Skip to main content

Configure Windows Agent on AKS or EKS Clusters using Helm Chart

You can do one of the following to configure the agent on AKS or EKS clusters with a Helm chart:

  1. Use command-line options for the helm install or helm upgrade command.
  2. Modify the parameters in the values.yaml file in your Helm chart to configure the agent and use the helm install or helm upgrade command to apply the configuration.

See the following sections for more information about the command-line options and values.yaml parameters that you can use to configure the agent.

Define Lacework Agent Access Token

Define your Lacework agent access token in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.accessToken=AGENT_ACCESS_TOKEN
  2. Modify the values.yaml file and add data similar to the following:
    accessToken: AGENT_ACCESS_TOKEN
    For more information, see Agent Access Token.

Define Lacework Agent Server URL

Define your Lacework agent server URL in one of the following ways. For more information, see serverurl Property.

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.serverUrl=LACEWORK_SERVER_URL
  2. Modify the values.yaml file and add data similar to the following:
    serverUrl: LACEWORK_SERVER_URL

Define CPU Requests and Limits​

CPU requests specify the minimum CPU resources available to containers. CPU limits specify the maximum CPU resources available to containers. For more information, see Resource Management for Pods and Containers.

The default CPU request is 200m. The default CPU limit is 500m.

Define the CPU requests and limits in one of the following ways:

  1. Use the following options with helm install or helm upgrade command:
    --set windowsAgent.resources.requests.cpu=300m
    --set windowsAgent.resources.limits.cpu=500m
  2. Modify the values.yaml file in your Helm chart and add data similar to the following:
    resources:
       requests:
          cpu: 300m
       limits:
          cpu: 500m
note

The CPU requests and limits are currently not applied to the Windows agent.

Define Memory Requests and Limits​

Memory requests specify the minimum memory available to containers. Memory limits specify the maximum memory available to containers. For more information, see Resource Management for Pods and Containers.

The default memory request is 64Mi. The default memory limit is 1024Mi.

Define the memory requests and limits in one of the following ways:

  1. Use the following options with the helm install or helm upgrade command:
    --set windowsAgent.resources.requests.memory=384Mi
    --set windowsAgent.resources.limits.memory=512Mi
  2. Modify the values.yaml file and add data similar to the following:
    resources:
       requests:
          memory: 384Mi
       limits:
          memory: 512Mi
note

The memory requests and limits are currently not applied to the Windows agent.

Define Image Pull Secrets​

Image pull secrets enable fetching the Lacework agent image from private repositories and/or allow bypassing rate limits.

Configure the image pull secrets in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.image.imagePullSecrets.name=<registrySecret>
  2. Modify the values.yaml file and add data similar to the following:
    imagePullSecrets:
       - name: <registrySecret>

Where <registrySecret> is the name of the secret that contains the credentials necessary to fetch the Lacework Windows agent image.

Define a Proxy URL

Proxy servers allow you to Define a URL to route agent traffic.

You can set the proxy server URL in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.proxyUrl=LACEWORK_PROXY_URL
  2. Modify the values.yaml file and add data similar to the following:
    proxyUrl: value

For more information, see Use a Network Proxy for Windows Agent Traffic.

Define File Integrity Monitoring (FIM) Properties​

Enable or Disable FIM​

File Integrity Monitoring (FIM) is enabled by default. You can disable FIM in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.fim.enable=false
  2. Modify the values.yaml file and add data similar to the following:
    fim:
       enable: false

If FIM is disabled, you can enable it in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.fim.enable=true
  2. Modify the values.yaml file and add data similar to the following:
    fim:
       enable: true

For more information, see File Integrity Monitoring for Windows Overview.

Override Default File Path​s for FIM

You can override default file paths for FIM in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.fim.filePath={C:\\users,C:\\data}
  2. Modify the values.yaml file and add data similar to the following:
    fim:
       filePath: [C:\\users,C:\\data]

For more information, see filepath Property.

Define the File Paths to Ignore​ for FIM

You can define file paths to ignore for FIM in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.fim.fileIgnore={C:\\backup,C:\\test}
  2. Modify the values.yaml file and add data similar to the following:
    fim:
       fileIgnore: [C:\\backup,C:\\test]

For more information, see fileignore Property.

Define the FIM Scan Start Time​

You can define a start time for the daily FIM scan. For example, to start the FIM scan at 7:30 PM every day, do one of the following:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.fim.runAt=19:30
  2. Modify the values.yaml file and add data similar to the following:
    fim:
       runAt: 19:30

For more information, see runat Property.

Override the Default Maximum Number of Files to Scan

By default, Lacework runs the FIM scan on up to 500000 files.

You can increase or decrease the maximum number of files to scan. For example, to limit the FIM scan to 20000 files, do one of the following:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.fim.maxscanfiles=20000
  2. Modify the values.yaml file and add data similar to the following:
    fim:
       maxscanfiles: 20000

For more information, see maxscanfiles Property.

