The agent discovers any running container communication with the docker daemon using
You can configure a different docker socket by setting the environment variable
STEADYBIT_DOCKER_SOCKET for the agent.
For each container the following attributes are provided:
- Container Name
- Container Image
- Container Host
- Container Ports
- Container Labels
In case the containers are running inside Kubernetes the following additional information is provided:
- Pod Name
- Pod Namespace
- Kubernetes Container Name
Kubernetes API Server
Our agent is able to communicate directly with the
Kubernetes API Server to get more details about containers and pods.
This optional feature can be given to the agents when deploying the
DaemonSet by setting up a
ServiceAccount and limit the access by using a
Additional information is provided by `
Our central platform prepares this additional information and uses it to identify new potential targets.
Thus it is possible to attack a dedicated Kubernetes
Deployment or to cause failures in a
We have described how this can be achieved and what is required in the Install on Kubernetes section.