To deploy the Cmd Audit agent to a container OS using Kubernetes, modify one of the templates in step 1.
1. Select and modify a template
Select a template:
There are four different templates: one each for Red Hat CoreOS and Fedora CoreOS, and two for Flatcar OS (one for versions prior to Linux 5.5, and one for Linux 5.5+). Select the template appropriate for your OS (below) and prepare to edit it.
Edit the template:
In the template, edit the values of CMD_PROJECT_KEY and CMD_SUB, as described here.
Red Hat CoreOS
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: cmd-daemonset
spec:
selector:
matchLabels:
app: cmd-daemonset
template:
metadata:
labels:
app: cmd-daemonset
spec:
containers:
- name: cmd-daemonset
image: registry.sw.cmd.com/cmdinc/cmd-agent:latest
imagePullPolicy: Always
volumeMounts:
- name: host-modules
mountPath: /lib/modules
readOnly: true
- name: host-debugfs
mountPath: /sys/kernel/debug
securityContext:
# These capabilities are required by the Cmd agent, in order to load BPF probes and access required
# information from procfs.
capabilities:
add:
- SYS_ADMIN
- SYS_PTRACE
- SYS_RESOURCE
env:
- name: CMD_SERVER_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# To find your CMD_PROJECT_KEY and CMD_SUB values, see https://help.cmd.com/en/articles/4257620-the-agent-download-endpoint
# The CMD_PROJECT_KEY and CMD_SUB values can also be kept in k8s ConfigMap or Secrets
- name: CMD_PROJECT_KEY
value: <add your project key here>
- name: CMD_SUB
value: <add your Cmd sub here>
# Using host PID namespace allows the Cmd agent to properly process PID information in other containers
hostPID: true
restartPolicy: Always
volumes:
- name: host-modules
hostPath:
path: /lib/modules
type: Directory
- name: host-debugfs
hostPath:
path: /sys/kernel/debug
type: Directory
Fedora CoreOS
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: cmd-daemonset
spec:
selector:
matchLabels:
app: cmd-daemonset
template:
metadata:
labels:
app: cmd-daemonset
spec:
containers:
- name: cmd-daemonset
image: registry.sw.cmd.com/cmdinc/cmd-agent:latest
imagePullPolicy: Always
volumeMounts:
- name: host-modules
mountPath: /lib/modules
readOnly: true
- name: host-debugfs
mountPath: /sys/kernel/debug
- name: host-btf
mountPath: /sys/kernel/btf
securityContext:
# These capabilities are required by the Cmd agent, in order to load BPF probes and access required
# information from procfs.
capabilities:
add:
- SYS_ADMIN
- SYS_PTRACE
- SYS_RESOURCE
env:
- name: CMD_SERVER_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# To find your CMD_PROJECT_KEY and CMD_SUB values, see https://help.cmd.com/en/articles/4257620-the-agent-download-endpoint
# The CMD_PROJECT_KEY and CMD_SUB values can also be kept in k8s ConfigMap or Secrets
- name: CMD_PROJECT_KEY
value: <add your project key here>
- name: CMD_SUB
value: <add your Cmd sub here>
# Using host PID namespace allows the Cmd agent to properly process PID information in other containers
hostPID: true
restartPolicy: Always
volumes:
- name: host-modules
hostPath:
path: /lib/modules
type: Directory
- name: host-debugfs
hostPath:
path: /sys/kernel/debug
type: Directory
- name: host-btf
hostPath:
path: /sys/kernel/btf
type: Directory
Flatcar OS (Linux 5.5+)
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: cmd-daemonset
spec:
selector:
matchLabels:
app: cmd-daemonset
template:
metadata:
labels:
app: cmd-daemonset
spec:
containers:
- name: cmd-daemonset
image: registry.sw.cmd.com/cmdinc/cmd-agent:latest
imagePullPolicy: Always
volumeMounts:
- name: host-modules
mountPath: /usr/lib64/modules
readOnly: true
- name: host-debugfs
mountPath: /sys/kernel/debug
- name: host-btf
mountPath: /sys/kernel/btf
securityContext:
# These capabilities are required by the Cmd agent, in order to load BPF probes and access required
# information from procfs.
capabilities:
add:
- SYS_ADMIN
- SYS_PTRACE
- SYS_RESOURCE
env:
- name: CMD_SERVER_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# To find your CMD_PROJECT_KEY and CMD_SUB values, see https://help.cmd.com/en/articles/4257620-the-agent-download-endpoint
# The CMD_PROJECT_KEY and CMD_SUB values can also be kept in k8s ConfigMap or Secrets
- name: CMD_PROJECT_KEY
value: <add your project key here>
- name: CMD_SUB
value: <add your Cmd sub here>
# Using host PID namespace allows the Cmd agent to properly process PID information in other containers
hostPID: true
restartPolicy: Always
volumes:
- name: host-modules
hostPath:
path: /usr/lib64/modules
type: Directory
- name: host-debugfs
hostPath:
path: /sys/kernel/debug
type: Directory
- name: host-btf
hostPath:
path: /sys/kernel/btf
type: Directory
Flatcar OS (versions before Linux 5.5)
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: cmd-daemonset
spec:
selector:
matchLabels:
app: cmd-daemonset
template:
metadata:
labels:
app: cmd-daemonset
spec:
containers:
- name: cmd-daemonset
image: registry.sw.cmd.com/cmdinc/cmd-agent-llvm:latest
imagePullPolicy: Always
volumeMounts:
- name: host-modules
mountPath: /usr/lib64/modules
readOnly: true
- name: host-debugfs
mountPath: /sys/kernel/debug
securityContext:
# These capabilities are required by the Cmd agent, in order to load BPF probes and access required
# information from procfs.
capabilities:
add:
- SYS_ADMIN
- SYS_PTRACE
- SYS_RESOURCE
env:
- name: CMD_SERVER_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
# To find your CMD_PROJECT_KEY and CMD_SUB values, see https://help.cmd.com/en/articles/4257620-the-agent-download-endpoint
# The CMD_PROJECT_KEY and CMD_SUB values can also be kept in k8s ConfigMap or Secrets
- name: CMD_PROJECT_KEY
value: <add your project key here>
- name: CMD_SUB
value: <add your Cmd sub here>
# Using host PID namespace allows the Cmd agent to properly process PID information in other containers
hostPID: true
restartPolicy: Always
volumes:
- name: host-debugfs
hostPath:
path: /sys/kernel/debug
type: Directory
- name: host-modules
hostPath:
path: /usr/lib64/modules
type: Directory
Once you've edited a template, continue to step 2.
2. Create the Cmd DaemonSet in your cluster
For example: kubectl apply -f cmd_daemonset.yaml .
After a few seconds, the DaemonSet will begin monitoring your cluster, and your nodes will appear in the Cmd web app.