Configure Windows Agent on AKS or EKS Clusters using Helm Chart
You can do one of the following to configure the agent on AKS or EKS clusters with a Helm chart:
- Use command-line options for the
helm install
orhelm upgrade
command. - Modify the parameters in the
values.yaml
file in your Helm chart to configure the agent and use thehelm install
orhelm upgrade
command to apply the configuration.
See the following sections for more information about the command-line options and values.yaml
parameters that you can use to configure the agent.
Define Lacework Agent Access Token
Define your Lacework agent access token in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.accessToken=AGENT_ACCESS_TOKEN
- Modify the
values.yaml
file and add data similar to the following:For more information, see Agent Access Token.accessToken: AGENT_ACCESS_TOKEN
Define Lacework Agent Server URL
Define your Lacework agent server URL in one of the following ways. For more information, see serverurl Property.
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.serverUrl=LACEWORK_SERVER_URL
- Modify the
values.yaml
file and add data similar to the following:serverUrl: LACEWORK_SERVER_URL
Define CPU Requests and Limits
CPU requests specify the minimum CPU resources available to containers. CPU limits specify the maximum CPU resources available to containers. For more information, see Resource Management for Pods and Containers.
The default CPU request is 200m
. The default CPU limit is 500m
.
Define the CPU requests and limits in one of the following ways:
- Use the following options with
helm install
orhelm upgrade
command:--set windowsAgent.resources.requests.cpu=300m
--set windowsAgent.resources.limits.cpu=500m - Modify the
values.yaml
file in your Helm chart and add data similar to the following:resources:
requests:
cpu: 300m
limits:
cpu: 500m
The CPU requests and limits are currently not applied to the Windows agent.
Define Memory Requests and Limits
Memory requests specify the minimum memory available to containers. Memory limits specify the maximum memory available to containers. For more information, see Resource Management for Pods and Containers.
The default memory request is 64Mi
. The default memory limit is 1024Mi
.
Define the memory requests and limits in one of the following ways:
- Use the following options with the
helm install
orhelm upgrade
command:--set windowsAgent.resources.requests.memory=384Mi
--set windowsAgent.resources.limits.memory=512Mi - Modify the
values.yaml
file and add data similar to the following:resources:
requests:
memory: 384Mi
limits:
memory: 512Mi
The memory requests and limits are currently not applied to the Windows agent.
Define Image Pull Secrets
Image pull secrets enable fetching the Lacework agent image from private repositories and/or allow bypassing rate limits.
Configure the image pull secrets in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.image.imagePullSecrets.name=<registrySecret>
- Modify the
values.yaml
file and add data similar to the following:imagePullSecrets:
- name: <registrySecret>
Where <registrySecret>
is the name of the secret that contains the credentials necessary to fetch the Lacework Windows agent image.
Define a Proxy URL
Proxy servers allow you to Define a URL to route agent traffic.
You can set the proxy server URL in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.proxyUrl=LACEWORK_PROXY_URL
- Modify the
values.yaml
file and add data similar to the following:proxyUrl: value
For more information, see Use a Network Proxy for Windows Agent Traffic.
Define File Integrity Monitoring (FIM) Properties
Enable or Disable FIM
File Integrity Monitoring (FIM) is enabled by default. You can disable FIM in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.fim.enable=false
- Modify the
values.yaml
file and add data similar to the following:fim:
enable: false
If FIM is disabled, you can enable it in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.fim.enable=true
- Modify the
values.yaml
file and add data similar to the following:fim:
enable: true
For more information, see File Integrity Monitoring for Windows Overview.
Override Default File Paths for FIM
You can override default file paths for FIM in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.fim.filePath={C:\\users,C:\\data}
- Modify the
values.yaml
file and add data similar to the following:fim:
filePath: [C:\\users,C:\\data]
For more information, see filepath Property.
Define the File Paths to Ignore for FIM
You can define file paths to ignore for FIM in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.fim.fileIgnore={C:\\backup,C:\\test}
- Modify the
values.yaml
file and add data similar to the following:fim:
fileIgnore: [C:\\backup,C:\\test]
For more information, see fileignore Property.
Define the FIM Scan Start Time
You can define a start time for the daily FIM scan. For example, to start the FIM scan at 7:30 PM every day, do one of the following:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.fim.runAt=19:30
- Modify the
values.yaml
file and add data similar to the following:fim:
runAt: 19:30
For more information, see runat Property.
Override the Default Maximum Number of Files to Scan
By default, Lacework runs the FIM scan on up to 500000 files.
You can increase or decrease the maximum number of files to scan. For example, to limit the FIM scan to 20000 files, do one of the following:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.fim.maxscanfiles=20000
- Modify the
values.yaml
file and add data similar to the following:fim:
maxscanfiles: 20000
For more information, see maxscanfiles Property.
