- Kaspersky Container Security 2.0 Help
- About the Kaspersky Container Security platform
- Solution architecture
- Standard deployment schemes
- Preparing to install the solution
- Solution installation
- Removing the solution
- Updating the solution
- Solution interface
- Licensing the solution
- Data provisioning
- Working with clusters
- View the list of clusters
- Namespaces in the cluster
- Pods in the cluster
- Visualization of cluster resources
- Working with images from registers
- Investigating security events
- Analyzing container forensics
- Searching container forensics
- Detailed information about a running process
- Detailed information about file operations
- Details information about network traffic
- Detailed information about detected malicious objects
- Restrictions on runtime policies
- Investigating container forensics while accounting for adjacent events
- Analyzing detected vulnerabilities
- Analyzing container forensics
- Integration with third-party resources
- Setting up integration with external image registries
- Минимально достаточные права для интеграции с реестрами
- Working with public registries without authorization
- Adding integrations with external image registries
- Viewing information about integrations with registries
- Deleting integration with external registry
- Harbor integration
- Creating an integration upon Harbor request
- Viewing and editing the Harbor External Integration settings
- Rescanning
- Integration with CI/CD
- Image scanning in CI/CD processes
- Configuring integration with GitLab CI/CD
- Configuring integration with Jenkins CI/CD
- Configuring integration with TeamCity CI/CD
- Defining the path to container images
- Monitoring the integrity and origin of images
- Running the scanner in SBOM mode
- Getting scan results in JSON or HTML format
- Running the scanner in lite SBOM mode
- Specifying secrets when starting a scan
- Configuring integration with image signature validators
- Setting up integration with notification outputs
- Configuring LDAP server integration
- Configuring integration with SIEM systems
- Integrating with HashiCorp Vault
- Setting up integration with external image registries
- Security policies configuration
- Scanner policies
- Assurance policies
- Response policies
- Runtime policies
- Creating a runtime policy
- Editing runtime policy settings
- Managing container runtime profiles
- Managing runtime autoprofiles
- Deleting policies
- Compliance check
- Configuring and generating reports
- File Threat Protection
- Users, roles, and scopes
- Managing users
- About user roles
- Действия в рамках системных ролей
- Displaying list of roles
- About scopes
- Scopes and enforcement of security policies
- Switching between scopes
- Adding users, roles, and scopes
- Resetting password for user accounts
- Changing settings for users, roles, and scopes
- Removing users, roles, and scopes
- Using Kaspersky Container Security OpenAPI
- Security event log
- Information about the status of solution components
- Ensuring safety and reliability of components
- Managing the dynamics of data accumulation
- Creating a user for an external PostgreSQL database
- Backing up and restoring data
- Contacting Technical Support
- Sources of information about the application
- Limitations and warnings
- Glossary
- Third party code information
- Trademark notices
- ATT&CK MITRE Terms of Use
Backing up and restoring data
PostgreSQL mechanisms can be used for PostgreSQL database backup and data recovery. You can use these for the PostgreSQL database in Kaspersky Container Security or an existing PostgreSQL database you may have.
Database backup copies are created using the pg_dump utility. The backup copy includes all main settings and PostgreSQL database objects, even if the database is used in parallel. If you have a backup copy, you can quickly restore the database.
Without a backup copy, a malfunction may lead to an irrecoverable loss of the information stored in the PostgreSQL database.
The pg_dump utility lets you export a PostgreSQL database as a script or in an archive format such as .TAR.
Example of using the pg_dump utility
#!/bin/bash
# Set variables
postgres_podname="kcs-postgres-0"
namespace="kcs"
POSTGRES_USER="pguser"
POSTGRES_DATABASE="api"
date=$(date +"%Y-%m-%dT%H:%M:%S"-"backup")
dir_main="$namespace-$date"
dir_db=$dir_main/db
# Start script
mkdir -p $dir_main $dir_db
# Get postgres dump
kubectl exec -it $postgres_podname -n $namespace -- bash -c "pg_dump -U ${POSTGRES_USER} -F c ${POSTGRES_DATABASE} > /tmp/pg_dump_backup.sqlc"
kubectl cp "$namespace/$postgres_podname:/tmp/pg_dump_backup.sqlc" pg_dump_backup.sqlc
mv pg_dump_backup.sqlc $dir_db/
kubectl exec -it $postgres_podname -n $namespace -- bash -c 'rm -rf /tmp/pg_dump_backup.sqlc'
To restore a PostgreSQL database from a backup copy, you can use the pg_restore utility. This allows you to restore a PostgreSQL database from an archive file created by the pg_dump utility. The pg_restore utility executes commands that restore the database to the state that existed when the database was saved.
Example of using the pg_restore utility
#!/bin/bash
# Set variables
postgres_podname="kcs-postgres-0"
namespace="kcs"
POSTGRES_USER="pguser"
POSTGRES_DATABASE="api"
dir_db_backup="~/pg_dump_backup.sqlc"
# Postgres restore
kubectl cp $dir_db_backup "$namespace/$postgres_podname:/tmp/pg_dump_backup.sqlc"
kubectl exec -it $postgres_podname -n $namespace -- bash -c "pg_restore -U ${POSTGRES_USER} -d ${POSTGRES_DATABASE} -c /tmp/pg_dump_backup.sqlc"
kubectl exec -it $postgres_podname -n $namespace -- bash -c 'rm -rf /tmp/pg_dump_backup.sqlc'