Solution architecture
Kaspersky Container Security components are deployed based on the images included in the distribution kit. The table below shows which images correspond to which solution components.
Kaspersky Container Security components
Component |
Image |
Component function |
|---|---|---|
ClickHouse DBMS |
clickhouse |
Managing ClickHouse databases for storing and processing informational messages from agents. |
PostgreSQL DBMS |
postgresql |
Managing databases using tools for analyzing and optimizing query parsing and query engines. |
PGBouncer connection pooler |
pgbouncer |
PostgreSQL connection pool management. |
Middleware |
middleware |
Implementation of the data processing business logic of the solution server component and providing REST API for the graphical user interface of Kaspersky Container Security. |
Event Broker |
event-broker |
Ensuring communication between various elements of the distributed solution system. |
Image Handler, client scanner |
image-handler |
Processing scan jobs using vulnerability and malware scanners: starting scan jobs, scanning objects, aggregating and publishing scan results. |
Scanner server |
scanner-server |
Managing the scanner server, which is used to store the vulnerabilities database and the image layer cache, as well as to support the image handler. |
Licensing module |
licenses |
Manage functionalities provided under the license. |
File storage |
minio |
Managing the storage for storing and distributing to users the files that the solution generates. |
Message Broker |
nats |
Determining the order of communication requests in the form of messages. |
File server with updates for private corporate networks |
updates |
Delivery of updates when the solution is deployed. |
Solution interface |
nginx |
Functioning of the Kaspersky Container Security graphical user interface. |
Agents |
node-agent kube-agent |
Maintaining security on the nodes in accordance with configured security policies and integration with the orchestrator. |
The solution includes the following main components:
- Kaspersky Container Security Middleware
- Kaspersky Container Security Agents
- Kaspersky Container Security Scanner
Overall architecture scheme of Kaspersky Container Security
Kaspersky Container Security can be deployed in a public or private corporate network.