Solution architecture
Kaspersky Container Security components are deployed based on the images included in the distribution kit. The table below shows which images correspond to which solution components.
Kaspersky Container Security components
Component |
Image |
Component function |
|---|---|---|
ClickHouse DBMS |
clickhouse |
Managing ClickHouse databases for storing and processing informational messages from agents. |
PostgreSQL DBMS |
postgresql |
Managing databases using tools for analyzing and optimizing query parsing and query engines.
|
Middleware |
middleware |
Implements the data processing business logic of the server component of the solution and exposes a REST API to the graphical user interface of Kaspersky Container Security. |
Event Broker |
event-broker |
Ensuring communication between various elements of the distributed solution system. |
Image Handler, client scanner |
image-handler |
Processing scan jobs using vulnerability and malware scanners: starting scan jobs, scanning objects, aggregating and publishing scan results. |
Scanner server |
scanner-server |
Managing the scanner server, which is used to store the vulnerabilities database and the image layer cache, as well as to support the image handler. |
Licensing module |
licenses |
Manage functionalities provided under the license. |
File storage |
minio |
Managing the storage for storing and distributing to users the files that the solution generates. |
Multi-threaded event-based key-value cache storage |
memcached |
Managing the cache storage for keys and values that the solution receives as part of events. |
File server with updates for private corporate networks |
updates |
Delivery of updates when the solution is deployed. |
Solution interface |
nginx |
Functioning of the Kaspersky Container Security graphical user interface. |
Agent Broker |
agent-broker |
Ensuring communication between various elements of the distributed solution system. |
Agents |
node-agent kube-agent |
Maintaining security on the nodes in accordance with configured security policies and integration with the orchestrator. |
The solution includes the following main components:
- Kaspersky Container Security Middleware
- Kaspersky Container Security Agents
- Kaspersky Container Security Scanner
Overall architecture scheme of Kaspersky Container Security
Kaspersky Container Security can be deployed in a public or private corporate network.