Scaling

Kaspersky Container Security supports scaling for the number of scanning pods to ensure that the incoming image volume can be scanned. You can scale the number of scanning pods up or down at any time while the solution is operating.

When a scanning pod is added, the system resources increase as follows:

• The number of node processors—by 2.
• The amount of RAM on the nodes—by 4 GB.
• The amount of free disk space on a node hard drive—by 15 GB.

To scan images larger than 10 GB, the kcs-ih service resources must be increased as follows per scanning pod and for each additional GB.

• The amount of RAM on the nodes—by 300 MB.
• The amount of free disk space on a node hard drive—by 1 GB.

If the images are not scanned for configuration file errors during standard operation mode, it is not necessary to increase the RAM of the scanning pods.

To process the results of scanning many large objects faster, you can allocate more resources to the job handler service by updating variables in the Helm package.

To add more scan job handling resources:

1. Open the Helm package and specify the required number of handlers for the kcs-middleware parameter in the scanWorkers variable in the default section.
2. In the requests and limits variables, specify the size of RAM as determined according to the following formula:

   memory = X * scanWorkers / 2, where

   memory is the size of RAM allocated to the image handler service.

   X is the original value of the variable that denotes the size of RAM.

   scanWorkers is the number of handlers specified in step 1.

   The result of scanWorkers/2 can't be zero.

3. In the requests and limits variables, specify the CPU resources as calculated according to the following formula:

   cpu = X*scanWorkers, where

   cpu is the CPU resources allocated to the image handler service.

   X is the original value of the variable that denotes the CPU resources.

   scanWorkers is the number of handlers.

Example of adding more scan job handling resources

Page top