If security scanners (antivirus tools) scan nodes of the Kubernetes cluster, then it may be necessary to configure them to exclude false positives.

Deckhouse uses the following directories when working (download in csv…):

  • /mnt/kubernetes-data (master node) — exists only in cloud installations, when a separate disk is used for etcd database.

  • /var/lib/etcd (master node) — etcd database.

  • /var/lib/deckhouse/ (master node) — files of Deckhouse modules, which dynamically loads from a registry.

  • /var/lib/upmeter (master node, the upmeter module) — the upmeter module database.

  • /etc/kubernetes (any node) — manifests of static pods, PKI certificate files.

  • /var/lib/bashible (any node) — node configuration files.

  • /var/lib/containerd (any node) — files of container images and containers running on the node.

  • /mnt/vector-data (any node, the log-shipper module) — checkpoints of sent logs.

  • /var/log/containers (any node) — logs of containers (when using containerd).

  • /var/lib/kubelet/ (any node) — kubelet configuration files.

  • /opt/cni/bin/ (any node) — CNI plugin executables.

  • /opt/deckhouse/bin/ (any node) — executable files required for Deckhouse to work.

  • /var/log/pods/ (any node) — logs of all pod containers that are running on this cluster node.

  • /etc/cni/ (any node) — CNI plugin configuration files.