The Darktrace Kubernetes Operator provides comprehensive security monitoring and threat detection for Kubernetes environments through automated deployment and management of Darktrace sensors.
- API Security Monitoring: Detect malicious Kubernetes API events using DtK8sSensorAuditAgent
- Network Traffic Analysis: Identify suspicious network activity with DtK8sSensorServer
- Container Security: Manage environment taxonomy aligned with Kubernetes API through DtK8sSensorClusterAnalyzer
- Health Monitoring: Track deployment status and sensor health
- Automated Updates: Streamlined management of Darktrace component updates
- Kubernetes cluster with admin privileges
- Valid Darktrace Active AI Security Portal client credentials
- Network connectivity to Darktrace cloud services
The operator requires authenticated access to Darktrace's /CLOUD and /NETWORK endpoints for automated deployment and core functionality.
The installation process creates:
- Dedicated operator namespace
- Operator deployment with appropriate RBAC permissions
- Custom Resource Definitions (CRDs) for
DtK8sSensor,DtK8sSensorServer,DtK8sSensorAuditAgent, andDtK8sSensorClusterAnalyzer
Installation Steps:
- Download the latest
dt-k8ssensor-operator.yamlfrom the releases page - Deploy the operator:
NAMESPACE=<target-namespace> IMAGE=dt-k8ssensor:latest envsubst < dt-k8ssensor-operator.yaml | kubectl apply -f -
Confirm successful installation:
# Verify operator deployment
kubectl get deployment dt-k8ssensor -n <namespace>
# Check CRD installation
kubectl get crd | grep darktrace
# Validate operator logs
kubectl logs -l app=dt-k8ssensor -n <namespace>After successful operator installation, configure and deploy sensors through the Darktrace /CLOUD management console to begin protecting your Kubernetes environment.
For detailed configuration instructions, refer to the Darktrace Customer Portal.