Views:

Enable Runtime Security, Runtime Vulnerability Scanning, and Runtime Malware Scanning on Kubernetes clusters.

The following table details the runtime security and scanning features available for Kubernetes clusters.
Feature
Description
Runtime Security
Provides visibility into any activity of your running containers that violates a customizable set of rules.
Runtime Vulnerability Scanning
Provides visibility of operating system and open source code vulnerabilities that are part of containers running in clusters.
Important
Important
  • Runtime Vulnerability Scanning supports clusters with pure ARM64 CPU nodes or pure x86_64 CPU nodes. Mixed CPU modes is not supported.
  • A vulnerability scan occurs for each newly-deployed image, and then is rescanned every 24 hours.
  • Cluster worker nodes require at least 2 vCPU and 8 GiB Memory. For more details on the specifications and default limits for these components, you can check the resources section in the helm chart.
Runtime Malware Scanning
Provides detection of malware in your running containers, enabling you to identify and respond to malware threats introduced after deployment.

Procedure

  1. To enable runtime security and scanning features, add the following parameters to your overrides YAML file (usually named 'overrides.yaml').
    • runtimeSecurity: enabled: true
    • vulnerabilityScanning: enabled: true
    • malwareScanning: enabled: true
    Example:
    cloudOne:
        apiKey: <API_KEY>
        endpoint: <ENDPOINT>
        runtimeSecurity:
            enabled: true
        vulnerabilityScanning:
            enabled: true
        malwareScanning:
            enabled: true
       
  2. Upgrade Container Security using the following command.
    helm upgrade \
        trendmicro \
        --namespace trendmicro-system --create-namespace \
        --values overrides.yaml \
        https://github.com/trendmicro/cloudone-container-security-helm/archive/master.tar.gz