Limitations and warnings

Kaspersky Container Security 1.1 has a number of limitations that are not critical to the operation of the solution:

• If you need to run many image vulnerability scans, we advise you to disable the misconfiguration scan option in the scanner policy because this operation may consume substantially more resources, especially when working with large-sized images.
• In cases where an attempt is made to run the solution simultaneously with other container security applications, Kaspersky Container Security has been noted to operate incorrectly. If another application in use is interfering and / or integrating with the operation of containers, the File Threat Protection component may not function correctly. You can temporarily disable the File Threat Protection component in scanner policies.

  We recommend that you do not use Kaspersky Container Security simultaneously with other container security applications.

• To use network policies supplied with Kaspersky Container Security, ensure the following:
  1. In the Helm Chart used to deploy and install the solution, the networkPolicies.create parameter is set to true (the default value).
  2. The network plug-in in the cluster, where the solution is deployed, supports Kubernetes network policies. If network policies are not supported, Kaspersky Container Security will create NetworkPolicies objects, but they will not be applied and will not filter traffic.

     If the NetworkPolicies objects are missing or not applied, the security level of the solution is lower.

• Kaspersky Container Security 1.1 supports correct scanning only of images for the linux/amd64 architecture. When scanning multi-platform images, the scanner automatically attempts to apply the linux/amd64 architecture option.