Skip to content

The Komodor Agent


The Komodor agent uses the native RBAC model of Kubernetes. All the permissions are listed here:

  1. helm

ARM Support

Arm64 image is supported via docker manifest.

Advanced Configuration

You can configure the agent's functionality using the following configuration file: komodor-k8s-watcher.yaml (assuming the RBAC permissions are satisfied). A more detailed list of the configurable parameters can be found here

Data Redaction

Learn how to set up data redaction in Komodor


By default, the Komodor agent watches the majority of the resources in your cluster. You can enable/disable watching a resource using the following command:

  1. Helm: --set watcher.resources.RESOURCE=true/off


The Komodor agent watches all the namespaces (by default watchNamespace=all)

To watch a single namespace use the following command:

  1. Helm: --set watcher.watchNamespace=NAMESPACE


Using namespacesDenylist you can opt list of namespaces

Agent Tasks

Agent tasks are used to interact with the cluster on demand, read more about interaction with the cluster here

To enable agent tasks (default is off):

  1. Helm: --set watcher.enableAgentTaskExecution=true && --set watcher.allowReadingPodLogs=true

Environment Variables

Alternativly, you can pass the configuration as environment variables using the KOMOKW_ prefix and by replacing all the . to _, for the root items the camelcase transforms into underscores as well.

For example:

# apiKey
# watcher.resources.replicaSet

# watcher.watchNamespace
# watcher.collectHistory

Updating the agent


helm repo update
helm upgrade --install k8s-watcher komodorio/k8s-watcher --reuse-values



helm uninstall k8s-watcher