System Requirements
Kubernetes
| Version | Status | Notes |
|---|---|---|
| v1.30+ | Recommended | Checkpoint API enabled by default (beta) |
| v1.25 - v1.29 | Supported | Checkpoint API requires feature gate |
- • Helm 3.x
- • containerd 2.0+ or CRI-O 1.25+
Node OS
| OS | Status |
|---|---|
| Ubuntu 22.04+ | Supported |
| Amazon Linux 2023 | Supported |
| Red Hat Enterprise Linux | Supported |
| OpenShift | Coming soon |
Cloud Providers
GKE, EKS, and AKS standard clusters are supported.
Serverless options (GKE Autopilot, EKS Fargate) are not supported. They do not provide node-level access required by the agent.
CRIU
Checkpoint operations use CRIU v4.1+ for process state capture. The agent includes CRIU—no manual installation required.
All other features (layers, SBOM, CBOM, malware, forensics) do not use CRIU.
Resources
Measured with 3 concurrent 5GB layer captures. Adjust based on workload.
| Component | CPU Request | CPU Limit | Memory Request | Memory Limit |
|---|---|---|---|---|
| Agent | 250m | 1000m | 128Mi | 256Mi |
| ClamAV (optional) | 100m | 500m | 1Gi | 2Gi |
ClamAV loads signature database into memory on startup (~1GB). Scheduler limits concurrent operations to 3 by default.