Kaspersky Container Security

Hardware and software requirements

To install and operate Kaspersky Container Security, the following infrastructure requirements must be met:

• One of the following orchestration platforms:
  • Kubernetes (version 1.22 or later)
  • OpenShift 4.11 or later
• Availability of a CI system to scan container images within the development process (for example, GitLab CI).
• Installed package manager Helm v3.8.0 or later.

To implement runtime monitoring with container runtime profiles, orchestrator nodes must meet the following requirements:

• Linux kernel 4.19 or later.
• Container runtimes: containerd, CRI-O.
• Container Network Interface (CNI) plug-ins: Flannel, Calico, Cilium.
• Kernel headers on the host node:
  • For deb systems, the kernel-headers package must be installed.
  • For rpm systems, the kernel-devel package must be installed.

When using external database management systems, Kaspersky Container Security supports the following DBMS:

PostgreSQL, versions 11. *, 13. *, 14. *

Kaspersky Container Security supports integration with the following image registries:

• GitLab 14.2 or later
• Docker Hub V2 API or later
• JFrog Artifactory 7.55 or later
• Sonatype Nexus Repository OSS 3.43 or later
• Harbor 2.х.

Image requirements (OS, version, scanned packages):

• Alpine Linux, versions 2.2—2.7, 3.0—3.18, Edge. Packages installed via apk are scanned.
• Red Hat Universal Base Image, versions 7, 8, 9. Packages installed via yum/rpm are scanned.
• Red Hat Enterprise Linux, versions 6, 7, 8. Packages installed via yum/rpm are being scanned.
• CentOS, versions 6, 7, 8. Packages installed via yum/rpm are being scanned.
• AlmaLinux, versions 8, 9. Packages installed via yum/rpm are being scanned.
• Rocky Linux, versions 8, 9. Packages installed via yum/rpm are being scanned.
• Oracle Linux, versions 5, 6, 7, 8. Packages installed via yum/rpm are being scanned.
• CBL-Mariner, versions 1.0, 2.0. Packages installed via yum/rpm are being scanned.
• Amazon Linux, versions 1, 2, 2023. Packages installed via yum/rpm are being scanned.
• openSUSE Leap, versions 42, 15. Packages installed via zypper/rpm are scanned.
• SUSE Enterprise Linux, versions 11, 12, 15. Packages installed via zypper/rpm are being scanned.
• Photon OS, versions 1.0, 2.0, 3.0, 4.0. Packages installed via tdnf/yum/rpm are scanned.
• Debian GNU/Linux, versions 7, 8, 9, 10, 11, 12. Packages installed via apt/apt-get/dpkg are scanned.
• Ubuntu, all versions supported by Canonical. Packages installed via apt/apt-get/dpkg are being scanned.
• Distroless, all versions. Packages installed via apt/apt-get/dpkg are being scanned.
• RedOS, versions 7.1, 7.2, 7.3.x. Packages installed via yum/rpm are scanned.
• Astra, versions ce 2.12.x., se 1.7.x. Packages installed via apt/apt-get/dpkg are scanned.

When configuring Kaspersky Container Security with three scanner pods (kcs-ih) and a maximum image scan size of 10 GB, the cluster must meet the following requirements:

• At least 7 node processors
• 15 GB of RAM node capacity
• 40 GB of free disk space on a node hard drive
• At least 1 Gbps of communication channel bandwidth between cluster components

The above requirements apply to Kaspersky Container Security deployment only; they do not take into account other loads on the client's resources.

Kaspersky Container Security user workstation requirements:

• Permanent Internet connection when deployed in a public corporate network.
• Access to the Management Console page of Kaspersky Container Security (address within customer's corporate network, specified during installation).
• Communication channels with at least 10 Mbit/s bandwidth.
• One of the following browsers:
  • Google Chrome version 73 or later.
  • Microsoft Edge version 79 or later.
  • Mozilla Firefox version 63 or later.
  • Apple Safari version 12.1 or later.
  • Opera version 60 or later.