neuvector · kakabisht · May 23, 2025 · sunilarjun · Jun 10, 2025 · sunilarjun
@@ -67,7 +67,7 @@ Here is a general architecture overview of NeuVector. Not shown is the separate
 
 ### Deployment Examples
 
-For common deployment patterns and best practices see the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector).
+For common deployment patterns and best practices refer the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector).
-For common deployment patterns and best practices refer the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector).
+For common deployment patterns and best practices refer to the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector).
-For common deployment patterns and best practices refer the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector).
+For common deployment patterns and best practices refer to the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector).
 
 ##### All-in-One and Enforcers
 

@@ -7,14 +7,14 @@ slug: /basics/requirements
 
 ## System Requirements
 
-| Component  | # of Instances                    | Recommended vCPU | Minimum Memory | Notes                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
-|------------|-----------------------------------|------------------|----------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Controller | min. 1<br />3 for HA (odd # only) | 1                | 1GB            | vCPU core may be shared                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
-| Enforcer   | 1 per node/VM                     | 1+               | 1GB            | One or more dedicated vCPU for higher network throughput in Protect mode                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       |
-| Scanner    | min. 1<br />2+ for HA/Performance | 1                | 1GB            | CPU core may be shared for standard workloads.<br />Dedicate 1 or more CPU for high volume (10k+) image scanning.<br />Registry image scanning is performed by the scanner and managed by the controller and the image is pulled by the scanner and expanded in memory.<br />The minimum memory recommendation assumes images to be scanned are not larger than .5GB.<br />When scanning images larger than 1GB, scanner memory should be calculated by taking the largest image size and adding .5GB.<br />Example - largest image size = 1.3GB, the scanner container memory should be 1.8GB |
-| Manager    | min 1<br />2+ for HA              | 1                | 1GB            | vCPU may be shared                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |
-
-* For configuration backup/HA, a RWX PVC of 1Gi or more. See [Backups and Persistent Data section](/deploying/production#backups-and-persistent-data) for more details.
+| Component  | # of Instances | Recommended vCPU | Minimum Memory | Notes |
+|--|---|--|--|----|
+| Controller | min. 1<br />3 for HA (odd # only) | 1                | 1GB            | vCPU core may be shared  |
+| Enforcer   | 1 per node/VM                     | 1+               | 1GB            | One or more dedicated vCPU for higher network throughput in Protect mode  |
+| Scanner    | min. 1<br />2+ for HA/Performance | 1                | 1GB            | CPU core may be shared for standard workloads.<br />Dedicate 1 or more CPU for high volume (10k+) image scanning.<br />Registry image scanning is performed by the scanner and managed by the controller and the image is pulled by the scanner and expanded in memory.<br />The minimum memory recommendation assumes images to be scanned are not larger than .5GB.<br />When scanning images larger than 1GB, scanner memory should be calculated by taking the largest image size and adding .5GB.<br /> For example,  largest image size = 1.3GB, the scanner container memory should be 1.8GB |
-| Scanner    | min. 1<br />2+ for HA/Performance | 1                | 1GB            | CPU core may be shared for standard workloads.<br />Dedicate 1 or more CPU for high volume (10k+) image scanning.<br />Registry image scanning is performed by the scanner and managed by the controller and the image is pulled by the scanner and expanded in memory.<br />The minimum memory recommendation assumes images to be scanned are not larger than .5GB.<br />When scanning images larger than 1GB, scanner memory should be calculated by taking the largest image size and adding .5GB.<br /> For example,  largest image size = 1.3GB, the scanner container memory should be 1.8GB |
+| Scanner    | min. 1<br />2+ for HA/Performance | 1                | 1GB            | CPU core may be shared for standard workloads.<br />Dedicate 1 or more CPU for high volume (10k+) image scanning.<br />Registry image scanning is performed by the scanner and managed by the controller and the image is pulled by the scanner and expanded in memory.<br />The minimum memory recommendation assumes images to be scanned are not larger than .5GB.<br />When scanning images larger than 1GB, scanner memory should be calculated by taking the largest image size and adding .5GB.<br /> For example, if the largest image size is 1.3GB, the scanner container memory should be 1.8GB. |
-| Scanner    | min. 1<br />2+ for HA/Performance | 1                | 1GB            | CPU core may be shared for standard workloads.<br />Dedicate 1 or more CPU for high volume (10k+) image scanning.<br />Registry image scanning is performed by the scanner and managed by the controller and the image is pulled by the scanner and expanded in memory.<br />The minimum memory recommendation assumes images to be scanned are not larger than .5GB.<br />When scanning images larger than 1GB, scanner memory should be calculated by taking the largest image size and adding .5GB.<br /> For example,  largest image size = 1.3GB, the scanner container memory should be 1.8GB |
+| Scanner    | min. 1<br />2+ for HA/Performance | 1                | 1GB            | CPU core may be shared for standard workloads.<br />Dedicate 1 or more CPU for high volume (10k+) image scanning.<br />Registry image scanning is performed by the scanner and managed by the controller and the image is pulled by the scanner and expanded in memory.<br />The minimum memory recommendation assumes images to be scanned are not larger than .5GB.<br />When scanning images larger than 1GB, scanner memory should be calculated by taking the largest image size and adding .5GB.<br /> For example, if the largest image size is 1.3GB, the scanner container memory should be 1.8GB. |
+| Manager    | min 1<br />2+ for HA              | 1                | 1GB            | vCPU may be shared |
+
+* For configuration backup/HA, a RWX PVC of 1Gi or more. Refer to [Backups and Persistent Data section](/deploying/production#backups-and-persistent-data) for more details.
-* For configuration backup/HA, a RWX PVC of 1Gi or more. Refer to [Backups and Persistent Data section](/deploying/production#backups-and-persistent-data) for more details.
+* For configuration backup/HA, a RWX PVC of 1Gi or more. Refer to the [Backups and Persistent Data section](/deploying/production#backups-and-persistent-data) for more details.
-* For configuration backup/HA, a RWX PVC of 1Gi or more. Refer to [Backups and Persistent Data section](/deploying/production#backups-and-persistent-data) for more details.
+* For configuration backup/HA, a RWX PVC of 1Gi or more. Refer to the [Backups and Persistent Data section](/deploying/production#backups-and-persistent-data) for more details.
 * Recommended browser: Chrome for better performance
 
