Configuring Tracee in Kubernetes¶
In Kubernetes, Tracee uses a ConfigMap, called tracee
to make Tracee configuration accessible. The ConfigMap includes a data file called config.yaml
with the desired configuration. For example:
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app.kubernetes.io/name: tracee
app.kubernetes.io/component: tracee
app.kubernetes.io/part-of: tracee
name: tracee
data:
config.yaml: |-
cache:
- cache-type=mem
- mem-cache-size=512
Kubectl¶
You can use kubectl
to interact with it:
View:
kubectl get cm tracee-config -n tracee
Edit:
kubectl edit cm tracee-config -n tracee
Helm¶
You can customize specific options with the helm installation:
helm install tracee aqua/tracee \
--namespace tracee --create-namespace \
--set config.blobPerfEventSize=1024
or after installation:
helm install tracee aqua/tracee \
--namespace tracee --create-namespace \
--set config.output[0]=table \
or to provide a complete config file:
helm install tracee aqua/tracee \
--namespace tracee --create-namespace \
--set-file configFile=myconfig.yaml