Standard deployment schemes

Kaspersky Container Security supports the following deployment scenarios:

• Deployment in a public corporate network (Internet access from the Kubernetes cluster is allowed):
  • Images from which the Kaspersky Container Security components are deployed are located in a public repository.
  • After installation, the solution components refer to the vulnerability databases on the Internet.
  • Databases are updated using the Kaspersky update server, available on the Internet.

  A private corporate network with access to servers in the allowed servers list may be considered a public corporate network.

• Deployment in a private corporate network (Internet access from the Kubernetes cluster is prohibited):
  • An internal repository is used to host the images from which the Kaspersky Container Security components are deployed.
  • Additionally, the component kcs-updates is installed, which is a special image containing the vulnerability databases and security benchmarks that the solution requires.
  • After installation, the solution components refer to the vulnerability databases and security standards located in the special image kcs-updates inside the corporate network.
  • The Update server providing threat database updates is deployed as a separate component in the corporate network.

A private corporate network also allows for deployment with a proxy server.

We do not recommend deploying the solution with a clustered infrastructure configuration in which network interaction between host servers (nodes) is conducted in the public Internet. If this configuration is used, network interaction in the cluster may be exposed to critical network security risks.