Kaspersky Container Security
2.0
English
Solution installation  >  Installing the basic business logic module and scanner

Installing the basic business logic module and scanner

Before the solution installation, you must check the data integrity in the prepared Helm Chart package.

To check the data integrity:

  1. Download the archive with the prepared Helm Chart package and hash file and go to this directory.
  2. Run the command:

    sha256sum -c kcs-2.0.0.tgz.sha

    The data integrity is confirmed if the following message is displayed:

    kcs-2.0.0.tgz: OK

Before starting the installation (including on AWS EKS or Microsoft Azure), pay attention to the storageClass and ingressClass settings in the default and ingress.kcs blocks of the configuration file. These settings are cluster relevant and, if necessary, are to be changed according to your infrastructure. For example, the following variant is used for Azure:

default:
  storageClass: azurefile
  networkPolicies:
    ingressControllerNamespaces:
      - app-routing-system

ingress:
  kcs:
    ingressClass: webapprouting.kubernetes.azure.com

To install the basic business logic module and the scanner of Kaspersky Container Security,

After preparing the configuration file, run the solution installation:

cd kcs/

helm upgrade --install kcs . \

--create-namespace \

--namespace kcs \

--values values.yaml \

--set default.domain="example.com" \

--set default.networkPolicies.ingressControllerNamespaces="{ingress-nginx}" \

--set secret.infracreds.envs.POSTGRES_USER="user" \

--set-string secret.infracreds.envs.POSTGRES_PASSWORD="pass" \

--set secret.infracreds.envs.MINIO_ROOT_USER="user" \

--set-string secret.infracreds.envs.MINIO_ROOT_PASSWORD="password" \

--set-string secret.infracreds.envs.CLICKHOUSE_ADMIN_PASSWORD="pass" \

--set secret.infracreds.envs.MCHD_USER="user" \

--set-string secret.infracreds.envs.MCHD_PASS="pass" \

--set pullSecret.kcs-pullsecret.username="user" \

--set-string pullSecret.kcs-pullsecret.password="pass"

After installation, the solution components are deployed.

Also, when installing the Kaspersky Container Security Middleware module and scanner, you can configure the secure transfer of passwords, tokens, and secrets. This is achieved using a HashiCorp Vault storage, which you can configure in the values.yaml file and deploy when the Helm Chart package is started.

After installation is complete, a record about the execution of the solution installation command remains in the command shell. You can open the command history file and delete this record, or prevent the command history from being logged in the command shell before installation.

The control panel will be available at the address specified in the envs subsection of the environment variables section. This allows you to create the ConfigMap object for the API_URL parameter:

http://${DOMAIN}

Article ID: 292077, Last review: Dec 5, 2024
Page top