Assign a specific amount of CPU and memory resources to an Aqua Scanner in your environment to avoid the component from over consuming resources when under loaded. Implement Kubernetes limit ranges in the Aqua Scanner manifest.
Step 1: Prerequisites
Ensure that you have already created a user with a scanner role and you have defined your Aqua Scanner manifest to utilize the scanner username and password.
Step 2: Modify the Aqua Scanner manifest to use Limit Ranges
Use the sizing guide for a medium sized environment (250 hosts) for Aqua CSP 4.5 as a reference and the Aqua Scanner deployment example manifest, and implement the following limit ranges as demonstrated below:
Here is a complete example of the modified Aqua Scanner manifest:
- name: aqua-scanner
- mountPath: /var/run/docker.sock
- containerPort: 8080
- name: docker-socket-mount
Step 3: Deploy the modified Aqua Scanner manifest
Once you are satisfied with the changes, deploy the Aqua Scanner manifest:
kubectl create -f aqua-scanner-with-limit-ranges.yaml
Did you find it helpful?Send feedback