Environment 


Deployment Task 

Assign a specific amount of CPU and memory resources to an Aqua Scanner in your environment to avoid the component from over consuming resources when under loaded. Implement Kubernetes limit ranges in the Aqua Scanner manifest.


Deployment Steps
Step 1: Prerequisites 


Ensure that you have already created a user with a scanner role and you have defined your Aqua Scanner manifest to utilize the scanner username and password.


Step 2: Modify the Aqua Scanner manifest to use Limit Ranges 


Use the sizing guide for a medium sized environment (250 hosts) for Aqua CSP 4.5 as a reference and the Aqua Scanner deployment example manifestand implement the following limit ranges as demonstrated below:

        resources:

          requests:

            memory: "2Gi"

            cpu: "500m"

          limits:

            memory: "6gi"

            cpu: "800m"

Here is a complete example of the modified Aqua Scanner manifest:

apiVersion: apps/v1

kind: Deployment

metadata:

  name: aqua-scanner

  namespace: aqua-security

spec:

  selector:

    matchLabels:

      app: aqua-scanner

  template:

    metadata:

      labels:

        app: aqua-scanner

      name: aqua-scanner

    spec:

      serviceAccount: aqua

      containers:

      - name: aqua-scanner

        image: registry.aquasec.com/scanner:4.5

        resources:

          requests:

            memory: "2Gi"

            cpu: "500m"

          limits:

            memory: "6gi"

            cpu: "800m"

        args: ["daemon",

        "--user", "<SCANNER_USER>", 

        "--password", "<SCANNER_PASSWORD>", 

        "--host", "http://aqua-web:8080"]

        volumeMounts:

          - mountPath: /var/run/docker.sock

            name: docker-socket-mount

        ports:

        - containerPort: 8080

      volumes:

        - name: docker-socket-mount

          hostPath:

            path: /var/run/docker.sock


Step 3: Deploy the modified Aqua Scanner manifest

Once you are satisfied with the changes, deploy the Aqua Scanner manifest:

kubectl create -f aqua-scanner-with-limit-ranges.yaml


Related Information