How Lacework FortiCNAPP derives the K8s cluster name

When you deploy the Lacework FortiCNAPP agent in your Kubernetes (K8s) environment, the list of K8s clusters in which the agent is deployed displays in the Kubernetes Dashboard in the Lacework FortiCNAPP console.

This topic describes how Lacework FortiCNAPP derives the K8s cluster name, what you can do if the cluster name does not appear in the Lacework FortiCNAPP console, and how you can modify the cluster name that appears in the Lacework FortiCNAPP console.

How Lacework FortiCNAPP derives the cluster name

Depending on your K8s environment and distribution, Lacework FortiCNAPP uses multiple methods to derive the cluster name.

1. If your K8s orchestrator supports machine tags, you can add a machine tag named KubernetesCluster for your cluster. Lacework FortiCNAPP can derive the cluster name from the machine tag. See Add KubernetesCluster Machine Tag.

2. The Lacework FortiCNAPP agent can also read the cluster name from its local config.json file if it is specified using the KubernetesCluster agent tag, as shown in the following example. For more information, see Set KubernetesCluster Agent Tag in config.json File.

   {
       "tokens":{"AccessToken":"YourAgentAccessToken"},
       "serverurl":"LaceworkServerURL", 
       "tags":{"Env":"k8s",KubernetesCluster":"prod.k8s.local"}
   }
   

3. When using the Lacework Kubernetes Agent Terraform module, the Kubernetes cluster name can be set explicitly with the following variable in the lacework_k8s_datacollector module:

   lacework_cluster_name = "my-k8s-cluster"
   

   This should match the name defined in your cloud provider environment. For example, list your Amazon Elastic K8s Service (EKS) clusters to discover the relevant name.

4. If your K8s orchestrator does not have the KubernetesCluster machine tag and your config.json file does not have the KubernetesCluster agent tag, Lacework FortiCNAPP attempts to locate a key in the agent data set that resembles k8s.io/cluster-autoscaler/newprod.k8s.local:true to derive the cluster name. In this example, newprod.k8s.local is the cluster name.

5. If the machine tag, agent tag, or agent data set key is not available, the cluster name does not display in the Kubernetes Dashboard in the Lacework FortiCNAPP console.

What should I do if a cluster does not display in the Lacework FortiCNAPP console?

A K8s cluster may not display in the K8s dashboard in the Lacework FortiCNAPP console if:

• The Lacework FortiCNAPP agent cannot read the cluster name in your K8s environment. See How Lacework derives the cluster name.
• The cluster was not active during the time window you selected in the K8s dashboard in the Lacework FortiCNAPP console.

If a cluster is active, you can do one of the following to display the cluster name in the Kubernetes dashboard:

• Add KubernetesCluster machine tag (recommended)
• Set KubernetesCluster agent tag in config.json file.
• Set the lacework_cluster_name variable in the Lacework Kubernetes agent Terraform module.

Add KubernetesCluster machine tag (recommended)

If your K8s orchestrator supports machine tags, do the following:

To add KubernetesCluster machine tag:

1. Add a machine tag named KubernetesCluster on your cluster and specify the cluster name as the tag value. For example, add the following tag on your EKS cluster using the instructions at Tagging Your Amazon EKS Resources.

   

2. Ensure that the Lacework FortiCNAPP agent has access to the tags in your K8s orchestrator.

   • To provide access to tags on AWS, see Configure access to tags and metadata in AWS.
   • To provide access to labels on Google Cloud, see Configure Access to Labels in Google Cloud.
   • The agent can automatically access tags on Microsoft Azure. Hence, no special configuration is required for Microsoft Azure.

We recommend this method because it enables the agent to automatically obtain the cluster name from your K8s orchestrator.

Set KubernetesCluster Agent Tag in config.json File

You can set the KubernetesCluster agent tag in the config.json agent configuration file by doing any of the following. We recommend this method if you have built your own Kubernetes cluster rather than utilizing EKS, AKS, GKE, or similar orchestrator.

• If you use the Lacework FortiCNAPP Helm chart to deploy the agent, use the following option with the helm install or helm upgrade command:

  --set laceworkConfig.kubernetesCluster=YourClusterName
  

  helm --install --namespace lacework --create-namespace \
  --set laceworkConfig.accessToken=LACEWORK_AGENT_TOKEN \
  --set laceworkConfig.serverUrl=LACEWORK_SERVER_URL \
  --set laceworkConfig.kubernetesCluster=YourClusterName \
  lacework-agent lacework/lacework-agent
  

  For more information about using the Lacework FortiCNAPP Helm chart, see Install using Helm.

• If you use the lacework-cfg-k8s.yaml configmap file to deploy the agent, do the following:

  1. Specify the cluster name using the KubernetesCluster tag in the config.json section of the lacework-cfg-k8s.yaml file as shown below:

     apiVersion: v1
     kind: ConfigMap
     metadata:
         name: lacework-config
     data:
         config.json: |
           {
             "tokens":{"AccessToken":"YourAgentAccessToken"},
             "serverurl":"LaceworkServerURL",
             "tags":{"Env":"k8s", "KubernetesCluster":"YourClusterName"}
           }
     

  2. Push the updated lacework-cfg-k8s.yaml file to the cluster.

     kubectl replace -f lacework-cfg-k8s.yaml -n lacework
     

  For more information about using the lacework-cfg-k8s.yaml configmap file, see Deploy with a DaemonSet.

Set the lacework_cluster_name Variable in the Lacework Kubernetes Agent Terraform Module

When using the Lacework Kubernetes Agent Terraform module, the Kubernetes cluster name can be set explicitly with the following variable in the lacework_k8s_datacollector module:

lacework_cluster_name = "my-k8s-cluster"

The name should match the name defined in your cloud provider environment. For example, list your Amazon EKS clusters to discover the relevant cluster name.

How Can I Modify a Cluster Name in the Lacework FortiCNAPP Console

Lacework FortiCNAPP allows you to change the cluster name reported by the Lacework FortiCNAPP agent in the Kubernetes Dashboard in the Lacework FortiCNAPP Console.

• If you use the Lacework FortiCNAPP Helm chart to deploy the agent, use the following option with the helm install or helm upgrade command:

  --set laceworkConfig.kubernetesCluster=YourClusterName
  

  For more information about using the Lacework FortiCNAPP Helm chart, see Install using Helm.

• If you use the lacework-cfg-k8s.yaml configmap file to deploy the agent, do the following:

  1. Specify the cluster name using the KubernetesCluster tag in the config.json section of the lacework-cfg-k8s.yaml file as shown below:

     apiVersion: v1
     kind: ConfigMap
     metadata:
         name: lacework-config
     data:
         config.json: |
          {
             "tokens":{"AccessToken":"YourAgentAccessToken"},
             "serverurl":"LaceworkServerURL",
             "tags":{"Env":"k8s", "KubernetesCluster":"YourClusterName"}
          }
     

  2. Push the updated lacework-cfg-k8s.yaml file to the cluster.

     kubectl replace -f lacework-cfg-k8s.yaml -n lacework
     

  For more information about using the lacework-cfg-k8s.yaml configmap file, see DaemonSet Deployment Using a configmap.

• If you use the Lacework Kubernetes Agent Terraform module, add the following variable to your main.tf file within the lacework_k8s_datacollector module:

  module "lacework_k8s_datacollector" {
      ...
      # This should match the name defined in your cloud provider environment.
      lacework_cluster_name   = "my-k8s-cluster"
  }
  

  You would then need to re-run terraform apply -refresh-only to apply the change (check that your version of Terraform supports this command before running).