Use the following instructions to enable CSM Threats on Kubernetes. To learn more about the supported deployment types for each CSM feature, see Setting Up Cloud Security Management.

  1. Add the following to the spec section of the datadog-agent.yaml file:

    # datadog-agent.yaml file
    spec:
      features:
        remoteConfiguration:
          enabled: true
        cws:
          enabled: true
    
  2. Apply the changes and restart the Agent.

  1. Add the following to the datadog section of the datadog-values.yaml file:

    # datadog-values.yaml file
    datadog:
      remoteConfiguration:
        enabled: true
      securityAgent:
        runtime:
          enabled: true
    
  2. Restart the Agent.

Add the following settings to the env section of security-agent and system-probe in the daemonset.yaml file:

  # Source: datadog/templates/daemonset.yaml
  apiVersion:app/1
  kind: DaemonSet
  [...]
  spec:
  [...]
  spec:
      [...]
        containers:
        [...]
          - name: agent
            [...]
            env:
              - name: DD_REMOTE_CONFIGURATION_ENABLED
                value: "true"
          - name: system-probe
            [...]
            env:
              - name: DD_RUNTIME_SECURITY_CONFIG_ENABLED
                value: "true"
              - name: DD_RUNTIME_SECURITY_CONFIG_REMOTE_CONFIGURATION_ENABLED
                value: "true"
          [...]