Running the scanner as a Job in a Kubernetes cluster

To run the scanner in lite SBOM mode as a Job in a Kubernetes cluster:

1. Make sure that the node running the commands contains kubectl and configuration file for the corresponding Kubernetes cluster and that they are accessible to the user who runs the commands.
2. Make sure that a secret exists in the corresponding namespace to authenticate and download the scanner image from the registry you are interested in.

   You can create such a secret yourself, for example, using the following command:

   kubectl create secret docker-registry <secret name> --docker-server=<FQDN of the repository> --docker-username=username --docker-password=password

3. Specify the values of the mandatory and, if necessary, additional parameters for the scanner to operate as a task in the Kubernetes cluster.

   The parameters are specified in the file for running the scanner in the .YAML format as follows:

   apiVersion: batch/v1

   kind: Job

   metadata:

   name: my-lite-job

   spec:

   template:

   spec:

   containers:

   - name: my-lite-container

   image: repo.company.com/images/scanner:v2.1.0-lite

   command: ["/bin/sh"]

   args: ["entrypoint.sh", "alpine:latest"]

   env:

   - name: COMPANY_EXT_REGISTRY_USERNAME

   value: <user for authentication in the image registry that contains the image to be scanned>

   - name: COMPANY_EXT_REGISTRY_PASSWORD

   value: <password for authentication in the image registry with the image to be scanned>

   - name: API_BASE_URL

   value: https://kcs.company.local

   - name: API_TOKEN

   value: <token for authentication in the API of Kaspersky Container Security>

   - name: SKIP_API_SERVER_VALIDATION

   value: 'true'

   imagePullPolicy: Always

   restartPolicy: Never

   imagePullSecrets:

   - name: <name of the secret for authentication and pulling the scanner image>

   backoffLimit: 0

4. Start scanning in the Kubernetes cluster:

   kubectl apply -f my-lite-job.yaml

Page top