Support

Support for business applications

Kaspersky Container Security

About the Kaspersky Container Security platform

Hardware and software requirements

Kaspersky Container Security
Нет результатов
Online Help
FAQ Forum Contact support Recovery tools

Hardware and software requirements

June 17, 2024

ID 274380

To install and operate Kaspersky Container Security, the following infrastructure requirements must be met:

  • One of the following orchestration platforms:
    • Kubernetes (version 1.21 or later)
    • OpenShift (version 4.11 or later)
    • Deckhouse (versions 1.52, 1.53)
  • Availability of a CI system to scan container images within the development process (for example, GitLab CI).
  • Installed package manager Helm v3.8.0 or later.

To implement runtime monitoring with container runtime profiles, orchestrator nodes must meet the following requirements:

  • Linux kernel 4.19 or later.
  • Container runtimes (CRI): containerd, CRI-O.
  • Container Network Interface (CNI) plug-ins: Flannel, Calico, Cilium.

Minimum supported versions of Linux distributions and Linux kernels to implementing runtime monitoring using container runtime profiles:

  • CentOS 8.2.2004 or later + kernel 4.18.0-193 or later
  • Ubuntu 18.04.2 or later + kernel 4.18.0 or later
  • Debian 10 or later + kernel 4.19.0 or later
  • Astra Linux SE 1.7. * + Kernel 6.1.50-1-generic

If your infrastructure contains host servers running other Linux distributions, we recommend contacting Technical Support. Technical Support will check the compatibility of the solution with your distributions. If such compatibility is not available, the distributions may be supported by future versions of Kaspersky Container Security.

Kaspersky Container Security ensures correct operation when used in the Istio service mesh infrastructure.

When using external database management systems, Kaspersky Container Security supports PostgreSQL 11.*, 13.*, 14.*.

Kaspersky Container Security supports integration with the following image registries:

  • GitLab 14.2 or later
  • Docker Hub V2 API or later
  • JFrog Artifactory 7.55 or later
  • Sonatype Nexus Repository OSS 3.43 or later
  • Harbor 2.х.

Image requirements (OS, version, scanned packages):

  • AlmaLinux, versions 8, 9. Packages installed via dnf/yum/rpm are scanned.
  • Alpine Linux, versions 2.2 - 2.7, 3.0 - 3.18, Edge. Packages installed via apk are scanned.
  • Amazon Linux, versions 1, 2, 2023. Packages installed via dnf/yum/rpm are scanned.
  • Astra Linux SE, versions 1.6.x, 1.7.x. Packages installed via apt/dpkg are scanned.
  • CBL-Mariner, versions 1.0, 2.0. Packages installed via dnf/yum/rpm are scanned.
  • CentOS, versions 6, 7, 8. Packages installed via dnf/yum/rpm are scanned.
  • Chainguard, all versions. Packages installed via apk are scanned.
  • Debian GNU/Linux, versions 7, 8, 9, 10, 11, 12. Packages installed via apt/dpkg are scanned.
  • openSUSE Leap, versions 42, 15. Packages installed via zypper/rpm are scanned.
  • Oracle Linux, versions 5, 6, 7, 8. Packages installed via dnf/yum/rpm are scanned.
  • Photon OS, versions 1.0, 2.0, 3.0, 4.0. Packages installed via tdnf/yum/rpm are scanned.
  • Red Hat Enterprise Linux, versions 6, 7, 8. Packages installed via dnf/yum/rpm are scanned.
  • RedOS, versions 7.1, 7.2, 7.3.x, 8.0. Packages installed via dnf/yum/rpm are scanned.
  • Rocky Linux, versions 8, 9. Packages installed via dnf/yum/rpm are scanned.
  • SUSE Enterprise Linux, versions 11, 12, 15. Packages installed via zypper/rpm are scanned.
  • Ubuntu, all versions supported by Canonical. Packages installed via apt/dpkg are scanned.
  • Wolfi Linux, all versions. Packages installed via apk are scanned.

Kaspersky Container Security supports the following versions of CIS Kubernetes Benchmarks:

  • CIS Kubernetes Benchmark 1.5.1, 1.6.0, 1.20, 1.23, 1.24, and 1.7.
  • CIS Kubernetes Benchmark GKE 1.0.0 and GKE 1.2.0.
  • CIS Kubernetes Benchmark EKS 1.0.1, EKS 1.1.0, and EKS 1.2.0.
  • CIS Kubernetes Benchmark ACK 1.0.0.
  • CIS Kubernetes Benchmark AKS 1.0.0.
  • RHEL Kubernetes Benchmark, RedHat OpenShift hardening guide.
  • CIS Kubernetes Benchmark OCP4 1.1.0.
  • CIS Kubernetes Benchmark 1.6.0-k3s.
  • DISA Kubernetes Benchmark, Kubernetes v. 1, rel. 6.
  • CIS Kubernetes Benchmark TKGI 1.2.53.

When configuring Kaspersky Container Security in a cluster with three worker nodes, three scanner pods (kcs-ih) and a maximum image scan size of 10 GB, the cluster working node must meet the following requirements:

  • At least 10 processor cores
  • At least 18 GB of RAM
  • 40 GB of free disk space
  • At least 1 Gbps of communication channel bandwidth between cluster components

For agents operation in the cluster, each working node must be provided with the following additional computational resources:

  • 2 processor cores
  • 3 GB of RAM
  • 15 GB of free disk space

You must allocate 1 GB of free disk space for ClickHouse Persistent Volume for each monitored node in the cluster where the solution is installed.

The above requirements apply to Kaspersky Container Security deployment only; they do not take into account other loads on the client's resources.

Kaspersky Container Security user workstation requirements:

  • Permanent Internet connection when deployed in a public corporate network.
  • Access to the Management Console page of Kaspersky Container Security (address within customer's corporate network, specified during installation).
  • Communication channels with at least 10 Mbit/s bandwidth.
  • One of the following browsers:
    • Google Chrome version 73 or later.
    • Microsoft Edge version 79 or later.
    • Mozilla Firefox version 63 or later.
    • Apple Safari version 12.1 or later.
    • Opera version 60 or later.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.