Agent deployment
You should install Agents on all nodes of the cluster that you want to protect.
A separate group of agents is installed on each cluster.
To deploy agents in the cluster:
- In the main menu, go to the Components → Agents section.
- In the work pane, click the Add agent group button.
- On the General tab:
- Fill in the fields in the form.
- Enter the group name. For convenient agent management, we recommend naming the group after cluster whose nodes the agents will be deployed on.
- If required, enter a description of the agent group.
- Select the orchestrator to use.
- Specify the namespace name.
- In the KCS registry section, enter the web address of the registry where the images used to install agents are located. To access the registry, you must specify the correct user name and password.
- Under Linked SIEM, select the SIEM system from the drop-down list.
To link an agent group in Kaspersky Container Security, you must create and configure at least one integration with a SIEM system.
One agent group can be linked with only one SIEM system.For each SIEM system integration, the drop-down list indicates the connection status – Success, Warning, or Error.
- Fill in the fields in the form.
- On the Node monitoring tab, use the Disable/Enable toggle to start monitoring and analyzing the status of the network, processes inside containers, and file threat protection for the following settings:
- Network connections monitoring. The status of network connections is monitored with traffic capture devices (network monitors) and eBPF modules. This process considers applicable runtime policies and container runtime profiles.
- Container processes monitoring. Container processes are monitored using eBPF programs based on applicable runtime policy rules and container runtime profile rules.
- File threat protection. To track anti-malware database updates, specify one of the following values:
- Anti-malware database update URL: the web address of the Kaspersky Container Security update service.
- Anti-malware database update proxy: the HTTP proxy for a cloud or local update server.
If the
kcs-updatescontainer is used to update anti-malware databases, the URL of the database update tool must be specified as follows:<domain>/kuu/updates(for example,https://kcs.company.com/kuu/updates).By default, File Threat Protection databases are updated from Kaspersky cloud servers.
- File operations. The solution tracks file operations using eBPF modules based on applicable runtime policies and container runtime profiles.
Regardless of the mode specified in the runtime policy, only the Audit mode is supported for file operations. If the Enforce mode is specified in the applicable runtime policy, file operations are performed in Audit mode.
Monitoring steps that are not needed can be disabled to avoid unnecessary load on the nodes.
- Click Save.
In the workspace, the Deployment data tab displays the following data necessary for deploying agents on the cluster:
- The automatically generated deployment token is the identifier that the agent uses to connect to the server. You can copy the token by clicking the copy icon (
) next to the Deployment token field. - Instruction for deploying agents on a cluster. You can copy the instruction from the Configuration field by clicking the copy icon (), or download the instruction as a file in .YAML format.
You can use this instruction to deploy agents on a cluster. For example:
kubectl apply -f <file> -n <namespace>Following the application of the instruction, the agent is deployed on all worker nodes of the cluster.
The solution automatically updates the agent deployment instruction if you change the following parameters:
- TLS certificates of the solution
- URL, user name, and password for downloading the kube-agent and node-agent images
- The linked SIEM system
- Settings in the Node monitoring section
You must copy or download the updated instruction in a .YAML file again, and then apply it by using the kubectl apply -f <file> -n <namespace> command. Otherwise, changes of these parameters are not applied to deployed agents.