If Kubernetes cluster nodes are analyzed by security scanners (antivirus tools), you may need to configure them to avoid false positives.

Deckhouse uses the following directories when working (download their list in csv…):

  • /mnt/kubernetes-data (master node) — only exists in clusters deployed in the cloud when a separate disk is used for the etcd database.

  • /var/lib/etcd (master node) — etcd database.

  • /var/lib/deckhouse/ (master node) — files of Deckhouse modules, which dynamically loads from a registry.

  • /var/lib/upmeter (master node, the upmeter module) — the upmeter module database.

  • /etc/kubernetes (any node) — manifests of static pods, PKI certificate files.

  • /var/lib/bashible (any node) — node configuration files.

  • /var/lib/containerd (any node) — used to store data related to CRI operation (e.g., containerd); contains container image layers, container file system snapshots, meta information, logs, and other container information.

  • /mnt/vector-data (any node, the log-shipper module) — checkpoints of sent logs.

  • /var/log/containers (any node) — logs of containers (when using containerd).

  • /var/lib/kubelet/ (any node) — kubelet configuration files.

  • /opt/cni/bin/ (any node) — CNI plugin executables.

  • /opt/deckhouse/bin/ (any node) — executable files required for Deckhouse to work.

  • /var/log/pods/ (any node) — logs of all pod containers that are running on this cluster node.

  • /etc/cni/ (any node) — CNI plugin configuration files.