 ## Supported Platforms
@@ -24,12 +24,12 @@ slug: /basics/requirements
 * CoreOS is supported (November 2023) for CVE scanning through RHEL mapping table provided by RedHat. Once an official feed is published by RedHat for CoreOS it will be supported.
 * Officially supported Kubernetes and Docker compliant container management systems. The following platforms are tested with every release of NeuVector: Kubernetes 1.19-1.32, SUSE Rancher (RKE, RKE2, K3s etc), RedHat OpenShift 4.6-4.16 (3.x to 4.12 supported prior to NeuVector 5.2.x), Google GKE, Amazon EKS, Microsoft Azure AKS, IBM IKS, native docker, docker swarm. The following Kubernetes and docker compliant platforms are supported and have been verified to work with NeuVector: VMware Photon and Tanzu, SUSE CaaS, Oracle OKE, Mirantis Kubernetes Engine, Nutanix Kubernetes Engine, docker UCP/DataCenter, docker Cloud.
 * Docker run-time version: 1.9.0 and up; Docker API version: 1.21, CE and EE.
-* Containerd and CRI-O run-times (requires changes to volume paths in sample yamls). See changes required for Containerd in the Kubernetes deployment section and CRI-O in the OpenShift deployment section.
+* Containerd and CRI-O run-times (requires changes to volume paths in sample yamls). For more information, refer to [Kubernetes deployment](../../02.deploying/02.kubernetes/02.kubernetes.md) and [OpenShift deployment](../../02.deploying/04.openshift/04.openshift.md).
-* Containerd and CRI-O run-times (requires changes to volume paths in sample yamls). For more information, refer to [Kubernetes deployment](../../02.deploying/02.kubernetes/02.kubernetes.md) and [OpenShift deployment](../../02.deploying/04.openshift/04.openshift.md).
+* Containerd and CRI-O run-times (requires changes to volume paths in sample yamls). For more information, refer to the [Kubernetes deployment](../../02.deploying/02.kubernetes/02.kubernetes.md) and [OpenShift deployment](../../02.deploying/04.openshift/04.openshift.md) documentation.
-* Containerd and CRI-O run-times (requires changes to volume paths in sample yamls). For more information, refer to [Kubernetes deployment](../../02.deploying/02.kubernetes/02.kubernetes.md) and [OpenShift deployment](../../02.deploying/04.openshift/04.openshift.md).
+* Containerd and CRI-O run-times (requires changes to volume paths in sample yamls). For more information, refer to the [Kubernetes deployment](../../02.deploying/02.kubernetes/02.kubernetes.md) and [OpenShift deployment](../../02.deploying/04.openshift/04.openshift.md) documentation.
 * NeuVector is compatible with most commercially supported CNI's. Officially tested and supported are openshift ovs (subnet/multitenant), calico, flannel, cilium, antrea and public clouds (gke, aks, iks, eks). Support for Multus was added in v5.4.0.
 * Console: Chrome or Firefox browser recommended. IE 11 not supported due to performance issues.
-* Minikube is supported for simple initial evaluation but not for full proof of concept. See below for changes required for the Allinone yaml to run on Minikube.
+* Minikube is supported for simple initial evaluation but not for full proof of concept. For more information, refer to [changes required for the Allinone yaml to run on Minikube](#minikube).
-* Minikube is supported for simple initial evaluation but not for full proof of concept. For more information, refer to [changes required for the Allinone yaml to run on Minikube](#minikube).
+* Minikube is supported for simple initial evaluation but not for full proof of concept. For more information, refer to the section regarding [changes required for the Allinone yaml to run on Minikube](#minikube).
-* Minikube is supported for simple initial evaluation but not for full proof of concept. For more information, refer to [changes required for the Allinone yaml to run on Minikube](#minikube).
+* Minikube is supported for simple initial evaluation but not for full proof of concept. For more information, refer to the section regarding [changes required for the Allinone yaml to run on Minikube](#minikube).
 
