The Komodor Agent¶
Permissions¶
The Komodor agent uses the native RBAC model of Kubernetes. All the permissions are listed here:
ARM Support¶
Arm64 image is supported via docker manifest.
Advanced Configuration¶
You can configure the agent's functionality using the following configuration file: komodor-k8s-watcher.yaml
(assuming the RBAC permissions are satisfied).
A more detailed list of the configurable parameters can be found here
Data Redaction¶
Learn how to set up data redaction in Komodor
Resources¶
By default, the Komodor agent watches the majority of the resources in your cluster. You can enable/disable watching a resource using the following command:
- Helm:
--set watcher.resources.RESOURCE=true/off
Namespaces¶
The Komodor agent watches all the namespaces (by default watchNamespace=all
)
To watch a single namespace use the following command:
- Helm:
--set watcher.watchNamespace=NAMESPACE
Denylist¶
Using namespacesDenylist
you can opt list of namespaces
Agent Tasks¶
Agent tasks are used to interact with the cluster on demand, read more about interaction with the cluster here
To enable agent tasks (default is off
):
- Helm:
--set watcher.enableAgentTaskExecution=true && --set watcher.allowReadingPodLogs=true
Environment Variables¶
Alternativly, you can pass the configuration as environment variables using the KOMOKW_
prefix and by replacing all the . to _, for the root items the camelcase transforms into underscores as well.
For example:
# apiKey
KOMOKW_API_KEY=00000000-FAKE-GUID-0000-000000000000
# watcher.resources.replicaSet
KOMOKW_RESOURCES_REPLICASET=false
# watcher.watchNamespace
KOMOKW_WATCH_NAMESPACE=my-namespace
# watcher.collectHistory
KOMOKW_COLLECT_HISTORY=true
Updating the agent¶
Helm¶
helm repo update
helm upgrade --install k8s-watcher komodorio/k8s-watcher --reuse-values
Uninstalling¶
Helm¶
helm uninstall k8s-watcher