Kubernetes Agent and System Requirement
Kubernetes Agent is a complex set of controller and scanner pods that provides Container Protection the capability to detect vulnerability and conduct compliance policy scan on Kubernetes clusters.
The following are components of Kubernetes agent: fcs-controller, fcs-worker, and fcs-scanner.
fcs-controller
fcs-controller
pods manage and control all other parts of the Kubernetes agent installed in Kubernetes cluster.
For example: The controller receives the status of all fcs-worker and fcs-scanner pods and communicates overall status with the FortiCWP web host.
fcs-worker
fcs-worker
pods are deployed on each virtual machine of the Kubernetes cluster. The primary function of worker pod is conducting compliance policy scan.
fcs-scanner
fcs-scanner
pods are dedicated to conduct container image scan including Jenkins container images and container registry images.
FortiCWP Kubernetes agent scanner pods will be deployed on the Kubernetes cluster nodes but not the master node, and the scanner pods are replicas of each others.
The total number of scanner replicas will be the number of worker nodes -1.
Each replica will have 3 applications.
Example:
If the number of worker nodes is only 1, then the scanner will be deployed on to the one and only worker node.
Maximum CPU Consumption of Kuberentes Agent:
Pod Type | Number of Applications | Maximum CPU Consumption |
---|---|---|
Scanner | 3 | 100m CPU on each application, 300m CPU in total |
Worker | 1 | 100m CPU |
Controller | 1 | 100m CPU (Only 1 controller within a Kubernetes cluster) |
Note: 1000m equals to 1 CPU, the unit suffix m stands for thousandth of a core.
The maximum cpu resource requires by Container Protection processes would be 500/1000 of a core (50%).
Recommended Kubernetes Cluster Configuration
Container Protection recommends the following configurations on the virtual machines before installing Kubernetes Agent
Virtual Machine Server | vCPU | RAM | Disk |
---|---|---|---|
Recommended Configuration | 4 | 12 GB | 50 GB |