-AWS Bottlerocket Note: Must change path of the containerd socket specific to Bottleneck. Please see Kubernetes deployment section for details.
+AWS Bottlerocket Note: Must change path of the containerd socket specific to Bottleneck. Please refer to [Kubernetes deployment](../../02.deploying/02.kubernetes/02.kubernetes.md)
-AWS Bottlerocket Note: Must change path of the containerd socket specific to Bottleneck. Please refer to [Kubernetes deployment](../../02.deploying/02.kubernetes/02.kubernetes.md)
+:::note
+AWS Bottlerocket: You must change the path of the containerd socket specific to Bottlerocket. Please refer to the [Kubernetes deployment](../../02.deploying/02.kubernetes/02.kubernetes.md) documentation for more information.
+:::
-AWS Bottlerocket Note: Must change path of the containerd socket specific to Bottleneck. Please refer to [Kubernetes deployment](../../02.deploying/02.kubernetes/02.kubernetes.md)
+:::note
+AWS Bottlerocket: You must change the path of the containerd socket specific to Bottlerocket. Please refer to the [Kubernetes deployment](../../02.deploying/02.kubernetes/02.kubernetes.md) documentation for more information.
+:::
 
 ### Multus
 
@@ -118,9 +118,9 @@ In Monitor mode (network filtering similar to a mirror/tap), there is no perform
 
 For throughput or latency sensitive environments, additional memory and/or a dedicated CPU core can be allocated to the NeuVector Enforcer container.
 
-For performance tuning of the Controller and Scanner for registry scanning, see System Requirements above.
+For performance tuning of the Controller and Scanner for registry scanning, refer the System Requirements above.
-For performance tuning of the Controller and Scanner for registry scanning, refer the System Requirements above.
+For performance tuning of the Controller and Scanner for registry scanning, refer to the [System Requirements](#system-requirements) above.
-For performance tuning of the Controller and Scanner for registry scanning, refer the System Requirements above.
+For performance tuning of the Controller and Scanner for registry scanning, refer to the [System Requirements](#system-requirements) above.
 
-For additional advice on performance and sizing, see the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector).
+For additional advice on performance and sizing, refer the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector).
-For additional advice on performance and sizing, refer the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector).
+For additional advice on performance and sizing, refer to the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector).
-For additional advice on performance and sizing, refer the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector).
+For additional advice on performance and sizing, refer to the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector).
 
 ### Throughput
 

@@ -11,15 +11,16 @@ Deploy the NeuVector containers using Kubernetes, OpenShift, Rancher, Docker, or
 
 The NeuVector open source images are hosted on Docker Hub at `/neuvector/{image name}`. 
 
-See the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector) to download an on boarding guide.
+Refer the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector) to download an on boarding guide.
-Refer the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector) to download an on boarding guide.
+Refer to the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector) to download an onboarding guide.
-Refer the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector) to download an on boarding guide.
+Refer to the [Onboarding/Best Practices section](/deploying/production?target=_blank#best-practices-tips-qa-for-deploying-and-managing-neuvector) to download an onboarding guide.
 