Prevent File Access Timestamp from Being Used in Hash Computation​

You can prevent the file access timestamp from being used in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.fim.noAtime=true
  2. Modify the values.yaml file and add data similar to the following:
    fim:
       noAtime: true

Alternatively, you can enable file access timestamp to be used in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.fim.noAtime=false
  2. Modify the values.yaml file and add data similar to the following:
    fim:
       noAtime: false

For more information, see noatime Property.

Enable or Disable Windows Registry Monitoring

Windows registry monitoring is enabled by default.

You can disable registry monitoring in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.registry=disable
  2. Modify the values.yaml file and add data similar to the following:
    registry: disable

If registry monitoring is disabled, you can enable it in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.registry=enable
  2. Modify the values.yaml file and add data similar to the following:
    registry: enable

For more information, see Monitor Windows Registry Changes.

Define tolerations for Agent Pods on Kubernetes Clusters

You can define tolerations for agent pods on Kubernetes clusters.

For example, to schedule the agent pods on a node named myNode1, do the following:

  1. Add a taint to the myNode1 node.
    kubectl taint nodes myNode1 key1=green:NoSchedule
  2. Do one of the following to specify a toleration to schedule the agent pods on the myNode1 node.
    1. Use the following option with the helm install or helm upgrade command:
      --set "windowsAgent.tolerations[0].key=key1"  \
      --set "windowsAgent.tolerations[0].operator=Equal"  \
      --set "windowsAgent.tolerations[0].value=green"   \
      --set "windowsAgent.tolerations[0].effect=NoSchedule"  \
    2. Modify the values.yaml file and add data similar to the following:
      tolerations:
         - key: key1
           operator: Equal
           value: green
           effect: NoSchedule

Disable or Enable Automatic Upgrade of the Agent

By default, the Windows agent is automatically upgraded when a new version is available.

You can disable automatic upgrade in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.autoUpgrade=disabled
  2. Modify the values.yaml file and add data similar to the following:
    autoUpgrade: disabled

If automatic upgrade is disabled, you can enable it in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.autoUpgrade=enable
  2. Modify the values.yaml file and add data similar to the following:
    autoUpgrade: enable

Define Tags to Categorize Agents

You can use the tags option to specify name/value tags to categorize your agents. For more information, see Adding Agent Tags.

To specify tags, do one of the following:

  1. Use the following option with the helm install or helm upgrade command:

    --set windowsAgent.agentConfig.tags.<tagname1>=<value1>
    --set windowsAgent.agentConfig.tags.<tagname2>=<value2>

    For example:

    --set windowsAgent.agentConfig.tags.location=austin
    --set windowsAgent.agentConfig.tags.owner=pete

  2. Modify the values.yaml file and add data similar to the following:

    tags:
       <tagname1>: <value1>
       <tagname2>: <value2>

    For example:

    tags:
       location: austin
       owner: pete

Define Custom Annotations

Annotations are a way of adding non-identifying metadata to Kubernetes objects. They are used by external tools to provide extra functionalities. For more information, see Annotations.

You can set annotations in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:

    --set windowsAgent.agentConfig.annotations.<key1>=<value1>
    --set windowsAgent.agentConfig.annotations.<key2>=<value2>

    For example:

    --set windowsAgent.agentConfig.annotations.owner=pete
    --set windowsAgent.agentConfig.annotations.repository=https://github.com/lacework-test

  2. Modify the values.yaml file and add data similar to the following:

    annotations:
       <key1>: <value1>
       <key2>: <value2>

    For example:

    annotations:
       owner: pete
       repository: https://github.com/lacework-test

Define Custom Labels​

Similar to custom annotations, custom labels are a way to add non-identifying metadata to Kubernetes objects. They are used by external tools to provide additional functionalities. For more information, see Labels and Selectors.

You can set labels in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:

    --set windowsAgent.agentConfig.labels.<key1>=<value1>
    --set windowsAgent.agentConfig.labels.<key2>=<value2>

    For example:

    --set windowsAgent.agentConfig.labels.release=stable
    --set windowsAgent.agentConfig.labels.environment=production

  2. Modify the values.yaml file and add data similar to the following:

    labels:  
       <key1>: <value1>
       <key2>: <value2>

    For example:

    labels:
       release: stable
       environment: production

Define the Cluster Name

If your cluster does not appear in the Lacework Console under Workloads > Kubernetes after the agent is installed successfully, you can specify the cluster name using the kubernetesCluster option.

You can specify the cluster name in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.kubernetesCluster=CLUSTER_NAME
  2. Modify the values.yaml file and add data similar to the following:
    kubernetesCluster: CLUSTER_NAME

Define a Name for your Kubernetes Environment

You can define a user-friendly name for your Kubernetes environment. For example, K8s_production. The name you define is displayed as the value for the Env tag in the Lacework Console. For more information, see Add Agent Tags.

You can specify a name for your Kubernetes Environment in one of the following ways:

  1. Use the following option with the helm install or helm upgrade command:
    --set windowsAgent.agentConfig.env=KUBERNETES_ENVIRONMENT_NAME
  2. Modify the values.yaml file and add data similar to the following:
    env: KUBERNETES_ENVIRONMENT_NAME
Last updated on