Skip to main content

How Lacework Derives the Kubernetes Cluster Name

A Kubernetes cluster name may not always display in the List of Active Containers. This article describes how Lacework collects the cluster name from tags and how to modify the cluster name.

Derive Kubernetes Cluster Name

  1. A handshake between the agent and the Lacework backend occurs.
  2. Depending on the Kubernetes environment and distribution, Lacework can use multiple methods to derive the cluster name.
    1. If your container orchestration has a machine tag, the Lacework agent can derive the cluster name from the machine tag as shown in the following example. Note that the Lacework agent must have access to the cloud instance (AWS, GCP, Azure) machine tags to read the Kubernetes cluster name. For more information about providing this access, see Configure Access to Tags in AWS.
      key = "KubernetesCluster"
      value = "prod.k8s.local"
    2. The Lacework agent can also read the KubernetesCluster name from its local config.json file if the KubernetesCluster name is set using an agent tag, as shown in the following example.
      {
      "tokens" : { "AccessToken" : "YourAgentAccessToken" },
      "tags": { "test_01": "Value_01", "test_02" : "Value_02", "KubernetesCluster" : "prod.k8s.local" }
      }
    3. To learn how to set agent tags, see Add Agent Tags. To view the current agent tags, enter the following command.
      cat agent/install/lacework-cfg-k8s.yaml
      apiVersion: v1
      kind: ConfigMap
      metadata:
      name: lacework-config
      data:
      config.json: |
      {"tokens":{"AccessToken":"${LaceworkAccessToken}"}, "tags":{KubernetesCluster":"prod.k8s.local"}
  3. If your container orchestration does not have a machine tag, then Lacework attempts to locate a key in the agent data set that resembles k8s.io/cluster-autoscaler/newprod.k8s.local:true to derive the cluster name.
    key = "KubernetesCluster"
    value = "newprod.k8s.local"
  4. If none of the machine tag information or agent data set key information is available, the Kubernetes cluster name cannot be displayed so it remains blank.

Modify Kubernetes Cluster Name

  1. Lacework allows you to change the Kubernetes cluster name reported by the Lacework agent.
    1. If you use Helm, enter the following command. --set laceworkConfig.kubernetesCluster=${KUBERNETES_CLUSTER_NAME}
    2. If you use the YAML file, you can edit lacework-k8s.yaml to include a name under config.json: "KubernetesCluster" :”myName”.