To implement runtime monitoring using Container Runtime Profiles, Kaspersky Container Security automatically detects the runtime environment on the worker nodes of containers. The runtime configuration on the node is determined using a Kubernetes API request.
To determine the runtime configuration on a node, you must specify the container runtime socket in the object annotation in your infrastructure. This socket is specified in the following field: kubeadm.alpha.kubernetes.io/cri-socket.
The kubeadm.alpha.kubernetes.io/cri-socket field is available by default. This field can be missing if the user has deliberately deleted it. In this case, you need to specify the values of the following node-agent environment variables for the runtime environment that you are using:
CRIO_SOCKET_PATH
CRIO_CONFIG_PATH
CONTAINERD_SOCKET_PATH
CONTAINERD_CONFIG_PATH
CRI_DOCKERD_SOCKET_PATH
Page top