Part 4. Configuring Kubernetes

To configure Kubernetes for working with Kaspersky Scan Engine:

  1. Load the Kaspersky Scan Engine Docker image to the Docker repository used by Kubernetes (see section "Part 2. Running Kaspersky Scan Engine in Docker").

    Make sure that the loaded image is available in Kubernetes.

    If you use Minikube with QEMU (or with any other driver), import the Docker image from the local Docker repository to Minikube:

    eval $(minikube docker-env)

  2. Create a Kubernetes namespace named kaspersky:

    kubectl create namespace kaspersky

  3. Create a Kubernetes ConfigMaps object for the directory that contains the Kaspersky Scan Engine configuration files (see section "Part 1. Before you begin"):

    kubectl create configmap kl-configuration-file -n kaspersky --from-file=%path to the directory with the configuration files%

  4. Check that the ConfigMaps object was created successfully:

    kubectl get configmap -n kaspersky

    The output should contain name kl-configuration-file.

  5. Do any of the following:
    • If you want to use the key file, create a Kubernetes Secret that contains it (see section "Part 1. Before you begin"):

      kubectl create secret generic kl-license-key -n kaspersky --from-file=%path to the key file%

    • If you want to use the activation code, create a Kubernetes Secret that contains it (see section "Part 1. Before you begin"):

      kubectl create secret generic kl-license-key -n kaspersky --from-file=%path to the 'license' file%

  6. If you want to use TLS for connecting to Kaspersky Scan Engine in HTTP mode, create a Kubernetes Secret that contains the following:
    • The certificate:

      kubectl create secret generic kl-httpd-cert -n kaspersky --from-file=%path to the kavhttpd.cert file%

    • The private key:

      kubectl create secret generic kl-httpd-key -n kaspersky --from-file=%path to the kavhttpd.key file%

  7. If you want to use Kaspersky Scan Engine GUI, create a Kubernetes Secret that contains kl_scanengine_db.key:

    kubectl create secret generic kl-secret-key -n kaspersky --from-file=%path to the kl_scanengine_db.key file%

  8. If you want to use your own certificate and private key for connecting with Kaspersky Scan Engine GUI, create the following Kubernetes Secrets:
    • For the kl_scanengine_cert.pem file:

      kubectl create secret generic kl-webui-cert -n kaspersky --from-file=%path to the kl_scanengine_cert.pem file%

    • For the kl_scanengine_private.pem file:

      kubectl create secret generic kl-webui-key -n kaspersky --from-file=%path to the kl_scanengine_private.pem file%

  9. Check that the secret was created successfully:

    kubectl get secret -n kaspersky

    The output should contain names of all created Secrets.

  10. Make sure that the LoadBalancer service is working.

    If you are using Minikube with QEMU or any other driver, LoadBalancer can be set up with the following command:

    minikube tunnel

Page top