Fortinet black logo

Online Help

Kubernetes Agent

Copy Link
Copy Doc ID e0288d11-27c1-11ec-8c53-00505692583a:643163

Kubernetes Agent

Kubernetes Agent is a complex set of controller and scanner pods that provides Container Protection the capability to detect vulnerability and conduct compliance policy scan on Kubernetes clusters.

The following are components of Kubernetes agent: fcs-controller, fcs-worker, fcs-data-collector, and fcs-scanner

fcs-controller

fcs-controller pods manage and control all other parts of the Kubernetes agent installed in Kubernetes cluster.

For example: The controller receives the status of all fcs-worker and fcs-scanner pods and communicates overall status with the FortiCWP web host.

fcs-worker

fcs-worker pods are deployed on each virtual machine of the Kubernetes cluster. The primary function of worker pod is conducting compliance policy scan.

fcs-data-collector

fcs-data-collector pod collects traffic data between internal nodes and external sources.

fcs-scanner

fcs-scanner pods are dedicated to conduct container image scan including Jenkins container images and container registry images.

FortiCWP Kubernetes agent scanner pods will be deployed on the Kubernetes cluster nodes but not the master node, and the scanner pods are replicas of each others.

Number of scanner replica: 1.

Each replica will have 3 applications.

Example:

If the number of worker nodes is only 1, then the scanner will be deployed on to the one and only worker node.

System Requirement

Maximum CPU Consumption of Kuberentes Agent:

Pod Type Number of Applications Maximum CPU Consumption
Scanner 3 100m CPU on each application, 300m CPU in total
Worker 1 100m CPU
Controller 1 100m CPU (Only 1 controller within a Kubernetes cluster)

Note: 1000m equals to 1 CPU, the unit suffix m stands for thousandth of a core.

The maximum cpu resource requires by Container Protection processes would be 500/1000 of a core (50%).

Recommended Kubernetes Cluster Configuration

Container Protection recommends the following configurations on the virtual machines before installing Kubernetes Agent

Virtual Machine Server vCPU RAM Disk
Recommended Configuration 4 12 GB 50 GB

Kubernetes Agent

Kubernetes Agent is a complex set of controller and scanner pods that provides Container Protection the capability to detect vulnerability and conduct compliance policy scan on Kubernetes clusters.

The following are components of Kubernetes agent: fcs-controller, fcs-worker, fcs-data-collector, and fcs-scanner

fcs-controller

fcs-controller pods manage and control all other parts of the Kubernetes agent installed in Kubernetes cluster.

For example: The controller receives the status of all fcs-worker and fcs-scanner pods and communicates overall status with the FortiCWP web host.

fcs-worker

fcs-worker pods are deployed on each virtual machine of the Kubernetes cluster. The primary function of worker pod is conducting compliance policy scan.

fcs-data-collector

fcs-data-collector pod collects traffic data between internal nodes and external sources.

fcs-scanner

fcs-scanner pods are dedicated to conduct container image scan including Jenkins container images and container registry images.

FortiCWP Kubernetes agent scanner pods will be deployed on the Kubernetes cluster nodes but not the master node, and the scanner pods are replicas of each others.

Number of scanner replica: 1.

Each replica will have 3 applications.

Example:

If the number of worker nodes is only 1, then the scanner will be deployed on to the one and only worker node.

System Requirement

Maximum CPU Consumption of Kuberentes Agent:

Pod Type Number of Applications Maximum CPU Consumption
Scanner 3 100m CPU on each application, 300m CPU in total
Worker 1 100m CPU
Controller 1 100m CPU (Only 1 controller within a Kubernetes cluster)

Note: 1000m equals to 1 CPU, the unit suffix m stands for thousandth of a core.

The maximum cpu resource requires by Container Protection processes would be 500/1000 of a core (50%).

Recommended Kubernetes Cluster Configuration

Container Protection recommends the following configurations on the virtual machines before installing Kubernetes Agent

Virtual Machine Server vCPU RAM Disk
Recommended Configuration 4 12 GB 50 GB