Install the Kubescape Operator in your Kubernetes cluster
Kubescape can run as a set of microservices inside a Kubernetes cluster. This allows you to continually monitor the status of a cluster, including for compliance and vulnerability management, and to export this data to an external provider.
The Kubescape Operator is installed using Helm.
Installing the Kubescape Operator
If you have not already, you should install Helm.
To install the Kubescape Operator:
Upgrading to a new release
To upgrade to the most recent version of the Kubescape Operator:
You can find the current version of the Helm chart installed in your cluster by running
helm list -n kubescape.
To manually check if a newer version is available, visit the GitHub page for the Helm chart, or run
Configuring your installation
The Helm charts for the Kubescape Operator support coarse and fine grained control of configuration of many
High-level capabilities of the Kubescape Operator can be configured using the
You can configure these by using
--set when installing the chart, or by specifying your own values file with the
-f flag. Read the Helm documentation to learn more.
See the GitHub repository for the Kubescape operator to learn the full set of configuration parameters.
By default, Kubescape supports small- to medium-sized clusters. If you have a larger cluster and you experience slowdowns, or see Kubernetes evicting components, revise the number of resources allocated for the troubled component.
The defaults of 500 MiB of memory and 500m CPU work well for clusters up to 1250 total resources when running Kubescape.
If you have more total resources or experience resource pressure, verify how many resources are in your cluster by running the following command:
The command prints an approximate count of resources in your cluster.
Then based on the number you see, allocate 100 MiB of memory for every 200 resources in your cluster over the count of 1250, but no less than 128 MiB total.
The formula for memory is as follows:
For example, if your cluster has 500 resources, a sensible memory limit would be:
If your cluster has 50 resources, we recommend allocating at least 128 MiB of memory.
For the CPU, the more you allocate, the faster your clusters are scanned. This is especially true for clusters that have a large number of resources.
However, we recommend that you give Kubescape no less than 500m CPU no matter the size of your cluster so it can scan a relatively large amount of resources fast.