
                    "f:lastTransitionTime": {},
                    "f:status": {},
                    "f:type": {}
                  },
                  "k:{\"type\":\"Ready\"}": {
                    ".": {},
                    "f:lastProbeTime": {},
                    "f:lastTransitionTime": {},
                    "f:status": {},
                    "f:type": {}
                  }
                },
                "f:containerStatuses": {},
                "f:hostIP": {},
                "f:hostIPs": {},
                "f:phase": {},
                "f:podIP": {},
                "f:podIPs": {
                  ".": {},
                  "k:{\"ip\":\"192.168.49.2\"}": {
                    ".": {},
                    "f:ip": {}
                  }
                },
                "f:startTime": {}
              }
            },
            "subresource": "status"
          }
        ]
      },
      "spec": {
        "volumes": [
          {
            "name": "etcd-certs",
            "hostPath": {
              "path": "/var/lib/minikube/certs/etcd",
              "type": "DirectoryOrCreate"
            }
          },
          {
            "name": "etcd-data",
            "hostPath": {
              "path": "/var/lib/minikube/etcd",
              "type": "DirectoryOrCreate"
            }
          }
        ],
        "containers": [
          {
            "name": "etcd",
            "image": "registry.k8s.io/etcd:3.5.15-0",
            "command": [
              "etcd",
              "--advertise-client-urls=https://192.168.49.2:2379",
              "--cert-file=/var/lib/minikube/certs/etcd/server.crt",
              "--client-cert-auth=true",
              "--data-dir=/var/lib/minikube/etcd",
              "--experimental-initial-corrupt-check=true",
              "--experimental-watch-progress-notify-interval=5s",
              "--initial-advertise-peer-urls=https://192.168.49.2:2380",
              "--initial-cluster=minikube=https://192.168.49.2:2380",
              "--key-file=/var/lib/minikube/certs/etcd/server.key",
              "--listen-client-urls=https://127.0.0.1:2379,https://192.168.49.2:2379",
              "--listen-metrics-urls=http://127.0.0.1:2381",
              "--listen-peer-urls=https://192.168.49.2:2380",
              "--name=minikube",
              "--peer-cert-file=/var/lib/minikube/certs/etcd/peer.crt",
              "--peer-client-cert-auth=true",
              "--peer-key-file=/var/lib/minikube/certs/etcd/peer.key",
              "--peer-trusted-ca-file=/var/lib/minikube/certs/etcd/ca.crt",
              "--proxy-refresh-interval=70000",
              "--snapshot-count=10000",
              "--trusted-ca-file=/var/lib/minikube/certs/etcd/ca.crt"
            ],
            "resources": {
              "requests": {
                "cpu": "100m",
                "memory": "100Mi"
              }
            },
            "volumeMounts": [
              {
                "name": "etcd-data",
                "mountPath": "/var/lib/minikube/etcd"
              },
              {
                "name": "etcd-certs",
                "mountPath": "/var/lib/minikube/certs/etcd"
              }
            ],
            "livenessProbe": {
              "httpGet": {
                "path": "/livez",
                "port": 2381,
                "host": "127.0.0.1",
                "scheme": "HTTP"
              },
              "initialDelaySeconds": 10,
              "timeoutSeconds": 15,
              "periodSeconds": 10,
              "successThreshold": 1,
              "failureThreshold": 8
            },
            "readinessProbe": {
              "httpGet": {
                "path": "/readyz",
                "port": 2381,
                "host": "127.0.0.1",
                "scheme": "HTTP"
              },
              "timeoutSeconds": 15,
              "periodSeconds": 1,
              "successThreshold": 1,
              "failureThreshold": 3
            },
            "startupProbe": {
              "httpGet": {
                "path": "/readyz",
                "port": 2381,
                "host": "127.0.0.1",
