A Terraform Module to create a Secret and DaemonSet for deploying the Lacework Datacollector Agent in a Kubernetes cluster. Optionally, the module can also deploy the Kubernetes Compliance collection agent.
The main.tf
file will configure a Kubernetes Secret and DaemonSet which will then be used to run the Lacework Datacollector pod across all worker nodes in a cluster.
Name | Version |
---|---|
terraform | >= 0.14 |
kubernetes | >= 2.0.0 |
Name | Version |
---|---|
kubernetes | >= 2.0.0 |
random | n/a |
Name | Type |
---|---|
kubernetes_cluster_role.lacework_k8s_collector | resource |
kubernetes_cluster_role_binding.lacework_k8s_collector | resource |
kubernetes_daemonset.lacework_datacollector | resource |
kubernetes_deployment.lacework_k8s_collector | resource |
kubernetes_secret.lacework_access_token | resource |
kubernetes_secret.lacework_config | resource |
kubernetes_secret.lacework_k8s_collector | resource |
kubernetes_service_account.lacework_k8s_collector | resource |
random_id.cluster_config_name_tail | resource |
random_id.node_config_name_tail | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
enable_cluster_agent | A boolean representing whether the Lacework cluster agent should be deployed | bool |
false |
no |
lacework_access_token | The access token for the Lacework agent | string |
n/a | yes |
lacework_agent_autoupgrade | Boolean value to control whether or not the agent should automatically upgrade to newer versions when available | bool |
true |
no |
lacework_agent_configuration | A map/dictionary of configuration parameters for the Lacework datacollector | any |
{} |
no |
lacework_enable_default_syscall_config | A flag to enable the default syscall config | bool |
false |
no |
lacework_agent_interface_connection_size | Desired value for the InterfaceConnectionSize Lacework agent parameter | string |
"" |
no |
lacework_agent_log_stdout | Enable Lacework agent stdout logging. | bool |
true |
no |
lacework_agent_name | The name for the Lacework agent service within Kubernetes | string |
"lacework-agent" |
no |
lacework_agent_tags | A map/dictionary of Tags to be assigned to the Lacework datacollector | map(string) |
{} |
no |
lacework_cluster_configuration | A map/dictionary of configuration parameters for the Lacework K8s collector | map(any) |
{} |
no |
lacework_cluster_cpu_limit | The limit of CPU units for the Lacework K8s collector pod | string |
"500m" |
no |
lacework_cluster_cpu_request | The amount of CPU units to request for the Lacework K8s collector pod | string |
"200m" |
no |
lacework_cluster_exclusive | A boolean representing whether the Lacework K8s collector will operate in exclusive mode | bool |
false |
no |
lacework_cluster_image | The name of the image to use for deploying the Lacework K8s collector | string |
"lacework/k8scollector" |
no |
lacework_cluster_image_pull_policy | The pull policy to use for deploying the Lacework K8s collector | string |
"Always" |
no |
lacework_cluster_mem_limit | The limit of Memory for the Lacework K8s collector pod | string |
"1450Mi" |
no |
lacework_cluster_mem_request | The amount of Memory to request for the Lacework K8s collector pod | string |
"512Mi" |
no |
lacework_cluster_name | The name of the K8s cluster that the Lacework K8s collector will monitor | string |
"" |
no |
lacework_cluster_region | The region of the K8s cluster that the Lacework K8s collector will monitor | string |
"" |
no |
lacework_cluster_type | The type of the K8s cluster that the Lacework K8s collector will monitor | string |
"" |
no |
lacework_config_name | The name for the Lacework agent configuration within Kubernetes | string |
"lacework-config" |
no |
lacework_image | The name of the image to use for deploying the Lacework datacollector | string |
"lacework/datacollector" |
no |
lacework_image_pull_policy | The pull policy to use for deploying the Lacework datacollector | string |
"Always" |
no |
lacework_proxy_url | The proxy URL for the Lacework agent | string |
"" |
no |
lacework_server_url | The server URL for the Lacework agent | string |
"" |
no |
namespace | The Kubernetes namespace in which to deploy | string |
"default" |
no |
node_selector | A map of key:value pairs of node labels to specify which nodes to deploy the DaemonsSet to | map(any) |
null |
no |
pod_cpu_limit | The limit of CPU units for the Lacework datacollector pod | string |
"500m" |
no |
pod_cpu_request | The amount of CPU units to request for the Lacework datacollector pod | string |
"200m" |
no |
pod_mem_limit | The limit of Memory for the Lacework datacollector pod | string |
"1450Mi" |
no |
pod_mem_request | The amount of Memory to request for the Lacework datacollector pod | string |
"512Mi" |
no |
pod_priority_class_name | Indicates the pod's priority. Requires an existing priority class name resource if not 'system-node-critical' and 'system-cluster-critical' | string |
"" |
no |
pod_service_account | The Kubernetes ServiceAccount to use in the pod template | string |
"" |
no |
revision_history_limit | The number of revision hitory to keep. | number |
10 |
no |
tolerations | A list of Kubernetes Tolerations to apply to the DaemonSet definition | list(map(string)) |
[ |
no |
Name | Description |
---|---|
lacework_config_name | Name of the Kubernetes Secret containing the Lacework config |
lacework_config_version | Version of the Kubernetes Secret containing the Lacework config |
lacework_datacollector_name | Name of the Kubernetes DaemonSet for the Lacework datacollector |
lacework_datacollector_version | Version of the Kubernetes DaemonSet for the Lacework datacollector |