I am using this k8s deployment. And this tutorial for the deployment. I can now scan the /host file. But I don't know how I could scan another pod.
How would I give the rights to the k8s deployment to access another pod and how would I then get the filesystem to scan it?
Asked
Active
Viewed 3,246 times
2
MTom
- 33
- 1
- 5
1 Answers
0
Those examples are both showing how to scan the host OS, which kind of includes everything running. If you want to scan containers in particular you would probably use something totally different, like an image policy webhook and some custom glue code. If you mean something more like you have a service that accepts user uploads and you want to scan those, you would probably integrate ClamAV directly into the app as a sidecar and your app would talk to the daemon (or just run clamscan itself on demand maybe).
coderanger
- 52,400
- 4
- 52
- 75
-
Thank you for your reply! Does this mean that if I scan the /host, that I am technically already scanning every pod that is running in my cluster? – MTom May 26 '21 at 08:38
-
If you mean like for compliance reasons then sure. – coderanger May 26 '21 at 09:17