Prevent File Access Timestamp from Being Used in Hash Computation
You can prevent the file access timestamp from being used in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.fim.noAtime=true
- Modify the
values.yaml
file and add data similar to the following:fim:
noAtime: true
Alternatively, you can enable file access timestamp to be used in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.fim.noAtime=false
- Modify the
values.yaml
file and add data similar to the following:fim:
noAtime: false
For more information, see noatime Property.
Enable or Disable Windows Registry Monitoring
Windows registry monitoring is enabled by default.
You can disable registry monitoring in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.registry=disable
- Modify the
values.yaml
file and add data similar to the following:registry: disable
If registry monitoring is disabled, you can enable it in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.registry=enable
- Modify the
values.yaml
file and add data similar to the following:registry: enable
For more information, see Monitor Windows Registry Changes.
Define tolerations for Agent Pods on Kubernetes Clusters
You can define tolerations for agent pods on Kubernetes clusters.
For example, to schedule the agent pods on a node named myNode1
, do the following:
- Add a taint to the
myNode1
node.kubectl taint nodes myNode1 key1=green:NoSchedule
- Do one of the following to specify a toleration to schedule the agent pods on the
myNode1
node.- Use the following option with the
helm install
orhelm upgrade
command:--set "windowsAgent.tolerations[0].key=key1" \
--set "windowsAgent.tolerations[0].operator=Equal" \
--set "windowsAgent.tolerations[0].value=green" \
--set "windowsAgent.tolerations[0].effect=NoSchedule" \ - Modify the
values.yaml
file and add data similar to the following:tolerations:
- key: key1
operator: Equal
value: green
effect: NoSchedule
- Use the following option with the
Disable or Enable Automatic Upgrade of the Agent
By default, the Windows agent is automatically upgraded when a new version is available.
You can disable automatic upgrade in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.autoUpgrade=disabled
- Modify the
values.yaml
file and add data similar to the following:autoUpgrade: disabled
If automatic upgrade is disabled, you can enable it in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.autoUpgrade=enable
- Modify the
values.yaml
file and add data similar to the following:autoUpgrade: enable
Define Tags to Categorize Agents
You can use the tags
option to specify name/value tags to categorize your agents. For more information, see Adding Agent Tags.
To specify tags, do one of the following:
Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.tags.<tagname1>=<value1>
--set windowsAgent.agentConfig.tags.<tagname2>=<value2>For example:
--set windowsAgent.agentConfig.tags.location=austin
--set windowsAgent.agentConfig.tags.owner=peteModify the values.yaml file and add data similar to the following:
tags:
<tagname1>: <value1>
<tagname2>: <value2>For example:
tags:
location: austin
owner: pete
Define Custom Annotations
Annotations are a way of adding non-identifying metadata to Kubernetes objects. They are used by external tools to provide extra functionalities. For more information, see Annotations.
You can set annotations in one of the following ways:
Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.annotations.<key1>=<value1>
--set windowsAgent.agentConfig.annotations.<key2>=<value2>For example:
--set windowsAgent.agentConfig.annotations.owner=pete
--set windowsAgent.agentConfig.annotations.repository=https://github.com/lacework-testModify the
values.yaml
file and add data similar to the following:annotations:
<key1>: <value1>
<key2>: <value2>For example:
annotations:
owner: pete
repository: https://github.com/lacework-test
Define Custom Labels
Similar to custom annotations, custom labels are a way to add non-identifying metadata to Kubernetes objects. They are used by external tools to provide additional functionalities. For more information, see Labels and Selectors.
You can set labels in one of the following ways:
Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.labels.<key1>=<value1>
--set windowsAgent.agentConfig.labels.<key2>=<value2>For example:
--set windowsAgent.agentConfig.labels.release=stable
--set windowsAgent.agentConfig.labels.environment=productionModify the
values.yaml
file and add data similar to the following:labels:
<key1>: <value1>
<key2>: <value2>For example:
labels:
release: stable
environment: production
Define the Cluster Name
If your cluster does not appear in the Lacework Console under Workloads > Kubernetes after the agent is installed successfully, you can specify the cluster name using the kubernetesCluster
option.
You can specify the cluster name in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.kubernetesCluster=CLUSTER_NAME
- Modify the
values.yaml
file and add data similar to the following:kubernetesCluster: CLUSTER_NAME
Define a Name for your Kubernetes Environment
You can define a user-friendly name for your Kubernetes environment. For example, K8s_production
. The name you define is displayed as the value for the Env
tag in the Lacework Console. For more information, see Add Agent Tags.
You can specify a name for your Kubernetes Environment in one of the following ways:
- Use the following option with the
helm install
orhelm upgrade
command:--set windowsAgent.agentConfig.env=KUBERNETES_ENVIRONMENT_NAME
- Modify the
values.yaml
file and add data similar to the following:env: KUBERNETES_ENVIRONMENT_NAME