Skip to main content

Kubernetes Compliance Integrations


Lacework integrates with Kubernetes to monitor configuration compliance of your cluster resources. This includes:

Supported Integration Outcomes

The following outcomes are supported by this type of integration:

  • You want to monitor configuration compliance of your Kubernetes cluster.
  • You want to monitor both configuration compliance and workload security of your Kubernetes cluster.
    • Workload security is provided as an additional configuration option during the Kubernetes Compliance integration steps.
  • You are already monitoring workload security, and you also want to monitor configuration compliance of your Kubernetes cluster.

If you are only wanting to monitor workload security of your Kubernetes clusters, see Deploy Linux Agent on Kubernetes.

Lacework Compliance Summary for Amazon EKS Integrations

Watch Video Summary

Kubernetes Compliance Integration Components

Lacework uses three components to collect data for Kubernetes Compliance integrations.

Node Collector

The Node Collector collects data on each Kubernetes node.

  • The Node Collector is an independent component that shares the same installation journey as the Lacework Agent. It has separate configuration to allow operation on Kubernetes nodes.


    If the Lacework Agent is already installed on the cluster nodes, the installation will update the Agent configuration to enable the Node Collector functionality.

    It may also upgrade the Lacework Agent to the latest available release. See Lacework Agent Version Requirements for minimum version requirements for your Kubernetes environment.

  • This component is installed on every Kubernetes node in the cluster.

  • Node data is collected and sent to Lacework every hour.

  • The Node Collector will collect data relating to workload security if you choose to enable it during the installation steps.

Lacework Agent Version Requirements

The Node Collector has a minimum agent version for Kubernetes Compliance functionality, which varies for each supported Kubernetes environment:

Kubernetes EnvironmentMinimum Linux Agent Version
Amazon EKSv6.2

Cluster Collector

The Cluster Collector collects Kubernetes cluster data from the Kubernetes API server.

  • This component is installed on one container per cluster.
  • The container runs as a non-root user.
  • Retrieves node/instance metadata.
  • Cluster data is collected and sent to Lacework every 24 hours.

Cloud Collector (through Cloud Provider Integration)

The Cloud Collector collects data from cloud provider end points.

Timings for first report

Once all three of the integration components have collected data, the Kubernetes Compliance data is complete and available for assessment.

The node and cluster data is sent to Lacework within 2 hours of the collectors being installed on a cluster. Once the cloud collection has occurred, data will be visible in the Lacework platform.

Next Steps