/
K3s and Antivirus

K3s and Antivirus

Owned by Space Sync for Confluence
Last updated: Nov 19, 2024
1 min read

Antivirus software adds an unknown variable to the existing complexity of Kubernetes. Most of them have not yet kept up with newer technologies such as Kubernetes and have not reached a CNCF certified status. In environments where antivirus software had been enabled, there has seen issues stemming from interfering actions from such software. As an example, there have been incidents where the antivirus software had pruned files in the ContainerD filesystem incorrectly, causing the ContainerD mounts to go corrupt and causing data loss.

Issues resulting from third-party tools, such as antivirus and intrusion detection software, interfering with ContainerD or other necessary system calls are deemed resolved should disabling such tools restore functionality.

The key challenge remains balancing comprehensive security with minimal performance overhead. Whitelisting critical paths and understanding container runtime interactions becomes crucial. Administrators must carefully configure security agents to prevent unnecessary scanning of system-critical directories, which can cause significant resource contention and potentially destabilize cluster operations:

  • /var

  • /run/k3s/

  • /run/containerd/

  • /var/lib/rancher

  • /var/lib/kubelet

  • /run/k3s/

  • /etc/rancher/

  • /usr/local/bin/k3s

Lastly, where a customer environment is running additional 3rd party software please increase the system resources to account for overhead.

 

Related content

Agent - installerConfig.json and CLI config
Agent - installerConfig.json and CLI config
GV-KnowledgeBase
Read with this
Getvisibility products requirements explanation
Getvisibility products requirements explanation
GV-KnowledgeBase
More like this
Deploying Product in CIS hardened OS or K3s
Deploying Product in CIS hardened OS or K3s
GV-KnowledgeBase
More like this

Classified as Getvisibility - Partner/Customer Confidential