Kaspersky Container Security
2.0
English

Contents

Standard deployment schemes

Kaspersky Container Security supports the following deployment scenarios:

  • Deployment in a public corporate network (Internet access from the Kubernetes cluster is allowed):
    • Images from which the Kaspersky Container Security components are deployed are located in a public repository.
    • After installation, the solution components refer to the vulnerability databases on the Internet.
    • Databases are updated using the Kaspersky update server, available on the Internet.

    A private corporate network with access to servers in the allowed servers list may be considered a public corporate network.

  • Deployment in a private corporate network (Internet access from the Kubernetes cluster is prohibited):
    • An internal repository is used to host the images from which the Kaspersky Container Security components are deployed.
    • Additionally, the component kcs-updates is installed, which is a special image containing the vulnerability databases and security benchmarks that the solution requires.
    • After installation, the solution components refer to the vulnerability databases and security standards located in the special image kcs-updates inside the corporate network.
    • The Update server providing threat database updates is deployed as a separate component in the corporate network.

A private corporate network also allows for deployment with a proxy server.

We do not recommend deploying the solution with a clustered infrastructure configuration in which network interaction between host servers (nodes) is conducted in the public Internet. If this configuration is used, network interaction in the cluster may be exposed to critical network security risks.

In this Help section

Deployment in a public corporate network

Deployment in a private corporate network
Page top
[Topic 273082]

Deployment in a public corporate network

When deployed in a public corporate network, Kaspersky Container Security is allowed to access the Internet from a cluster. The solution databases are updated from external databases containing updates for the vulnerabilities and malware databases.

Solution deployment scheme in a public corporate network.

Solution architecture when deployed in a public corporate network

Page top
[Topic 291328]

Deployment in a private corporate network

When deployed in a private corporate network, Kaspersky Container Security is prohibited from accessing the Internet from a cluster. The solution databases are updated by updating the images of the scanner that is run from the CI / CD and the image scanner.

Scheme for deploying the solution in a private network.

Solution architecture when deployed in a private corporate network

Page top
[Topic 291329]