Install Windows Agent on AKS or EKS Clusters using Helm Chart
Overview
You can install the Windows agent on an Azure Kubernetes Service (AKS) or Amazon Elastic Kubernetes Service (EKS) cluster with a Helm chart. The Helm chart enables you to automatically deploy a Kubernetes pod containing the agent onto every node in your cluster.
The Windows agent running on AKS and EKS clusters currently does not support host vulnerability assessment.
Prerequisites
Ensure your AKS or EKS clusers meet the following prerequisites:
An AKS or EKS cluster with Windows Server nodes that meet the system requirements specified in Supported Kubernetes Environments.
Lacework Windows agent version 1.5 or later for AKS.
Lacework Windows agent version 1.4 or later for EKS.
Ensure that the agent has access to tags in your AWS account. For more information, see Configure Access to Tags in AWS.
Note: The agent can automatically access tags in Microsoft Azure. Hence, no special configuration is required for Microsoft Azure.
Install the following on your machine:
- Docker
- Helm
- kubectl command-line tool
- For AKS, install:
- For EKS, install:
Supported Kubernetes Environments
| Environment | Environment Name / Version |
|---|---|
| Kubernetes | Version 1.23, 1.24 |
| Kubernetes orchestrator | Azure Kubernetes Service (AKS) Amazon Elastic Kubernetes Service (EKS) |
| Supported Windows OS for Nodes |
|
| Container runtime | containerd version 1.6 or later |
| Container isolation mode | Process isolation mode Note: Hyper-V isolation mode is not supported. |
| Helm | Version 3.8x, 3.9.x, 3.10.x |
Install the Windows Agent with a Helm Chart
Follow these steps to install the agent with a Helm chart:
Add the Lacework Helm Charts repository:
helm repo add lacework https://lacework.github.io/helm-charts/Do one of the following:
If you are using AKS, run the
az logincommand to use the Azure CLI with your Azure account.If you are using EKS, run the
aws configurecommand to use the AWS CLI with your AWS account.Ensure that you have connected to the AWS region that contains your EKS cluster.
Run the following Helm commands to install the agent:
If you are using a tenant located in North America, run the following command:
helm upgrade --install lw-agent lacework/lacework-agent-windows \
--set windowsAgent.agentConfig.accessToken=LACEWORK_AGENT_TOKEN \
--set windowsAgent.agentConfig.kubernetesCluster=CLUSTER_NAME \If you are using a tenant located outside of North America, run the following command:
helm upgrade --install lw-agent lacework/lacework-agent-windows \
--set windowsAgent.agentConfig.accessToken=LACEWORK_AGENT_TOKEN \
--set windowsAgent.agentConfig.serverUrl=LACEWORK_SERVER_URL \
--set windowsAgent.agentConfig.kubernetesCluster=CLUSTER_NAME \Where:
LACEWORK_AGENT_TOKENis your agent access token. For more information, see Agent Access Token.LACEWORK_SERVER_URLis your Lacework agent server URL. For more information, see serverurl Property.CLUSTER_NAMEis the name of your cluster.
Run the following command to verify that the pods for the Windows agent have the Running status.
kubectl get podsConfirm the Windows agent is installed successfully.
kubectl logs POD_NAME | grep 'MSI Installation successful'Where
POD_NAMEis the name of your agent POD.
After you install the agent, it takes 10 to 15 minutes for agent data to appear in the Lacework Console under Agents. You can also view your cluster in the Lacework Console under Workloads > Kubernetes.
Uninstall the Agent with a Helm Chart
To uninstall the agent with a Helm chart:
Open a Terminal and navigate to the
helm_chartdirectory that contains the Helm chart.Do the following:
If you are using AKS, run the
az logincommand to use the Azure CLI with your Azure account.If you are using EKS, run the
aws configurecommand to use the AWS CLI with your AWS account.Ensure that you have connected to the AWS region that contains your EKS cluster.
Use Helm to uninstall the agent.
helm uninstall lw-agentVerify that the pods for the Windows agent have been terminated.
kubectl get pods