Skip to content

Install Tracee on Kubernetes

In the deploy/kubernetes directory you will find Yaml files to deploy Tracee in a Kubernetes environment. These files will deploy Tracee as a DaemonSet alongside a message routing application (Postee) that will help you consume the detections in your preferred way (e.g. Slack, E-mail, JIRA and more).

Note

Although not optimal, you may consume tracee detections through daemonset/tracee logs with kubectl logs -f daemonset/tracee.

Tip

The preferred way to deploy tracee is through its Helm chart!

  1. Install Tracee using Helm

    1. Clone the Helm chart:

      $ git clone --depth 1 --branch v0.8.1 https://github.com/aquasecurity/tracee.git
      $ cd tracee
      
    2. Install the Helm chart from a local directory:

      $ helm repo add aqua-charts https://aquasecurity.github.io/helm-charts
      $ helm dependency update ./deploy/helm/tracee
      $ helm install tracee ./deploy/helm/tracee \
          --namespace tracee-system --create-namespace \
          --set hostPID=true \
          --set postee.enabled=true
      
  2. Install Tracee Manually

    To install Tracee with Postee, simply run:

    $ kubectl create \
        -f https://raw.githubusercontent.com/aquasecurity/postee/main/deploy/kubernetes/postee.yaml \
        -f https://raw.githubusercontent.com/aquasecurity/tracee/v0.8.1/deploy/kubernetes/tracee-postee/tracee.yaml
    
  3. After Installation

    In order to choose how to make Postee deliver detection events from Tracee, you may edit the postee-config configMap. Follow this example.

    You can also use the Postee UI to configure integrations.

Platform Support

This approach assumes that host nodes have either BTF available or kernel headers available under conventional location. See Tracee's prerequisites for more info. For the major Kubernetes platforms this should work out-of-the-box, including GKE, EKS, AKS, minikube.