Threat Stack Kubernetes DaemonSet for Agent Deploy

Follow

Overview

The Threat Stack Kubernetes DaemonSet orchestrates the Threat Stack containerized Agent. The Kubernetes DaemonSet ensures all nodes run one copy of the Threat Stack containerized Agent.

Additionally, new rule sets are available for the Kubernetes DaemonSet:

  • Kubernetes file integrity monitoring (FIM)

    Note

    If the customer uses FIM rules to create exclusions with Agent 1.8.0C, then they must prepend /threatstackfs to the exclude path. For example, to exclude /tmp/bad, the exclusion becomes /threatstackfs/tmp/bad.

  • Docker CIS

Note

AWS Elastic Container Search (ECS) is also an orchestration layer. However, securing AWS ECS workloads requires the Threat Stack host-based Agent. For more information, see FAQ: How do I secure my AWS ECS workload with Threat Stack?.

How do I deploy containerized Agent using Kubernetes DaemonSet?

Prerequisites

None.

Deploy containerized Agent using Kubernetes DaemonSet

  1. Create a configuration file for the Threat Stack containerized Agent.
    1. In the /etc/ directory, create a ts-agent folder.
    2. Download a sample ts-config.json file.

      Warning

      If you do not provide a configuration file, or if you provide a misconfigured configuration file, then the deployment of the containerized Agent will not work.

    3. Make any changes to the sample file necessary for your environment.
    4. In the /etc/ts-agent folder, save the file as “ts-config.json”.
  2. Create the Kubernetes DaemonSet file.
    1. Download a sample Threat Stack Kubernetes DaemonSet .yaml file.
    2. Make any changes to the sample file necessary for your environment
    3. Include your unique deploy key
    4. Save the file as “TSKubernetesDaemonSet”.
  3. Map the configuration file for the Threat Stack containerized Agent to the Kubernetes DaemonSet.
    1. Open the Command Line.
    2. Type or copy and paste the following command and press ENTER:
      kubectl create configmap ts-config --from-file=ts-config

      This command maps the Threat Stack containerized Agent configuration file – ts-config – to the Kubernetes DaemonSet.

  4. Deploy the Threat Stack containerized Agent using the Kubernetes DaemonSet.
    1. Go to the Command Line.
    2. Type or copy and paste the following command and press ENTER:
      kubectl create -f TSKubernetesDaemonSet
  5. Confirm the containerized Agent deployed correctly.
    1. Log into Threat Stack.
    2. Ensure events display as expected.
Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

0 comments

Article is closed for comments.