Setting up Cloud Security on Kubernetes

문서 > Datadog 보안 > Cloud Security > Setting up Cloud Security > Deploying Cloud Security on the Agent > Setting up Cloud Security on Kubernetes

이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Use the following instructions to enable Misconfigurations and Vulnerability Management.

Collecting events using Cloud Security Management will affect your billing. For more information, see Datadog Pricing.

Prerequisites

Latest Datadog Agent version. For installation instructions, see Getting Started with the Agent or install the Agent from the Datadog UI.

Note: SBOM collection is not compatible with the image streaming feature in Google Kubernetes Engine (GKE). To disable it, see the Disable Image streaming section of the GKE docs.

Installation

Add the following to the spec section of the datadog-agent.yaml file:

# datadog-agent.yaml file
apiVersion: datadoghq.com/v2alpha1
kind: DatadogAgent
metadata:
  name: datadog
spec:
  features:
    # Enables Misconfigurations
    cspm:
      enabled: true
      hostBenchmarks:
        enabled: true

    # Enables Software Bill of Materials (SBOM) collection
    sbom:
      enabled: true

      # Enables Container Vulnerability Management
      containerImage:
        enabled: true

      # Enables Host Vulnerability Management
      host:
        enabled: true

Apply the changes and restart the Agent.

Add the following to the datadog section of the datadog-values.yaml file:

# datadog-values.yaml file
datadog:
  securityAgent:
    # Enables Misconfigurations
    compliance:
      enabled: true
      host_benchmarks:
        enabled: true

  # Enables Software Bill of Materials (SBOM) collection
  sbom:
    # Enables Container Vulnerability Management
    containerImage:
      enabled: true

    # Enables Host Vulnerability Management
    host:
      enabled: true

Restart the Agent.