Help Center/ Container Guard Service/ User Guide/ Cluster Protection/ Enabling Protection for a Cluster
Updated on 2022-10-08 GMT+08:00

Enabling Protection for a Cluster

Enabling protection will automatically install the CGS shield plug-in in the cluster. The CGS shield is installed as a daemonset, which starts a pod on each compute node in the cluster to monitor and scan the status and events of containers on the node.

CGS automatically enables protection for a new node in the cluster when the node is added to a cluster with protection enabled.

Check Frequency

CGS performs a full check in the early morning every day.

If you enable server protection before the check interval, you can view check results only after the check at 00:00 of the next day is complete.

Prerequisites

  • You have created clusters on CCE.
  • Cluster Protection Status is Disabled.

Procedure

  1. Log in to the management console.
  2. In the upper part of the page, select a region, click , and choose Security & Compliance > Container Guard Service.
  3. Locate the row containing the target cluster and click Enable Protection in the Operation column.

    Click the name of a cluster to go to the node list page. You can also click Enable Protection on the top of the node list.

  4. In the displayed dialog box, read and select I have read and agreed to the Container Guard Service Disclaimer, and click OK.

    Figure 1 Enabling protection

    After protection is enabled, Cluster Protection Status of the cluster is Enabled, indicating that protection has been enabled for all available nodes in the cluster.

    • If you enable CGS for more nodes than can be protected by the yearly/monthly packages you have purchased, your will be charged on an hourly basis for protection of the excess nodes. For details, see When and How Will CGS Be Charged Per Use?
    • CGS automatically enables protection for a new node in the cluster when the node is added to a cluster with protection enabled.
    • Enabling protection will automatically install the CGS plug-in in the cluster.

References