Installation & upgrading
Limited Availability Feature
This feature is currently available through feature flags. Contact us to enable access for your organization.
Installing runtime security
Runtime security can be enabled through several methods that align with how you've deployed other Cast AI components. This section details installing and configuring Runtime security using the Cast AI console, Terraform, or Helm.
Note
Runtime security operates as a sub-feature of the Kvisor security agent. Enabling runtime security will install the Kvisor agent as a DaemonSet to ensure continuous runtime scanning across all nodes in your cluster.
Install using the Cast AI console
Enabling runtime security is simplest through the Cast AI console. Follow the steps outlined in our Getting started with Security guide to connect your cluster and enable the Security feature set, which includes runtime security capabilities.
Install using Terraform
If you manage your infrastructure as code, you can enable runtime security using our Terraform modules for GKE, EKS, and AKS. To do this:
- Set the
install_security_agent
variable totrue
- Configure runtime security via the
kvisor_values
variable
module "castai-eks-cluster" {
// ... other configuration ...
install_security_agent = true
# Kvisor configuration with runtime security enabled
kvisor_values = [
yamlencode({
# Runtime security agent configuration
agent = {
# Enable the runtime security agent (DaemonSet)
"enabled" = true
extraArgs = {
# Recommended default settings
"ebpf-events-enabled" = true # Monitor for anomalous activity
"file-hash-enricher-enabled" = true # Enable file hash event enrichment
# Optional settings
"netflow-enabled" = false
"stats-enabled" = false
"process-tree-enabled" = false
}
}
})
]
}
For complete examples, refer to our Terraform repositories:
Install using Helm
To install runtime security using Helm:
- Add the Cast AI Helm repository:
helm repo add castai-helm https://castai.github.io/helm-charts
helm repo update
- Install the Kvisor agent with runtime security enabled:
helm upgrade --install castai-kvisor castai-helm/castai-kvisor -n castai-agent \
--set castai.apiKey=<your-api-token> \
--set castai.clusterID=<your-cluster-id> \
--set controller.extraArgs.kube-linter-enabled=true \
--set controller.extraArgs.image-scan-enabled=true \
--set controller.extraArgs.kube-bench-enabled=true \
--set controller.extraArgs.cloud-provider=<aks|eks|gke> \
--set agent.enabled=true \
--set agent.extraArgs.ebpf-events-enabled=true \
--set agent.extraArgs.file-hash-enricher-enabled=true
Replace the following placeholders:
<your-api-token>
with your Cast AI API token<your-cluster-id>
with your cluster ID<aks|eks|gke>
with your Kubernetes provider (leave empty if not using these platforms)
Key configuration options
Option | Description | Recommendation |
---|---|---|
ebpf-events-enabled | Monitors cluster events for anomalous activity detection | Enable by default |
file-hash-enricher-enabled | Enriches exec events with file hash information | Enable by default |
netflow-enabled | Collects Kubernetes network flows using eBPF | Optional |
stats-enabled | Collects container and node resource statistics | Optional |
process-tree-enabled | Monitors process relationships | Optional |
For a complete list of available options, see the Runtime daemon agent flags in our GitHub repository.
Upgrading runtime security
To upgrade an existing Kvisor installation:
helm repo update castai-helm
helm upgrade --install castai-kvisor castai-helm/castai-kvisor -n castai-agent --reset-then-reuse-values
The --reset-then-reuse-values
flag preserves your existing configuration while applying the latest updates.
Upgrading runtime security using Component Control
Cast AI's Component Control dashboard provides a centralized way to manage all security components, including Kvisor:
- In the Cast AI console, select Manage Organization in the top right
- Navigate to Component control in the left menu
When Runtime Security components need updating, the dashboard will indicate this with a Warning status. To update:
- Find the Kvisor component in the list
- Click on it to view detailed information about versions across your clusters
- For any cluster showing Update needed, click the Update button
- Copy the provided script or Helm command
- Run the command in your terminal with access to your cluster
Note for Terraform-managed components
If you installed runtime security using Terraform, you'll need to update your Terraform configuration manually. The Component Control interface will provide links to relevant documentation to guide you through this process.
Troubleshooting
If you encounter issues with runtime security, you can check the logs and configuration:
Check Kvisor controller logs
kubectl logs -l app.kubernetes.io/name=castai-kvisor-controller -n castai-agent
Check runtime security agent logs
kubectl logs -l app.kubernetes.io/name=castai-kvisor-agent -n castai-agent
Verify applied configuration
helm get values castai-kvisor -n castai-agent
For additional assistance, contact Cast AI support.
Updated 7 days ago