Agent deployment

You should install Agents on all nodes of the cluster that you want to protect.

A separate group of agents is installed on each cluster.

To deploy agents in the cluster:

1. In the main menu, go to the Components → Agents section.
2. In the work pane, click the Add agent group button.
3. Fill in the fields in the form.
   1. Enter the group name. For convenient agent management, we recommend naming the group after cluster whose nodes the agents will be deployed on.
   2. If required, enter a description of the agent group.
   3. Select the type of agent.
   4. Select the type of target node operating system.
   5. Select the orchestrator to use.
4. In the KCS registry section, enter the web address of the registry where the images used to install agents are located. To access the registry, you must specify the correct user name and password.
5. Under Node monitoring, use the Disable/Enable toggle to start monitoring and analyzing the status of the network, processes inside containers, and file threat protection for the following settings:
   • Network connections monitoring. The status of network connections is monitored with traffic capture devices (network monitors) and eBPF modules. This process considers applicable runtime policies and container runtime profiles.
   • Container processes monitoring. Container processes are monitored using eBPF programs based on applicable runtime policy rules and container runtime profile rules.
   • File threat protection. To track malware database updates, specify one of the following values:
     • Malware DB update URL: the web address of the Kaspersky Container Security update service.
     • Malware DB update proxy: the HTTP proxy for a cloud or local update server.

     By default, File Threat Protection databases are updated from Kaspersky cloud servers.

   Monitoring steps that are not needed can be disabled to avoid unnecessary load on the nodes.

6. Under Deployment data, specify the name of the cluster namespace.
7. Click Save.

   The work pane below the completed form will display data required to continue deploying agents to the cluster.

8. To copy an automatically generated deployment token, click Copy. Deployment token: the identifier that the agent uses to connect to the server.
9. Use the instruction from the Configuration field to deploy agents in the cluster. For example:

   kubectl apply -f <file> -n <namespace>

   You can copy the instruction or download it in the .YAML format. Following the application of the instruction, the agent is deployed on all worker nodes of the cluster.