Installation of Kubescape in cluster

Prerequisites

  • Make sure you have a Kubescape Cloud account - if not, sign-up here
  • You need to have installation access to your cluster (you should be able to create Deployments, CronJobs, ConfigMaps, and Secrets)
  • You must have Kubectl and Helm

Cluster requirements

The Kubescape operator components require a minimum 400Mib RAM and 400m CPU

Scanning a cluster

  1. Navigate to Kubescape Cloud Platform
  2. Click on "+ Add Cluster"
  3. Copy the script in the dialog below and run it in your cloud shell or terminal and then click "I ran the script".

  1. Wait for the cluster connection to complete...
  2. When the cluster connection is completed successfully, it immediately scans the cluster
  3. When the scan is completed successfully, it shows the following dialog, and you can now view and fix your resources for that cluster.

Post-install validation

Please check after installation that all components are running correctly

% kubectl -n kubescape get deployments,statefulsets
NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/gateway     1/1     1            1           48s
deployment.apps/kubescape   1/1     1            1           48s
deployment.apps/kubevuln    1/1     1            1           48s
deployment.apps/operator    1/1     1            1           48s

NAME                         READY   AGE
statefulset.apps/kollector   1/1     48s

The armo-system namespace is deprecated. You must delete it manually if it is running in your cluster

Prometheus Exporter

Read more about the integration with Prometheus

Adjusting Resource Usage for Your Cluster

By default, Kubescape is configured for small- to medium-sized clusters.
If you have a larger cluster and you experience slowdowns or see Kubernetes evicting components, please revise the number of resources allocated for the troubled component.

Taking Kubescape for example, we found that our defaults of 500 MiB of memory and 500m CPU work well for clusters up to 1250 total resources.
If you have more total resources or experience resource pressure already, first check out how many resources are in your cluster by running the following command:

kubectl get all -A --no-headers | wc -l

The command should print an approximate count of resources in your cluster.
Then, based on the number you see, allocate 100 MiB of memory for every 200 resources in your cluster over the count of 1250, but no less than 128 MiB total.
The formula for memory is as follows:

MemoryLimit := max(128, 0.4 * YOUR_AMOUNT_OF_RESOURCES)

For example, if your cluster has 500 resources, a sensible memory limit would be:

kubescape:
  resources:
    limits:
      memory: 200Mi  # max(128, 0.4 * 500) == 200

If your cluster has 50 resources, we still recommend allocating at least 128 MiB of memory.

When it comes to CPU, the more you allocate, the faster Kubescape will scan your cluster.
This is especially true for clusters that have a large number of resources.
However, we recommend that you give Kubescape no less than 500m CPU no matter the size of your cluster so it can scan a relatively large amount of resources fast ;)

Supported Helm values

https://github.com/kubescape/helm-charts/tree/main/charts/kubescape-operator#chart-support