Views:
The Runtime Malware Scanning feature allows you to customize settings based on the cluster's purpose and configuration. The default CPU utilization for the scanner is limited to 100m - 1000m (0.1 - 1 CPU core) with auto-scaling disabled.
Recommended settings:
  • For single-node clusters, keep auto-scaling disabled and increase the CPU limit to multi-core to optimize performance.
    malwareScanner:
  requests:
    cpu: 1000m
    memory: 512Mi
  limits:
    cpu: 2000m
    memory: 1024Mi
  • For multi-node clusters, enabling auto-scaling and increase the number of concurrent jobs to optimize performance.
    malwareScanning:
    scanner:
        autoscaling:
            enabled: true
            minReplicas: 1
            maxReplicas: 5 # depends on the number compute nodes in cluster
            targetCPUUtilization: 800
scanManager:
    maxJobCount: 5 # concurrent jobs
  • For scanning large compressed files or images, extend the default timeout to ensure all files are scanned.
    malwareScanning:
    enabled: true
    scanTimeoutSeconds: 300 # for single-file scanning within images
scanManager:
    activeDeadlineSeconds: 3600 # for single-image scanning
  • To support daily scanning, enable auto-scaling and increase the concurrent job number. (Based on our testing, scanning a Linux-based image with auto-scaling disabled requires around 5 minutes.)
    The following example is optimal for scanning 1000 Linux-based images on a daily basis. 
    malwareScanning:
    scanner:
        autoscaling:
            enabled: true
            minReplicas: 1
            maxReplicas: 4
            targetCPUUtilization: 800
scanManager:
    maxJobCount: 4 # concurrent jobs