Install
Scan is decoupled into two services
- scan-engine: threat detection
- scan-pipeline: data ingestion
The scan-pipeline component requires eds, kflow and the scan-engine helm charts to be deployed.
Prerequisites
The complete list of dependencies for Scan to work is as follows:
- keycloak (oss:deployed)
- natsjetstream (oss:deployed)
- postgresql (oss:deployed)
- kflow (kosmos:deployed)
- vstore (kosmos:deployed)
- eds (kosmos:deployed)
- collab (kosmos:deployed)
Deploying using Helmfile​
cd helmfile
helmfile sync -f helmfile.yaml
Deploying using Helm​
Namespace creation with PSP privileged​
remarque
Due to the nature on how antivirus are designed, extended privilegedes are required for them to work properly.
kubectl apply -f- <<EOF
apiVersion: v1
kind: Namespace
metadata:
name: kosmos-scan
labels:
pod-security.kubernetes.io/enforce: privileged
EOF
Core with ESET/ClamAV as backend​
helm install scan-engine ../scan/helm_charts/scan-engine -n kosmos-scan
Scan Pipeline​
helm install scan-pipeline ../scan/helm_charts/scan-pipeline -n kosmos-data