 #### Deploy using Kubernetes, OpenShift, Rancher, or other Kubernetes-based tools
 
-To deploy NeuVector using Kubernetes, OpenShift, Rancher or other orchestration tools, see the preparation steps and sample files in the section [Deploying NeuVector](/deploying/production#planning-deployments). This deploys manager, controller, scanner, and enforcer containers. For simple testing using the NeuVector Allinone container, see the section Special Use Cases with Allinone.
+To deploy NeuVector using Kubernetes, OpenShift, Rancher or other orchestration tools, refer the preparation steps and sample files in the section [Deploying NeuVector](/deploying/production#planning-deployments). This deploys manager, controller, scanner, and enforcer containers. For simple testing using the NeuVector Allinone container, refer the [Use Case with Allinone](../../02.requirements/02.requirements.md#minikube).
-To deploy NeuVector using Kubernetes, OpenShift, Rancher or other orchestration tools, refer the preparation steps and sample files in the section [Deploying NeuVector](/deploying/production#planning-deployments). This deploys manager, controller, scanner, and enforcer containers. For simple testing using the NeuVector Allinone container, refer the [Use Case with Allinone](../../02.requirements/02.requirements.md#minikube).
+To deploy NeuVector using Kubernetes, OpenShift, Rancher or other orchestration tools, refer to the preparation steps and sample files in the section [Deploying NeuVector](/deploying/production#planning-deployments). This deploys manager, controller, scanner, and enforcer containers. For simple testing using the NeuVector Allinone container, refer to the [Use Case with Allinone](../../02.requirements/02.requirements.md#minikube).
-To deploy NeuVector using Kubernetes, OpenShift, Rancher or other orchestration tools, refer the preparation steps and sample files in the section [Deploying NeuVector](/deploying/production#planning-deployments). This deploys manager, controller, scanner, and enforcer containers. For simple testing using the NeuVector Allinone container, refer the [Use Case with Allinone](../../02.requirements/02.requirements.md#minikube).
+To deploy NeuVector using Kubernetes, OpenShift, Rancher or other orchestration tools, refer to the preparation steps and sample files in the section [Deploying NeuVector](/deploying/production#planning-deployments). This deploys manager, controller, scanner, and enforcer containers. For simple testing using the NeuVector Allinone container, refer to the [Use Case with Allinone](../../02.requirements/02.requirements.md#minikube).
 
-NeuVector supports Helm-based deployment with a Helm chart at [https://github.com/neuvector/neuvector-helm](https://github.com/neuvector/neuvector-helm).
+[!NOTE]
+> NeuVector supports [Helm-based deployment with a Helm chart](https://github.com/neuvector/neuvector-helm).
-[!NOTE]
-> NeuVector supports [Helm-based deployment with a Helm chart](https://github.com/neuvector/neuvector-helm).
+:::note
+NeuVector supports a [Helm-based deployment with a Helm chart](https://github.com/neuvector/neuvector-helm).
+:::
-[!NOTE]
-> NeuVector supports [Helm-based deployment with a Helm chart](https://github.com/neuvector/neuvector-helm).
+:::note
+NeuVector supports a [Helm-based deployment with a Helm chart](https://github.com/neuvector/neuvector-helm).
+:::
 
-Automated deployments are supported using Helm, Red Hat/Community Operators, the rest API, or a Kubernetes ConfigMap. See the section [Deploy Using ConfigMap](/deploying/production/configmap#kubernetes-configmap) for more details on automating deployment.
+Automated deployments are supported using Helm, Red Hat/Community Operators, the rest API, or a Kubernetes ConfigMap. Refer the section [Deploy Using ConfigMap](/deploying/production/configmap#kubernetes-configmap) for more details on automating deployment.
-Automated deployments are supported using Helm, Red Hat/Community Operators, the rest API, or a Kubernetes ConfigMap. Refer the section [Deploy Using ConfigMap](/deploying/production/configmap#kubernetes-configmap) for more details on automating deployment.
+Automated deployments are supported using Helm, Red Hat/Community Operators, the rest API, or a Kubernetes ConfigMap. Refer to the section [Deploy Using ConfigMap](/deploying/production/configmap#kubernetes-configmap) for more details on automating deployment.
-Automated deployments are supported using Helm, Red Hat/Community Operators, the rest API, or a Kubernetes ConfigMap. Refer the section [Deploy Using ConfigMap](/deploying/production/configmap#kubernetes-configmap) for more details on automating deployment.
+Automated deployments are supported using Helm, Red Hat/Community Operators, the rest API, or a Kubernetes ConfigMap. Refer to the section [Deploy Using ConfigMap](/deploying/production/configmap#kubernetes-configmap) for more details on automating deployment.
 
 #### Deploy using Docker Native
 
@@ -35,7 +36,7 @@ For Swarm-Based deployments, also add the following environment variable:
 - NV_PLATFORM_INFO=platform=Docker
 ```
 
-See the section Deploying NeuVector -> [Docker Production Deployment](/deploying/docker) for instructions and examples.
+Refer section Deploying NeuVector -> [Docker Production Deployment](/deploying/docker) for instructions and examples.
-Refer section Deploying NeuVector -> [Docker Production Deployment](/deploying/docker) for instructions and examples.
+Refer to the section Deploying NeuVector -> [Docker Production Deployment](/deploying/docker) for instructions and examples.
-Refer section Deploying NeuVector -> [Docker Production Deployment](/deploying/docker) for instructions and examples.
+Refer to the section Deploying NeuVector -> [Docker Production Deployment](/deploying/docker) for instructions and examples.
 
 #### Backing Up Configuration Files