Preparing to install the solution

Support

Support for business applications

Kaspersky Container Security

3 July 2024

ID 276495

Prior to installing Kaspersky Container Security, you must install all certificates required for the corporate network and configure the proxy servers.

The solution can be deployed in a private or public corporate network.

Before installing Kaspersky Container Security, make sure that you have the following components and accesses:

Virtual or physical machine with access to the Internet and the cluster.
Helm package manager for packaging, configuring, and deploying applications and services in clusters.
Kaspersky Container Security supports Helm v3.8.0 or later.
Internet access to download Helm Chart packages.
Orchestrator management tool, for example, kubectl for Kubernetes or oc for Openshift.
Access to a cluster using the kubeconfig file.
To install the solution in a private corporate network, configure a repository for container images. This repository accesses the Kaspersky Container Security vendor repository with the credentials provided by the solution vendor.

To prepare to install the solution in a private corporate network:

Connect the vendor's Helm repository containing the Helm Chart package.
export CHART_URL="xxxxxx"
export CHART_USERNAME="xxxxxx"
export CHART_PASSWORD="xxxxxx"
export VERSION="xxxxxx"

The CHART_URL, CHART_USERNAME, CHART_PASSWORD, and VERSION values are provided by the vendor.

Example connection of a repository with Helm Chart

helm registry login \

--username $CHART_USERNAME \

--password $CHART_PASSWORD

$CHART_URL

helm pull oci://$CHART_URL/charts/kcs --version $VERSION

tar xvf kcs-$VERSION.tgz
Fill in the file with the installation settings (values.yaml) included in the solution distribution kit according to the comments in the file.
We do not recommend specifying account data in the values.yaml file to be used when launching the Helm Chart package.

The following main installation settings must be specified in the values.yaml file:
- Namespace name.
  helm upgrade --install kcs . \
  
  --create-namespace \
  
  --namespace kcs \
  
  --values values.yaml \
- The domain name of Kaspersky Container Security for Inbound connections.
  --set default.domain="kcs.example.domain.ru" \
  
  When network policies are enabled, you must specify at least one namespace for the cluster ingress controller.
  
  --set default.networkPolicies.ingressControllerNamespaces="{ingress-nginx}" \
  
  By default, network policies are enabled.
- Secrets of the solution components .
  --set secret.infracreds.envs.POSTGRES_USER="user" \
  
  --set secret.infracreds.envs.POSTGRES_PASSWORD="pass" \
  
  --set secret.infracreds.envs.MINIO_ROOT_USER="user" \
  
  --set secret.infracreds.envs.MINIO_ROOT_PASSWORD="pass" \
  
  --set secret.infracreds.envs.CLICKHOUSE_ADMIN_PASSWORD="pass" \
  
  --set secret.infracreds.envs.NATS_USER="user" \
  
  --set secret.infracreds.envs.NATS_PASSWORD="pass" \
- Secrets related to access to the solution installation repository.
  --set pullSecret.kcs-pullsecret.username="user" \
  
  --set pullSecret.kcs-pullsecret.password="pass"
We recommend not to change the composition of the basic installation settings.
Save the file with the installation settings and proceed to install the solution.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.