Helm Chart Requirements
The Detectify Internal Scanning engine can be deployed to a Kubernetes cluster using Helm.
Requirements for deploying the Internal Scanning Agent on Kubernetes are documented below.
Software Tools
Install these tools on your workstation:
| Tool | Version | Installation | Purpose |
|---|---|---|---|
| kubectl | >= 1.29 | kubernetes.io | Cluster management |
| Helm | >= 3.0 | helm.sh | App deployment |
# Make sure they're installed correctly
kubectl version
helm versionKubernetes Cluster
The Internal Scanner runs on Kubernetes. Your cluster needs:
| Requirement | Minimum | Recommended |
|---|---|---|
| Kubernetes Version | 1.29+ | Latest stable |
| Nodes | 1 | 2+ (for HA) |
| CPU | 2 vCPU | - |
| Memory | 8 Gi | - |
| Persistent Storage | 8 Gi | 8 Gi |
Persistent Volumes
Unless you intend to use an externally managed Redis, the cluster needs to support PersistentVolumeClaim to provide Redis with persistent data storage.
kubectl get storageclass
# NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
# ebs-gp3 ebs.csi.eks.amazonaws.com Delete WaitForFirstConsumer true 21h
# gp2 (default) kubernetes.io/aws-ebs Delete WaitForFirstConsumer false 21hFor Scanner API
If you need to interact with Internal Scanning via the REST API (i.e. not via the Detectify UI) the cluster also needs to support:
- Ingress (e.g.
nginx-ingress) - Certificate issuing (e.g.
cert-manager) - DNS management (e.g.
external-dns)
Network
Outbound Access
The scanner needs outbound HTTPS access to:
| Destination | Port | Purpose |
|---|---|---|
registry.detectify.com | 443 | Pull container images |
license.detectify.com | 443 | License validation |
connector.detectify.com | 443 | Job polling, results reporting, etc |
Detectify Credentials
You need credentials and a license key.
| Credential | Description | Used For |
|---|---|---|
| License Key | Unique identifier for your scanner instance | Scanner activation |
| Connector API Key | Authentication token for Detectify API | Job polling, results upload |
| Registry Username | Docker registry username | Pulling container images |
| Registry Password | Docker registry password | Pulling container images |
Don’t have credentials? Contact your Detectify account team or reach out to us to enable Internal Scanning.
Next Steps
- Deploy on Kubernetes — Helm chart for any cluster