Threat Stack Kubernetes DaemonSet for Agent Deploy

Overview

The Threat Stack Kubernetes DaemonSet orchestrates the Threat Stack containerized Agent. The Kubernetes DaemonSet ensures all nodes run one copy of the Threat Stack containerized Agent.

Additionally, new rule sets are available for the Kubernetes DaemonSet:

  • Kubernetes Rule Set

    Note

    If the customer uses File Integrity Monitoring (FIM) rules to create exclusions with Agent 1.8.0C, then they must prepend /threatstackfs to the exclude path. For example, to exclude /tmp/bad, the exclusion becomes /threatstackfs/tmp/bad.

  • CIS Docker Rule Set

How do I deploy containerized Agent using Kubernetes DaemonSet?

Prerequisites

None.

Deploy containerized Agent 2.1.x using Kubernetes DaemonSet

Note

We have removed the requirement of labeling one of your nodes as threatstack-master. One node will automatically have two agents deployed to it, with one of the agents dedicated solely to Kubernetes events.

  1. Create the Kubernetes DaemonSet file.
    1. Download a sample Threat Stack Kubernetes DaemonSet.yaml file.
    2. Make any changes to the sample file necessary for your environment
    3. Include your unique deploy key.
    4. Save the file as “TSKubernetesDaemonSet.yaml”.
  2. Deploy the Threat Stack containerized Agent using the Kubernetes DaemonSet.
    1. Go to the Command Line.
    2. Type or copy and paste the following command and press ENTER:
      kubectl create -f TSKubernetesDaemonSet.yaml
  3. Confirm the containerized Agent deployed correctly.
    1. Log into Threat Stack.
    2. Ensure events display as expected.
Deploy containerized Agent 2.1 using Kubernetes DaemonSet
  1. Create the Kubernetes DaemonSet file.
    1. Download a sample Threat Stack Kubernetes DaemonSet .yaml file.
    2. Make any changes to the sample file necessary for your environment
    3. Include your unique deploy key.
    4. Save the file as “TSKubernetesDaemonSet.yaml”.
  2. If you want to use Threat Stack's enhanced visibility into Kubernetes, then designate one of your nodes as the master node. The master node communicates with the Kubernetes API.
    1. Go to the Command Line.
    2. Type or copy and paste the following command and press ENTER.
      kubectl label nodes <Node_Name> threatstack-master="true"

      Replace <Node Name> with the name of the node you want to designate as the master.

      Important

      If you designate more than one node as the master, then you will receive duplicate events.

  3. Deploy the Threat Stack containerized Agent using the Kubernetes DaemonSet.
    1. Go to the Command Line.
    2. Type or copy and paste the following command and press ENTER:
      kubectl create -f TSKubernetesDaemonSet.yaml
  4. Confirm the containerized Agent deployed correctly.
    1. Log into Threat Stack.
    2. Ensure events display as expected.
Deploy containerized Agent 2.0 using Kubernetes DaemonSet
  1. Create the Kubernetes DaemonSet file.
    1. Download a sample Threat Stack Kubernetes DaemonSet .yaml file.
    2. Make any changes to the sample file necessary for your environment
    3. Include your unique deploy key
    4. Save the file as “TSKubernetesDaemonSet.yaml”.
  2. Deploy the Threat Stack containerized Agent using the Kubernetes DaemonSet.
    1. Go to the Command Line.
    2. Type or copy and paste the following command and press ENTER:
      kubectl create -f TSKubernetesDaemonSet.yaml
  3. Confirm the containerized Agent deployed correctly.
    1. Log into Threat Stack.
    2. Ensure events display as expected.
Deploy containerized Agent 1.x series using Kubernetes DaemonSet
  1. Create a configuration file for the Threat Stack containerized Agent.
    1. In the /etc/ directory, create a ts-agent folder.
    2. Download a sample ts-config.json file.

      Warning

      If you do not provide a configuration file, or if you provide a misconfigured configuration file, then the deployment of the containerized Agent will not work.

    3. Make any changes to the sample file necessary for your environment.
    4. In the /etc/ts-agent folder, save the file as “ts-config.json”.
  2. Create the Kubernetes DaemonSet file.
    1. Download a sample Threat Stack Kubernetes DaemonSet .yaml file.
    2. Make any changes to the sample file necessary for your environment
    3. Include your unique deploy key
    4. Save the file as “TSKubernetesDaemonSet.yaml”.
  3. Map the configuration file for the Threat Stack containerized Agent to the Kubernetes DaemonSet.
    1. Open the Command Line.
    2. Type or copy and paste the following command and press ENTER:
      kubectl create configmap ts-config --from-file=ts-config.json

      This command maps the Threat Stack containerized Agent configuration file – ts-config – to the Kubernetes DaemonSet.

  4. Deploy the Threat Stack containerized Agent using the Kubernetes DaemonSet.
    1. Go to the Command Line.
    2. Type or copy and paste the following command and press ENTER:
      kubectl create -f TSKubernetesDaemonSet.yaml
  5. Confirm the containerized Agent deployed correctly.
    1. Log into Threat Stack.
    2. Ensure events display as expected.
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request