Kaspersky Container Security
2.0
English
Solution installation  >  Configuring a proxy server

Configuring a proxy server

In version 2.0, Kaspersky Container Security can proxy requests from private corporate networks to the external environment. The settings for connection through a proxy server are configured using the following environment variables in the Helm Chart package, which is included in the solution distribution kit:

  • HTTP_PROXY – proxy server for HTTP requests.
  • HTTPS_PROXY – proxy server for HTTPS requests.
  • NO_PROXY – a variable that specifies domains or domain masks to be excluded from proxying.

    If HTTP_PROXY or HTTPS_PROXY is used, the NO_PROXY variable is automatically generated in the Helm Chart package, and all the components used by Kaspersky Container Security are indicated in this variable.

    You can change the NO_PROXY variable if you need to specify domains and masks for operation of Kaspersky Container Security in order to exclude them from proxying.

  • SCANNER_PROXY – a specialized variable that specifies which proxy server receives requests from the scanner of the File Threat Protection component. These requests are used by Kaspersky servers to update databases.
  • LICENSE_PROXY – a specialized variable that specifies the proxy server through which kcs-licenses module sends requests to Kaspersky servers to check and update information about the current license.

Depending on the domain name masks supported by your proxy server, you must use the following masks to specify Kaspersky servers in lists of permitted proxy servers: *.kaspersky.com or .kaspersky.com , *.kaspersky-labs.com or .kaspersky-labs.com. To access these proxy servers, port 80 must be opened.

You can specify the port in the proxy server parameters using IP address or FQDN.

Special characters must be escaped.

The table below lists the Kaspersky Container Security components that can use environment variables, and also indicates the purpose of these environment variables.

Environment variables used by Kaspersky Container Security components

Component

Environment variable

Purpose

kcs-ih

HTTP_PROXY

HTTPS_PROXY

NO_PROXY

Getting access to external image registries that are not available from the Kaspersky Container Security namespace.

kcs-ih

SCANNER_PROXY

Update of the databases of the File Threat Protection scanner using Kaspersky update servers.

kcs-middleware

HTTP_PROXY

HTTPS_PROXY

NO_PROXY

Getting access to external image registries that are not available from the Kaspersky namespace.

kcs-scanner

SCANNER_PROXY

Update of the vulnerability scanner databases using Kaspersky update servers.

kcs-licenses

LICENSE_PROXY

Check and update of information about the current license using Kaspersky license servers.

You can configure the operation of agents using a proxy server, and the proxy server will pass requests to the Kaspersky Container Security installation address.

To configure the operation of agents using a proxy server:

  1. Under Components → Agents, in the table with the list of agent groups, click the link in the agent group name.
  2. In the window that opens, go to the Node monitoring tab and do the following:
    • Ensure that the File Threat Protection component is enabled by using the Disable/Enable toggle switch.
    • In the File Threat Protection section, specify the proxy server in Anti-malware database update proxy.
    • Click Save.
  3. Click the Deployment data tab.
  4. Copy or download the updated agent deployment instruction in a .YAML file again, and then apply it by using the kubectl apply -f <file> -n <namespace> command.
  5. Configure the HTTP_PROXY, HTTPS_PROXY, or NO_PROXY environment variables in the Deployment and DaemonSet objects of the agents.

Article ID: 293087, Last review: Dec 5, 2024
Page top