A Kubernetes cluster name may not always display in the List of Active Containers. This article describes how Lacework collects the cluster name from tags.
- A handshake between the agent and the Lacework backend occurs.
- Depending on the Kubernetes environment and distribution, Lacework can use multiple methods to derive the cluster name.
- If your container orchestration has a machine tag, the Lacework agent can derive the cluster name from the machine tag as shown in the following example. Note that the Lacework agent must have access to the cloud instance (AWS, GCP, Azure) machine tags to read the Kubernetes cluster name. For more information about providing this access, see Add the 'Name' field to the Machine Properties Table.
key = "KubernetesCluster"
value = "prod.k8s.local" - The Lacework agent can also read the KubernetesCluster name from its local config.json file if the KubernetesCluster name is set using an agent tag, as shown in the following example.
{ "tokens" : { "AccessToken" : "YourAgentAccessToken" }, "tags": { "test_01": "Value_01", "test_02" : "Value_02", "KubernetesCluster":"prod.k8s.local" } } - To learn how to set agent tags, see Add Agent Tags. To view the current agent tags, enter the following command.
$ cat agent/install/lacework-cfg-k8s.yaml apiVersion: v1 kind: ConfigMap metadata: name: lacework-config data: config.json: | {"tokens":{"AccessToken":"${LaceworkAccessToken}"}, "tags":{KubernetesCluster":"prod.k8s.local"}
- If your container orchestration has a machine tag, the Lacework agent can derive the cluster name from the machine tag as shown in the following example. Note that the Lacework agent must have access to the cloud instance (AWS, GCP, Azure) machine tags to read the Kubernetes cluster name. For more information about providing this access, see Add the 'Name' field to the Machine Properties Table.
- If your container orchestration does not have a machine tag, then Lacework attempts to locate a key in the agent data set that resembles
k8s.io/cluster-autoscaler/newprod.k8s.local:trueto derive the cluster name.key = "KubernetesCluster" value = "newprod.k8s.local" - If none of the machine tag information or agent data set key information is available, the Kubernetes cluster name cannot be displayed so it remains blank.