Part 5. Deploying Kaspersky Scan Engine to Kubernetes

To deploy Kaspersky Scan Engine to Kubernetes:

  1. Make sure that you have a node that has at least 300 MB of free RAM.
  2. If you want to use TLS for connecting to Kaspersky Scan Engine in HTTP mode, uncomment the following lines in the file kaspersky_httpd_kubernetes.yaml:
    • In the template/spec/volumes section:

      - name: httpd-cert

      secret:

      secretName: kl-httpd-cert

      - name: httpd-key

      secret:

      secretName: kl-httpd-key

    • In the template/spec/containers/volumeMounts section:

      - mountPath: "/opt/kaspersky/ScanEngine/httpdcert"

      name: httpd-cert

      readOnly: true

      - mountPath: "/opt/kaspersky/ScanEngine/httpdkey"

      name: httpd-key

      readOnly: true

  3. If you want to use Kaspersky Scan Engine GUI, uncomment the following lines in the file kaspersky_httpd_kubernetes.yaml (HTTP mode) or kaspersky_icapd_kubernetes.yaml (ICAP mode):
    • In the template/spec/volumes section:

      - name: secret-key

      secret:

      secretName: kl-secret-key

    • In the template/spec/containers/volumeMounts section:

      - mountPath: "/opt/kaspersky/ScanEngine/httpsrv"

      name: secret-key

      readOnly: true

  4. If you want to use your own certificate for Kaspersky Scan Engine GUI, uncomment the following lines in the file kaspersky_httpd_kubernetes.yaml (HTTP mode) or kaspersky_icapd_kubernetes.yaml (ICAP mode):
    • In the template/spec/volumes section:

      - name: webui-cert

      secret:

      secretName: kl-webui-cert

      - name: webui-key

      secret:

      secretName: kl-webui-key

    • In the template/spec/containers/volumeMounts section:

      - mountPath: "/opt/kaspersky/ScanEngine/httpsrvcert"

      name: webui-cert

      readOnly: true

      - mountPath: "/opt/kaspersky/ScanEngine/httpsrvkey"

      name: webui-key

      readOnly: true

  5. Load configuration from the Kubernetes YAML file:
    • For HTTP mode:

      kubectl apply -f kaspersky_httpd_kubernetes.yaml

    • For ICAP mode:

      kubectl apply -f kaspersky_icapd_kubernetes.yaml

  6. Check that the following resources are available in Kubernetes:

    kubectl get deployment,pods,service -n kaspersky

    The displayed list should contain the following resources:

    • The kaspersky namespace
    • Access to Kaspersky Scan Engine GUI on port 8080 and the IP assigned by LoadBalancer
    • Access to Kaspersky Anti-Virus Engine on port 8085 and the IP assigned by LoadBalancer
    • HTTP mode only:
      • A deployment called scanengine-httpd
      • A pod named scanengine-httpd-%Kaspersky Scan Engine GUID%
      • A service named scanengine-httpd
    • ICAP mode only:
      • A deployment called scanengine-icapd
      • A pod named scanengine-icapd-%Kaspersky Scan Engine GUID%
      • A service named scanengine-icapd
Page top