search

lacework / terraform-kubernetes-agent

A Terraform Module to create a Secret and DaemonSet for deploying the Lacework Datacollector Agent in a Kubernetes cluster.
MIT License
2 stars 16 forks source link

readme

terraform-kubernetes-agent

GitHub release Codefresh build status

A Terraform Module to create a Secret and DaemonSet for deploying the Lacework Datacollector Agent in a Kubernetes cluster. Optionally, the module can also deploy the Kubernetes Compliance collection agent.

Kubernetes

The main.tf file will configure a Kubernetes Secret and DaemonSet which will then be used to run the Lacework Datacollector pod across all worker nodes in a cluster.

Requirements

Name Version
terraform >= 0.14
kubernetes >= 2.0.0
lacework ~> 1.18

Providers

Name Version
kubernetes >= 2.0.0
lacework ~> 1.18
random n/a

Modules

No modules.

Resources

Name Type
kubernetes_cluster_role.lacework_k8s_collector resource
kubernetes_cluster_role_binding.lacework_k8s_collector resource
kubernetes_daemonset.lacework_datacollector resource
kubernetes_deployment.lacework_k8s_collector resource
kubernetes_secret.lacework_access_token resource
kubernetes_secret.lacework_config resource
kubernetes_secret.lacework_k8s_collector resource
kubernetes_service_account.lacework_k8s_collector resource
random_id.cluster_config_name_tail resource
random_id.node_config_name_tail resource
lacework_metric_module.lwmetrics data source

Inputs

Name Description Type Default Required
enable_cluster_agent A boolean representing whether the Lacework cluster agent should be deployed bool false no
lacework_access_token The access token for the Lacework agent string n/a yes
lacework_agent_autoupgrade Boolean value to control whether or not the agent should automatically upgrade to newer versions when available bool true no
lacework_agent_configuration A map/dictionary of configuration parameters for the Lacework datacollector any {} no
lacework_agent_interface_connection_size Desired value for the InterfaceConnectionSize Lacework agent parameter string "" no
lacework_agent_log_stdout Enable Lacework agent stdout logging. bool true no
lacework_agent_name The name for the Lacework agent service within Kubernetes string "lacework-agent" no
lacework_agent_tags A map/dictionary of Tags to be assigned to the Lacework datacollector map(string) {} no
lacework_cluster_configuration A map/dictionary of configuration parameters for the Lacework K8s collector map(any) {} no
lacework_cluster_cpu_limit The limit of CPU units for the Lacework K8s collector pod string "500m" no
lacework_cluster_cpu_request The amount of CPU units to request for the Lacework K8s collector pod string "200m" no
lacework_cluster_exclusive A boolean representing whether the Lacework K8s collector will operate in exclusive mode bool false no
lacework_cluster_image The name of the image to use for deploying the Lacework K8s collector string "lacework/k8scollector" no
lacework_cluster_image_pull_policy The pull policy to use for deploying the Lacework K8s collector string "Always" no
lacework_cluster_mem_limit The limit of Memory for the Lacework K8s collector pod string "1450Mi" no
lacework_cluster_mem_request The amount of Memory to request for the Lacework K8s collector pod string "512Mi" no
lacework_cluster_name The name of the K8s cluster that the Lacework K8s collector will monitor string "" no
lacework_cluster_region The region of the K8s cluster that the Lacework K8s collector will monitor string "" no
lacework_cluster_type The type of the K8s cluster that the Lacework K8s collector will monitor string "" no
lacework_config_name The name for the Lacework agent configuration within Kubernetes string "lacework-config" no
lacework_enable_default_syscall_config A flag to enable the default syscall config bool false no
lacework_image The name of the image to use for deploying the Lacework datacollector string "lacework/datacollector" no
lacework_image_pull_policy The pull policy to use for deploying the Lacework datacollector string "Always" no
lacework_proxy_url The proxy URL for the Lacework agent string "" no
lacework_server_url The server URL for the Lacework agent string "" no
namespace The Kubernetes namespace in which to deploy string "default" no
node_affinity Node affinity settings 
list(object({
    key      = string
    operator = string
    values   = list(string)
  }))
 
[
  {
    "key": "kubernetes.io/arch",
    "operator": "In",
    "values": [
      "amd64",
      "arm64"
    ]
  },
  {
    "key": "kubernetes.io/os",
    "operator": "In",
    "values": [
      "linux"
    ]
  }
]
 no
node_selector A map of key:value pairs of node labels to specify which nodes to deploy the DaemonsSet to map(any) null no
pod_cpu_limit The limit of CPU units for the Lacework datacollector pod string "500m" no
pod_cpu_request The amount of CPU units to request for the Lacework datacollector pod string "200m" no
pod_mem_limit The limit of Memory for the Lacework datacollector pod string "1450Mi" no
pod_mem_request The amount of Memory to request for the Lacework datacollector pod string "512Mi" no
pod_priority_class_name Indicates the pod's priority. Requires an existing priority class name resource if not 'system-node-critical' and 'system-cluster-critical' string "" no
pod_service_account The Kubernetes ServiceAccount to use in the pod template string "" no
revision_history_limit The number of revision hitory to keep. number 10 no
tolerations A list of Kubernetes Tolerations to apply to the DaemonSet definition list(map(string)) 
[
  {
    "effect": "NoSchedule",
    "key": "node-role.kubernetes.io/infra"
  },
  {
    "effect": "NoSchedule",
    "key": "node-role.kubernetes.io/master"
  }
]
 no

Outputs

Name Description
lacework_config_name Name of the Kubernetes Secret containing the Lacework config
lacework_config_version Version of the Kubernetes Secret containing the Lacework config
lacework_datacollector_name Name of the Kubernetes DaemonSet for the Lacework datacollector
lacework_datacollector_version Version of the Kubernetes DaemonSet for the Lacework datacollector