Scaling the number of scanning pods

Kaspersky Container Security supports scaling for the number of scanning pods to ensure that the incoming image volume can be scanned. You can scale the number of scanning pods up or down at any time while the solution is operating.

To change the number of the scanning pods,

do one of the following:

• Change the values.yaml configuration file as follows:
  • Specify the required number of the replicaCount objects, for example:

    kcs-ih:

    replicaCount: 4

  • Run the helm upgrade command:

    helm upgrade kcs . --namespace kcs-namespace --values values.yaml

• Change the number of the scanning pods by running the kubectl scale command:

  kubectl scale deployment/kcs-ih -n kcs --replicas=N

  If you fail to specify the number of the replicaCount objects in the values.yaml configuration file, the set parameter will be redefined later by using Helm Chart.

When a scanning pod is added, the system resources increase as follows:

• The number of node processors—by 2.
• The amount of RAM on the nodes—by 2 GB.
• The amount of free disk space on a node hard drive—by 12 GB.

If you need to scan images larger than 10 GB, you must change the resource limits for kcs-ih pods as follows for each additional 1 GB:

• Increase the RAM limit, which is calculated using the following formula:

  memory = 8 GB + (scanImage - 10) * 0.3 GB, where

  memory is the amount of RAM.

  scanImage is the maximum size of the scanned image.

• Increase the limit of temporary data storage in GB, which is calculated using the following formula:

  ephemeral storage = scanImage * 2.5, where

  ephemeral storage is the size of the temporary data storage.

  scanImage is the maximum size of a scanned image.

If the images are not scanned for configuration file errors during standard operation mode, it is not necessary to increase the RAM of the scanning pods.

To process the results of scanning many large objects faster, you can allocate more resources to the job handler service by updating variables in the Helm package.

To add more scan job handling resources:

1. Open the Helm package and specify the required number of handlers for the kcs-middleware parameter in the scanWorkers variable in the default section.
2. In the requests and limits variables, specify the size of RAM as determined according to the following formula:

   memory = X * scanWorkers / 2, where

   memory is the size of RAM allocated to the image handler service.

   X is the original value of the variable that denotes the size of RAM.

   scanWorkers is the number of handlers specified in step 1.

   The result of scanWorkers/2 can't be zero.

3. In the requests and limits variables, specify the CPU resources as calculated according to the following formula:

   cpu = X*scanWorkers, where

   cpu is the CPU resources allocated to the image handler service.

   X is the original value of the variable that denotes the CPU resources.

   scanWorkers is the number of handlers specified in step 1.

The table below provides an example of increasing resource allocation for processing scan jobs.

Adding more scan job handling resources

Initial value	Increased value
default: # kcs-middleware: #scanWorkers: 1 ## Default values for 'resources' # resources: # requests: # memory: "2Gi" # cpu: "400m" # limits: # memory: "4Gi" # cpu: "800m"	default: kcs-middleware: scanWorkers: 4 ## Default values for 'resources' resources: requests: memory: "4Gi" cpu: "1600m" limits: memory: "8Gi" cpu: "3200m"

Page top