Setting up Cloud Security on Kubernetes

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Use the following instructions to enable Misconfigurations and Vulnerability Management.

Collecting events using Cloud Security Management will affect your billing. For more information, see Datadog Pricing.

Prerequisites

Note: SBOM collection is not compatible with the image streaming feature in Google Kubernetes Engine (GKE). To disable it, see the Disable Image streaming section of the GKE docs.

Installation

    1. Add the following to the spec section of the datadog-agent.yaml file:

      # datadog-agent.yaml file
apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
  name: datadog
spec:
  features:
    # Enables Misconfigurations
    cspm:
      enabled: true
      hostBenchmarks:
        enabled: true

    # Enables Software Bill of Materials (SBOM) collection
    sbom:
      enabled: true

      # Enables Container Vulnerability Management
      containerImage:
        enabled: true

      # Enables Host Vulnerability Management
      host:
        enabled: true

    2. Apply the changes and restart the Agent.

    1. Add the following to the datadog section of the datadog-values.yaml file:

      # datadog-values.yaml file
datadog:
  securityAgent:
    # Enables Misconfigurations
    compliance:
      enabled: true
      host_benchmarks:
        enabled: true

  # Enables Software Bill of Materials (SBOM) collection
  sbom:
    # Enables Container Vulnerability Management
    containerImage:
      enabled: true

    # Enables Host Vulnerability Management
    host:
      enabled: true

    2. Restart the Agent.

    PREVIEWING: antoine.dussault/adaptive_sampling_ga