Install Tracee on Kubernetes¶
In the deploy/kubernetes directory you will find Yaml files to deploy Tracee in a Kubernetes environment. These files will deploy Tracee as a DaemonSet alongside a message routing application (Postee) that will help you consume the detections in your preferred way (e.g. Slack, E-mail, JIRA and more).
Note
Although not optimal, you may consume tracee detections through
daemonset/tracee logs with kubectl logs -f daemonset/tracee
.
Tip
The preferred way to deploy tracee is through its Helm chart!
-
Install Tracee using Helm
-
Clone the Helm chart:
$ git clone --depth 1 --branch v0.8.1 https://github.com/aquasecurity/tracee.git $ cd tracee
-
Install the Helm chart from a local directory:
$ helm repo add aqua-charts https://aquasecurity.github.io/helm-charts $ helm dependency update ./deploy/helm/tracee $ helm install tracee ./deploy/helm/tracee \ --namespace tracee-system --create-namespace \ --set hostPID=true \ --set postee.enabled=true
-
-
Install Tracee Manually
To install Tracee with Postee, simply run:
$ kubectl create \ -f https://raw.githubusercontent.com/aquasecurity/postee/main/deploy/kubernetes/postee.yaml \ -f https://raw.githubusercontent.com/aquasecurity/tracee/v0.8.1/deploy/kubernetes/tracee-postee/tracee.yaml
-
After Installation
In order to choose how to make Postee deliver detection events from Tracee, you may edit the
postee-config
configMap. Follow this example.You can also use the Postee UI to configure integrations.
Platform Support¶
This approach assumes that host nodes have either BTF available or kernel headers available under conventional location. See Tracee's prerequisites for more info. For the major Kubernetes platforms this should work out-of-the-box, including GKE, EKS, AKS, minikube.