Configuring a proxy server

In version 1.1, Kaspersky Container Security can proxy requests from private corporate networks to the external environment. The settings for connection through a proxy server are configured using the following environment variables in the Helm Chart package, which is included in the solution distribution kit:

• HTTP_PROXY – proxy server for HTTP requests.
• HTTPS_PROXY – proxy server for HTTPS requests.
• NO_PROXY – a variable that specifies domains or domain masks to be excluded from proxying.

  If you specify NO_PROXY, the variable can include any domains and masks you need, but it must also contain the following values: localhost, kcs-licenses, kcs-scanner-api, kcs-pgbouncer, kcs-mw-grpc, kcs-scanner, kcs-s3, kcs-middleware, kcs-updates, kcs-event-broker, kcs-clickhouse, kcs-eb.

  The specified mandatory settings mean the following:

  1. localhost – domain name of a private IP address.
  2. kcs-licenses – license management application for Kaspersky Container Security.
  3. kcs-scanner-api – name of the scan API server.
  4. kcs-pgbouncer – the application that manages a PostgreSQL connection pool and connects to the server.
  5. kcs-mw-grpc – indication of the API system for remote procedure calls.
  6. kcs-scanner – scanner server, which is used to store the vulnerability database and image layer cache, and acts as the server for the kcs-ih application.
  7. kcs-s3 – name of the S3-compatible file storage repository used to store files generated by Kaspersky Container Security and distribute them to users.
  8. kcs-middleware – indication of the server component of the solution, which facilitates data processing and provides a REST API for the graphical interface.
  9. kcs-updates – indication of the update repository used when deploying the solution in isolated segments of the corporate network.
  10. kcs-event-broker – component that acts as an intermediary between various elements of the distributed Kaspersky Container Security system.
  11. kcs-clickhouse – indication of the Clickhouse database management system, which stores and processes informational messages from node-agent system agents.
  12. kcs-eb – Indication of the AWS Elastic Beanstalk system for deployment and scaling of web applications.

  The NO_PROXY variable must be specified when using HTTP_PROXY and/or HTTPS_PROXY.

• SCANNER_PROXY – a specialized variable that specifies which proxy server receives requests from the scanner of the File Threat Protection component. These requests are used by Kaspersky servers to update databases.
• LICENSE_PROXY – a specialized variable that specifies the proxy server to which kcs-licenses application requests are sent for Kaspersky servers to check and update information about the current license.

To specify Kaspersky servers in the permission lists of proxy servers, you must use a *.kaspersky.com or .kaspersky.com mask (depending on the domain name masks supported by your proxy server).

The table below lists the Kaspersky Container Security applications that can use environment variables, and also indicates the purpose of these environment variables.

Environment variables used by Kaspersky Container Security applications