CLI agent

The agent is running on each node where the kernel module is used. It is responsible for the following:

• communicates with the kernel module directly
• parses identity rule files and loads them to the kernel module
• signs CSR requests generated by the kernel module
• adds metadata from the host environment to enrich process data (e.g. Kubernetes, AWS, etc…)

Configuration file

agent:
  trustDomain: acme.corp
  defaultCertTTL: 2h
  metadataCollectors:
    procfs:
      enabled: true
      extractEnvs: false
    linuxos:
      enabled: true
    sysfsdmi:
      enabled: true
    azure:
      enabled: false
    ec2:
      enabled: false
    gcp:
      enabled: false
    kubernetes:
      enabled: false
      kubeletHost: "127.0.0.1"
      kubeletPort: 10250
      kubeletCA: "/etc/camblet/kubernetes-ca.crt"
      skipKubeletVerification: false
      credentials: "/etc/camblet/kubelet-client.key, /etc/camblet/kubelet-client.crt"
    docker:
      enabled: false
      socketPath: "unix:///var/run/docker.sock"

Agent configuration

Field	Type	Required	Description
trustDomain	string	No	Set trust domain to use in the SPIFFE IDs.
defaultCertTTL	string	No	Default TTL setting for X509 certificates.
metadataCollectors	[]MetadataCollector	No	Configuring metadata collectors to enhance process data through the gathering of additional metadata.