Installing the solution from Yandex Cloud

To install Kaspersky Container Security from the Yandex Cloud platform:

1. In the Cluster → Marketplace in Yandex Cloud select the cluster, in which you want to install Kaspersky Container Security.
2. In the opened Install Kaspersky Container Security for Managed Kubernetes window configure the following parameters:
   1. In the Namespace drop-down list, select the namespace in which you want to install the solution.

      You can also create a namespace for Kaspersky Container Security by clicking the Create button.

   2. In the Application name field specify the name of the solution you install (for example, KCS).
   3. In the Node service account drop-down list, select the select the service account for the cluster worker nodes in which you want to install the solution.

      You can also create a node service account by clicking the Create button.

   4. In the Authorized service account key specify the key for the selected node service account.

      In the management console of Yandex Cloud, you must select of create a service account and give it the following role: license-manager.user.

      You can also create an authorized service account key.

      To create an authorized service account key in Yandex Cloud:

      1. Click the Create button near the Authorized service account key field.
      2. In the window that opens, specify the following settings:
         • In the Service account drop-down list, select a service account for which you want to create an authorized key.
         • Select the Encryption algorithm: RSA_2048 or RSA_4096.
         • In the Description field enter the description of the created authorized key.
      3. Click the Create button.
   5. In the Domain name field specify the default domain name for all ingress connections and Kaspersky Container Security variables.
   6. If necessary, select the Enable network policies creation check box to create network policies for the solution services in the Kaspersky Container Security namespace.
   7. In the IngressController enter the name of the ingress controller namespace for the applicable security policies. If network policies are not enabled, this parameter is not used.
   8. In the Replica count for Image Handler specify the number of scanner replicas required by the Image Handler. The number of scanner replicas can be increased to speed up image scanning.
   9. In the Replica count for Agent Broker specify the number of scanner replicas required by the Agent Broker component to ensure connection between the agents in the solution. The number of replicas can be increased depending on the number of agents installed. To calculate the required number of replicas, a ratio of 1:2000 is used (one replica per 2000 agents).
   10. In the Ingress traffic type specify the type of traffic for ingress connections: http or https.
   11. In the TLSsecret field enter the name of the secret with TLS-certificates for ingress connections in the KCS namespace.

       If you specified http as the ingress traffic type, this setting is not used.

   12. In the Ingress object class field specify the class of the Ingress object, is it is not defined in the cluster by default. If the parameter value is set by default in the cluster, the Ingress object class value can be omitted.
   13. Specify the size of StorageClass storage resourses for the following parameters:
       • PVC for PostgreSQL
       • StorageClass for PVC PostgreSQL
       • PVS for s3
       • StorageClass for PVC s3
       • PVC for cold ClickHouse storage. Data volume for PVC on the cold storage disk in GB.
       • StorageClass for cold ClickHouse storage

         If necessary, select the Run kcs-clickhouse with one PV check box to run the ClickHouse DBMS component (kcs-clickhouse) with one PV in the ClickHouse cold storage (pvc-clickhouse-cold).

         You can use the slow StorageClass for cold storage for input-output operations.

       • PVC for hot ClickHouse storage
       • StorageClass for hot ClickHouse storage.

       If the parameter value is set by default in the cluster, the StorageClass value can be omitted.

   14. If necessary, select the TLS communication check box to enable using inter-service communication with TLS. When this option is applied, all certificates are generated automatically.
   15. In the PostgreSQL mode drop-down list select the sslmode value for connection to PostgreSQL DBMS.
   16. If necessary, select the Java scanning check box to enable scanning of Java packages in images in registries.
   17. Specify the user name values and passwords for the following parameters:
       • PostgreSQL user name
       • PostgreSQL password
       • MiniO user name
       • MiniO password
       • ClickHouse password
       • Memcached user name
       • Memcached password
3. In the Pricing method section select the required subscription from the list of available subscriptions.
4. Click Install.

   Yandex Cloud will start installing Kaspersky Container Security. You can monitor the installation progress on the opened Managed Service for Kubernetes page or in your cluster.

Once the installation is complete, you can open the solution by specifying the default domain name.

The license key for the number of nodes you selected in your subscription is activated in Kaspersky Container Security automatically.

After Kaspersky Container Security is installed, you must create and connect an agent group. When you create the agent group in Components → Agents, you must specify the following value in the Registry section: cr.yandex/crpvjcbp33sv306e86s0/kaspersky/kcs.
User name and password are optional.

Page top