Skip to content



Repository files navigation

ARMO cluster components

ARMO Vulnerability Scanning

Version: 1.7.17 Type: application AppVersion: v1.7.17

Installing ARMO cluster components in a Kubernetes cluster Using Helm:

  1. Add the Vulnerability Scanning Helm Repo
helm repo add armo
  1. Update helm repo
helm repo update
  1. Install the Helm Chart, use your account ID and give your cluster a name

if you ran kubescape cli tool and submitted, you can get your Account ID from the local cache:

kubescape config view | grep -i accountID

Otherwise, get the account ID from the kubescape SaaS

Run the install command:

helm upgrade --install armo  armo/armo-cluster-components -n armo-system --create-namespace --set accountGuid=<my_account_guid> --set clusterName=`kubectl config current-context` 

Add --set clientID=<generated client id> --set secretKey=<generated secret key> if you have generated an auth key

Add --set armoKubescape.serviceMonitor.enabled=true for installing the Prometheus service monitor, read more about Prometheus integration

Chart support


Key Type Default Description
armoCollector.affinity object {} Assign custom affinity rules to the StatefulSet
armoCollector.enabled bool true enable/disable the armoCollector
armoCollector.env[0] object {"name":"PRINT_REPORT","value":"false"} print in verbose mode (print all reported data)
armoCollector.image.repository string "" source code (private repo)
armoCollector.nodeSelector object {} Node selector
armoCollector.volumes object [] Additional volumes for the collector
armoCollector.volumeMounts object [] Additional volumeMounts for the collector
armoKubescape.affinity object {} Assign custom affinity rules to the deployment
armoKubescape.downloadArtifacts bool true download policies every scan, we recommend it should remain true, you should change to 'false' when running in an air-gapped environment or when scanning with high frequency (when running with Prometheus)
armoKubescape.enableHostScan bool true enable host scanner feature
armoKubescape.enabled bool true enable/disable kubescape scanning
armoKubescape.image.repository string "" source code (public repo)
armoKubescape.nodeSelector object {} Node selector
armoKubescape.serviceMonitor.enabled bool false enable/disable service monitor for prometheus (operator) integration
armoKubescape.skipUpdateCheck bool false skip check for a newer version
armoKubescape.submit bool true submit results to ARMO SaaS:
armoKubescape.volumes object [] Additional volumes for Kubescape
armoKubescape.volumeMounts object [] Additional volumeMounts for Kubescape
armoKubescapeScanScheduler.enabled bool true enable/disable a kubescape scheduled scan using a CronJob
armoKubescapeScanScheduler.image.repository string "" source code (public repo)
armoKubescapeScanScheduler.scanSchedule string "0 0 * * *" scan schedule frequency
armoKubescapeScanScheduler.volumes object [] Additional volumes for scan scheduler
armoKubescapeScanScheduler.volumeMounts object [] Additional volumeMounts for scan scheduler
armoNotificationService.affinity object {} Assign custom affinity rules to the deployment
armoNotificationService.enabled bool true enable/disable passing notifications from ARMO SaaS to the armo-web-socket microservice. The notifications are the onDemand scanning and the scanning schedule settings
armoNotificationService.image.repository string "" source code (private repo)
armoNotificationService.nodeSelector object {} Node selector
armoNotificationService.volumes object [] Additional volumes for the notification service
armoNotificationService.volumeMounts object [] Additional volumeMounts for the notification service
armoScanScheduler.enabled bool true enable/disable image vulnerability a schedule scan using a CronJob
armoScanScheduler.image.repository string "curlimages/curl" image: curlimages/curl
armoScanScheduler.scanSchedule string "0 0 * * *" scan schedule frequency
armoScanScheduler.volumes object [] Additional volumes for scan scheduler
armoScanScheduler.volumeMounts object [] Additional volumeMounts for scan scheduler
armoVulnScanner.affinity object {} Assign custom affinity rules to the deployment
armoVulnScanner.enabled bool true enable/disable image vulnerability scanning
armoVulnScanner.image.repository string "" source code (private repo)
armoVulnScanner.nodeSelector object {} Node selector
armoVulnScanner.volumes object [] Additional volumes for the image vulnerability scanning
armoVulnScanner.volumeMounts object [] Additional volumeMounts for the image vulnerability scanning
armoWebsocket.affinity object {} Assign custom affinity rules to the deployment
armoWebsocket.enabled bool true enable/disable kubescape and image vulnerability scanning
armoWebsocket.image.repository string "" source code (private repo)
armoWebsocket.nodeSelector object {} Node selector
armoWebsocket.volumes object [] Additional volumes for the web socket
armoWebsocket.volumeMounts object [] Additional volumeMounts for the web socket
armoKubescapeHostScanner.volumes object [] Additional volumes for the host scanner
armoKubescapeHostScanner.volumeMounts object [] Additional volumeMounts for the host scanner
aws_iam_role_arn string nil AWS IAM arn role
clientID string "" client ID, read more
cloudRegion string nil cloud region
cloud_provider_engine string nil cloud provider engine
gkeProject string nil GKE project
gke_service_account string nil GKE service account
secretKey string "" secret key, read more
triggerNewImageScan bool false enable/disable trigger image scan for new images
volumes object [] Additional volumes for all containers
volumeMounts object [] Additional volumeMounts for all containers


Helm charts for ARMO cluster components



Code of conduct





No packages published


  • Smarty 100.0%