In version 2.0, Kaspersky Container Security can proxy requests from private corporate networks to the external environment. The settings for connection through a proxy server are configured using the following environment variables in the Helm Chart package, which is included in the solution distribution kit:
HTTP_PROXY
– proxy server for HTTP requests.HTTPS_PROXY
– proxy server for HTTPS requests.NO_PROXY
– a variable that specifies domains or domain masks to be excluded from proxying.
If HTTP_PROXY
or HTTPS_PROXY is used,
the NO_PROXY
variable is automatically generated in the Helm Chart package, and all the components used by Kaspersky Container Security are indicated in this variable.
You can change the NO_PROXY
variable if you need to specify domains and masks for operation of Kaspersky Container Security in order to exclude them from proxying.
SCANNER_PROXY
– a specialized variable that specifies which proxy server receives requests from the scanner of the File Threat Protection component. These requests are used by Kaspersky servers to update databases.LICENSE_PROXY
– a specialized variable that specifies the proxy server through which kcs-licenses module sends requests to Kaspersky servers to check and update information about the current license.Kaspersky Container Security accesses the Kaspersky servers to get information about the license as well as updates for the anti-malware databases and vulnerability databases.
The Kaspersky registry can also be used to download images of the solution during its deployment and update, if you are not using a private registry or a proxy registry.
In the proxy server configuration, you must add masks for domain names of Kaspersky servers to the list of allowed ones. The following are the supported mask options: * .kaspersky.com
, .kaspersky.com
, * .kaspersky-labs.com
, and .kaspersky-labs.com
(the syntax that your proxy server supports is specified in the proxy server documentation). To access resources, you must open ports 80 and 443.
You can specify the port in the proxy server parameters using IP address or FQDN.
Special characters must be escaped.
The table below lists the Kaspersky Container Security components that can use environment variables, and also indicates the purpose of these environment variables.
Environment variables used by Kaspersky Container Security components
Component |
Environment variable |
Purpose |
---|---|---|
kcs-ih |
|
Getting access to external image registries that are not available from the Kaspersky Container Security namespace. |
kcs-ih |
|
Update of the databases of the File Threat Protection scanner using Kaspersky update servers. |
kcs-middleware |
|
Getting access to external image registries that are not available from the Kaspersky namespace. |
kcs-scanner |
|
Update of the vulnerability scanner databases using Kaspersky update servers. |
kcs-licenses |
|
Check and update of information about the current license using Kaspersky license servers. |
You can configure the operation of agents using a proxy server, and the proxy server will pass requests to the Kaspersky Container Security installation address.
To configure the operation of agents using a proxy server:
kubectl apply -f <
file
> -n <
namespace
>
command.HTTP_PROXY, HTTPS_PROXY
, or NO_PROXY
environment variables in the Deployment and DaemonSet objects of the agents.