Solution installation

Kaspersky Container Security components are supplied as images in the Kaspersky Container Security manufacturer registry and deployed as containers.

Installation of the Kaspersky Container Security platform consists of the following steps:

1. Installing the Server and Scanner components.
2. First launch of the Management Console.
3. Configuration of the Agent groups and Agent deployment on the controlled cluster nodes.

After installation, you should prepare the solution for operation:

• Configure integration with image registries.
• Configure integration with outputs.
• Configure security policies.
• Configure integration with CI/CD.
• Configure users and roles.
• Configure integration with LDAP server.

Installing the Server and Scanner

To install Kaspersky Container Security Server and Scanner:

After preparing the configuration file, run the solution installation:

cd kcs/

helm upgrade --install kcs . \

--create-namespace \

--namespace kcs \

--values values.yaml

Following the installation, the solution components are deployed.

The control panel will be available at the address specified in the envs subsection of the environment variables section. This allows you to create the ConfigMap object for the API_URL parameter:

http://${DOMAIN}

Viewing and accepting the End User License Agreement

When you launch the Management Console in a browser for the first time, Kaspersky Container Security prompts you to read the End User License Agreement between you and Kaspersky. To continue working with the solution, confirm that you have fully read and accept the terms of the End User License Agreement for Kaspersky Container Security.

To confirm acceptance of the terms of the End User License Agreement,

at the bottom of the End User License Agreement window, click the Accept button.

The authorization page opens for launching the Management Console.

After installing a new version of the solution, accept the End User License Agreement again.

First launch of the Management console

To start the Kaspersky Container Security Management Console:

1. In your browser, navigate to the address specified for the Management Console during the Server installation.

   The authorization page opens.

2. Enter your user name and password and click the Login button.

   During the installation of the solution, the user name and password have the same value assigned—admin. You can change the user name and password after launching the Management Console.

   After 3 unsuccessful password entry attempts, the user is temporarily blocked. The default block duration is 1 minute.

3. Following the request, change the current password for the user account: enter a new password, confirm it, and click the Change button.

   Passwords have the following requirements:

   • The password must contain numerals, special characters, and uppercase and lowercase letters.
   • The minimum password length is 6 characters, and the maximum password length is 72 characters.

The main page of the Management Console opens.

By default, the logged-in user session in the Management Console is 9 hours. In the Settings → Authentication section, you can set your own session duration from the minimum of 1 hour to the maximum of 168 hours. After this time expires, the session ends.

You can change the connection settings in the Settings → Authentication section.

Agent deployment

You should install Agents on all nodes of the cluster that you want to protect.

To deploy Agents in a cluster:

1. In the Management Console, add a group of Agents:
   1. In the main menu, go to the Components → Agents section.
   2. In the work pane, click the Add Agent group button.
   3. Fill in the fields in the form.
      • Enter the group name and description. We recommend that you specify the name of the cluster, on the nodes of which Agents are deployed, as the group name for convenient Agent management.
      • Select the type of Agent.
      • Select the type of target node operating system.
      • Select the orchestrator to use.
      • If required, enter the deployment token, which is the identifier that the Agent uses to connect to the Server. You can enter the token or leave the field blank for the token to generate automatically.
   4. Click the Add button.

      The right part of the work pane displays the data required to continue Agents deployment in the cluster.

2. Use the instruction from the Configuration field (in the .YAML format) to deploy Agents in the cluster. For example:

   kubectl apply -f <file> -n <namespace>

   Following the application of the guidelines from the instruction on the cluster, the Agent is deployed on all worker nodes of the cluster.

The table in the Agents subsection displays the created group and deployed Agents. Agents server connection status is available for viewing.