                "scheme": "HTTP"
              },
              "initialDelaySeconds": 10,
              "timeoutSeconds": 15,
              "periodSeconds": 10,
              "successThreshold": 1,
              "failureThreshold": 24
            },
            "terminationMessagePath": "/dev/termination-log",
            "terminationMessagePolicy": "File",
            "imagePullPolicy": "IfNotPresent"
          }
        ],
        "restartPolicy": "Always",
        "terminationGracePeriodSeconds": 30,
        "dnsPolicy": "ClusterFirst",
        "nodeName": "minikube",
        "hostNetwork": true,
        "securityContext": {
          "seccompProfile": {
            "type": "RuntimeDefault"
          }
        },
        "schedulerName": "default-scheduler",
        "tolerations": [
          {
            "operator": "Exists",
            "effect": "NoExecute"
          }
        ],
        "priorityClassName": "system-node-critical",
        "priority": 2000001000,
        "enableServiceLinks": true,
        "preemptionPolicy": "PreemptLowerPriority"
      },
      "status": {
        "phase": "Running",
        "conditions": [
          {
            "type": "PodReadyToStartContainers",
            "status": "True",
            "lastProbeTime": null,
            "lastTransitionTime": "2024-10-17T17:54:37Z"
          },
          {
            "type": "Initialized",
            "status": "True",
            "lastProbeTime": null,
            "lastTransitionTime": "2024-10-17T17:54:37Z"
          },
          {
            "type": "Ready",
            "status": "True",
            "lastProbeTime": null,
            "lastTransitionTime": "2024-10-17T17:54:52Z"
          },
          {
            "type": "ContainersReady",
            "status": "True",
            "lastProbeTime": null,
            "lastTransitionTime": "2024-10-17T17:54:52Z"
          },
          {
            "type": "PodScheduled",
            "status": "True",
            "lastProbeTime": null,
            "lastTransitionTime": "2024-10-17T17:54:37Z"
          }
        ],
        "hostIP": "192.168.49.2",
        "hostIPs": [
          {
            "ip": "192.168.49.2"
          }
        ],
        "podIP": "192.168.49.2",
        "podIPs": [
          {
            "ip": "192.168.49.2"
          }
        ],
        "startTime": "2024-10-17T17:54:37Z",
        "containerStatuses": [
          {
            "name": "etcd",
            "state": {
              "running": {
                "startedAt": "2024-10-17T17:54:34Z"
              }
            },
            "lastState": {},
            "ready": true,
            "restartCount": 0,
            "image": "registry.k8s.io/etcd:3.5.15-0",
            "imageID": "docker-pullable://registry.k8s.io/etcd@sha256:a6dc63e6e8cfa0307d7851762fa6b629afb18f28d8aa3fab5a6e91b4af60026a",
            "containerID": "docker://3d889bff4ad2758eb40d55db7ffd6887e1f9af2b3018a3b8d07b1f499e62bfee",
            "started": true
          }
        ],
        "qosClass": "Burstable"
      }
    }
  ]
}

Live Host

This example was generated with a live host on the internet.

{
  "ssl": true,
  "connected": true,
  "auth_required": true,
  "build": {
    "major": "1",
    "minor": "28+",
    "gitVersion": "v1.28.13-eks-a737599",
    "gitCommit": "9183cd02caedacf6a14583843262d53d6244fc4a",
    "buildDate": "2024-08-26T21:27:49Z",
    "goVersion": "go1.22.5",
    "compiler": "gc",
    "platform": "linux/amd64"
  },
  "version": "1.28+"
}

Changelog

v2.0.0 (2025-08-21)

  • Complete rewrite from Python to Go for improved performance and maintainability.
  • Improved error handling and result processing with better logging and validation.

v1.0.0 (2025-05-05)

  • Initial release of versioning for each module. All modules are being tagged with version number 1.0.0. Going forward:
  • Major version should be changed when there are changes that impact consumers or clients of the modules.
  • Minor version should be changed when there are additions which enrich or enhance the module but shouldn't affect consumers or clients.
  • Patch version should be changed when there are bugfixes.