ESET PRIVATE Scanning Solutions – Table of Contents

Deployment Guide: On-Prem Kubernetes Deployment

Copy current article URL Share via email

This article (PDF) Whole documentation (PDF)

ESET PRIVATE Scanning Solutions can be deployed on-premises across any Kubernetes distribution, without strict hardware or vendor-specific requirements. The only prerequisite is access to the Kubernetes API, enabling deployment across diverse cluster setups where standard Kubernetes capabilities are available. Depending on the target environment and desired configuration, additional Kubernetes CRDs and supporting components may need to be installed to enable specific product features and integrations.

The solution exposes metrics via Prometheus and automatically deploys Prometheus alerting rules and Grafana dashboards for observability out of the box. Additional features and integrations are available to further enhance security, observability, and scaling for production environments.

This section provides guidelines for deploying the solution in an on-premises Kubernetes environment, covering prerequisites, best practices, and an example deployment using Helm charts.

The example deployment below represents a minimal proof-of-concept (PoC) setup as a starting point for further configuration and tuning to meet production requirements. It is intended solely for evaluation purposes and should not be used in production without additional security hardening and operational tuning.

The example deployment consists of the following components:

•An ESET LoadBalancer (Kubernetes DaemonSet)

•An ESET Cloud Scanner (Kubernetes Deployment)

To support end-to-end evaluation, the guide also covers deployment of the Scanner Agent (an ESET reference implementation), which can be used to submit test files and generate scanning traffic in a controlled environment.

˄˅