CWPP Pre-requisites¶
In the SaaS deployment model, AccuKnox CNAPP is hosted in the AccuKnox cloud environment and agents deployed on your workloads connect back to the SaaS platform.
AccuKnox Agents¶
| Deployments | Deployment Type |
|---|---|
| KubeArmor | DaemonSet |
| Shared Informer Agent | Deployment |
| Feeder Service | Deployment |
| Policy Enforcement | Deployment |
| Discovery Engine Agent | Deployment |
-
It is assumed that you have basic familiarity with Kubernetes, kubectl, and Helm. If you are new to AccuKnox, refer first to the open-source installation guide.
-
It is recommended to have the following configured before onboarding:
Pre-requisites¶
Minimum Resource required¶
| Deployments | Resource Usage | Ports | Connection Type | AccuKnox Endpoint |
|---|---|---|---|---|
| KubeArmor | CPU: 200 m, Memory: 200 Mi | - | - | - |
| Agents Operator | CPU: 50 m, Memory: 50 Mi | 8081, 9090 | Outbound | *.accuknox.com:8081 → SPIRE Access *.accuknox.com:9090 → SPIRE Health Check |
| Discovery Engine | CPU: 200 m, Memory: 200 Mi | - | - | - |
| Shared Informer Agent | CPU: 20 m, Memory: 50 Mi | 3000 | Outbound | *.accuknox.com:3000 → knox-gateway |
| Feeder Service | CPU: 50 m, Memory: 100 Mi | 3000 | Outbound | *.accuknox.com:3000 → knox-gateway |
| Policy Enforcement | CPU: 10 m, Memory: 20 Mi | 443 | Outbound | *.accuknox.com:443 → Policy Provider Service |
- These ports need to be allowed through firewall.