Enabling Protection for a Cluster
Enabling protection will automatically install the CGS shield plug-in in the cluster. The CGS shield is installed as a daemonset, which starts a pod on each compute node in the cluster to monitor and scan the status and events of containers on the node.
CGS automatically enables protection for a new node in the cluster when the node is added to a cluster with protection enabled.
Check Frequency
CGS performs a full check in the early morning every day.
If you enable server protection before the check interval, you can view check results only after the check at 00:00 of the next day is complete.
Prerequisites
- You have created clusters on CCE.
- Cluster Protection Status is Disabled.
Procedure
- Log in to the management console.
- In the upper part of the page, select a region, click
, and choose Security & Compliance > Container Guard Service. - Locate the row containing the target cluster and click Enable Protection in the Operation column.
Click the name of a cluster to go to the node list page. You can also click Enable Protection on the top of the node list.
- In the displayed dialog box, read and select I have read and agreed to the Container Guard Service Disclaimer, and click OK.
Figure 1 Enabling protection
After protection is enabled, Cluster Protection Status of the cluster is Enabled, indicating that protection has been enabled for all available nodes in the cluster.
- If you enable CGS for more nodes than can be protected by the yearly/monthly packages you have purchased, your will be charged on an hourly basis for protection of the excess nodes. For details, see When and How Will CGS Be Charged Per Use?
- CGS automatically enables protection for a new node in the cluster when the node is added to a cluster with protection enabled.
- Enabling protection will automatically install the CGS plug-in in the cluster.
References
- After enabling CGS, you can define security policies by configuring a process whitelist and file protection list to prevent risks during the running of the container, keeping systems and applications secure. For details about how to configure security policies, see (Optional) Configuring Policies.
- To disable cluster protection, follow the instructions provided in Disabling Protection for a Cluster.
- To troubleshoot an offline shield, follow the instructions provided in What Should I Do If the Shield on a Node Is Offline?
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
