I am pretty new to the osquery world. we are running our Kubernetes cluster in our data center, and osquery agent has been installed at the worker node host level, which is able to fill the virtual table as well as the event table. everything works perfectly. Currently, we are moving our system into AWS as well as GCP, we will not able to install osquery agent at the worker node level, we need to install it as daemonset, once osquery agent in daemonset, we are not able to get the host audit event. how could we solve this problem? any help will be appreciated.
04/28/2020, 3:36 PM
It definitely needs to run as a privileged container in order to access host resources.