How Lacework Derives the Kubernetes Cluster Name
When you deploy the Lacework agent in your Kubernetes environment, the list of Kubernetes clusters in which the agent is deployed is displayed in the Kubernetes dossier in the Lacework Console.
This topic describes how Lacework derives the Kubernetes cluster name, what you can do if the cluster name does not appear in the Lacework Console, and how you can modify the cluster name that appears in the Lacework Console.
How Lacework Derives the Cluster Name
Depending on your Kubernetes environment and distribution, Lacework uses multiple methods to derive the cluster name.
If your K8s orchestrator supports machine tags, you can add a machine tag named
KubernetesClusterfor your cluster. Lacework can derive the cluster name from the machine tag. For more information, see Add KubernetesCluster Machine Tag.The Lacework agent can also read the cluster name from its local config.json file if it is specified using the
KubernetesClusteragent tag, as shown in the following example. For more information, see Set KubernetesCluster Agent Tag in config.json File.{
"tokens":{"AccessToken":"YourAgentAccessToken"},
"serverurl":"LaceworkServerURL",
"tags":{"Env":"k8s",KubernetesCluster":"prod.k8s.local"}
}
If your K8s orchestrator does not have the
KubernetesClustermachine tag and your config.json file does not have theKubernetesClusteragent tag, Lacework attempts to locate a key in the agent data set that resemblesk8s.io/cluster-autoscaler/newprod.k8s.local:trueto derive the cluster name. In this example,newprod.k8s.localis the cluster name.If the machine tag, agent tag, or agent data set key is not available, the cluster name is not displayed in the Kubernetes dossier in the Lacework Console.
What Should I do if a Cluster is not Displayed in the Lacework Console
A Kubernetes cluster may not be displayed in the Kubernetes dossier in the Lacework Console if:
- The Lacework agent is unable to read the cluster name in your Kubernetes environment. For more information, see How Lacework Derives the Cluster Name.
- The cluster was not active during the time window you selected in the Kubernetes dossier in the Lacework console.
If a cluster is currently active, you can do one of the following to display the cluster name in the Kubernetes dossier:
Add KubernetesCluster Machine Tag (Recommended)
If your K8s orchestrator supports machine tags, do the following:
Add a machine tag named
KubernetesClusteron your cluster and specify the cluster name as the value of the tag. For example, add the following tag on your EKS cluster using the instructions at Tagging Your Amazon EKS Resources.
Ensure that the Lacework agent has access to the tags in your K8s orchestrator.
- To provide access to tags on AWS, see Configure Access to Tags in AWS.
- To provide access to labels on Google Cloud, see Configure Access to Labels in Google Cloud.
- The agent can automatically access tags on Microsoft Azure. Hence, no special configuration is required for Microsoft Azure.
note
Lacework recommends this method because it enables the agent to automatically obtain the cluster name from your K8s orchestrator.
Set KubernetesCluster Agent Tag in config.json File
You can set the KubernetesCluster agent tag in the config.json agent configuration file by doing any of the following. Lacework recommends this method if you have built your own Kubernetes cluster rather than utilizing EKS, AKS, GKE, or similar orchestrator.
If you use the Lacework Helm chart to deploy the agent, use the following option with the
helm installorhelm upgradecommand:--set laceworkConfig.kubernetesCluster=YourClusterNameFor example:
helm --install --namespace lacework --create-namespace \
--set laceworkConfig.accessToken=LACEWORK_AGENT_TOKEN \
--set laceworkConfig.serverUrl=LACEWORK_SERVER_URL \
--set laceworkConfig.kubernetesCluster=YourClusterName \
lacework-agent lacework/lacework-agentFor more information about using the Lacework Helm chart, see Install using Helm.
If you use the
lacework-cfg-k8s.yamlconfigmap file to deploy the agent, do the following:Specify the cluster name using the
KubernetesClustertag in theconfig.jsonsection of thelacework-cfg-k8s.yamlfile as shown below:apiVersion: v1
kind: ConfigMap
metadata:
name: lacework-config
data:
config.json: |
{
"tokens":{"AccessToken":"YourAgentAccessToken"},
"serverurl":"LaceworkServerURL",
"tags":{"Env":"k8s", "KubernetesCluster":"YourClusterName"}
}Push the updated lacework-cfg-k8s.yaml file to the cluster.
kubectl replace -f lacework-cfg-k8s.yaml -n lacework
For more information about using the lacework-cfg-k8s.yaml configmap file, see DaemonSet Deployment Using a configmap.
How Can I Modify a Cluster Name in the Lacework Console
Lacework allows you to change the cluster name reported by the Lacework agent in the Kubernetes dossier in the Lacework Console.
If you use the Lacework Helm chart to deploy the agent, use the following option with the
helm installorhelm upgradecommand:--set laceworkConfig.kubernetesCluster=YourClusterNameFor more information about using the Lacework Helm chart, see Install using Helm.
If you use the
lacework-cfg-k8s.yamlconfigmap file to deploy the agent, do the following:Specify the cluster name using the
KubernetesClustertag in theconfig.jsonsection of the lacework-cfg-k8s.yaml file as shown below:apiVersion: v1
kind: ConfigMap
metadata:
name: lacework-config
data:
config.json: |
{
"tokens":{"AccessToken":"YourAgentAccessToken"},
"serverurl":"LaceworkServerURL",
"tags":{"Env":"k8s", "KubernetesCluster":"YourClusterName"}
}Push the updated lacework-cfg-k8s.yaml file to the cluster.
kubectl replace -f lacework-cfg-k8s.yaml -n lacework
For more information about using the lacework-cfg-k8s.yaml configmap file, see DaemonSet Deployment Using a configmap.