Agent Deployment
Deploy the TigerGate eBPF agent for real-time runtime security monitoring and compliance evidence collection
Prerequisites
Before deploying the agent, ensure you have a TigerGate account and have obtained your agent token from the dashboard.
Kubernetes
DaemonSet deployment for K8s clusters
Docker
Container deployment with docker run
AWS ECS
Sidecar deployment for ECS tasks
Bare Metal / VM
Systemd service for Linux servers
Kubernetes Deployment
Deploy the TigerGate agent as a DaemonSet to monitor all nodes in your cluster.
Option 1: kubectl apply
# Create namespace
kubectl create namespace tigergate# Create secret with your token
kubectl create secret generic tigergate-token \
--from-literal=token=YOUR_TOKEN \
-n tigergate# Deploy the agent
kubectl apply -f https://install.tigergate.dev/agent.yamlOption 2: Helm Chart
# Add TigerGate Helm repository
helm repo add tigergate https://charts.tigergate.dev# Install the agent
helm install tigergate-agent tigergate/agent \
--set token=YOUR_TOKEN \
--namespace tigergate \
--create-namespaceVerify Installation
kubectl get pods -n tigergate# Expected output: tigergate-agent-xxxxx Running on each node
Docker Deployment
Run the TigerGate agent as a privileged container for host monitoring.
docker run -d \
--name tigergate-agent \
--privileged \
--pid=host \
--net=host \
-v /sys:/sys:ro \
-v /proc:/proc:ro \
-e TIGERGATE_TOKEN=YOUR_TOKEN \
-e TIGERGATE_COLLECTOR_URL=https://collector.tigergate.dev \
tigergate/agent:latestDocker Compose
services:
tigergate-agent:
image: tigergate/agent:latest
privileged: true
pid: host
network_mode: host
volumes:
- /sys:/sys:ro
- /proc:/proc:ro
environment:
- TIGERGATE_TOKEN=YOUR_TOKEN
- TIGERGATE_COLLECTOR_URL=https://collector.tigergate.dev
restart: unless-stoppedAWS ECS Deployment
Add the TigerGate agent as a sidecar container in your ECS task definitions.
{
"containerDefinitions": [
{
"name": "tigergate-agent",
"image": "tigergate/agent:latest",
"essential": false,
"privileged": true,
"linuxParameters": {
"capabilities": {
"add": ["SYS_ADMIN", "SYS_PTRACE", "NET_ADMIN"]
}
},
"environment": [
{
"name": "TIGERGATE_TOKEN",
"value": "YOUR_TOKEN"
},
{
"name": "TIGERGATE_COLLECTOR_URL",
"value": "https://collector.tigergate.dev"
}
],
"mountPoints": [
{
"sourceVolume": "sys",
"containerPath": "/sys",
"readOnly": true
}
],
"memory": 128,
"cpu": 64
}
],
"volumes": [
{
"name": "sys",
"host": {
"sourcePath": "/sys"
}
}
]
}Bare Metal / VM Deployment
Install the TigerGate agent as a systemd service on Linux servers.
# Download and install the agent
curl -sSL https://install.tigergate.dev/install.sh | sudo bash# Configure the agent
sudo tigergate-agent configure --token YOUR_TOKEN# Start the service
sudo systemctl enable --now tigergate-agentManual Installation
# Download binary
wget https://releases.tigergate.dev/agent/latest/linux-amd64/tigergate-agent# Make executable
chmod +x tigergate-agent && sudo mv tigergate-agent /usr/local/bin/# Create systemd service
sudo tigergate-agent install --token YOUR_TOKENConfiguration Options
| Environment Variable | Description | Default |
|---|---|---|
| TIGERGATE_TOKEN | Agent authentication token (required) | - |
| TIGERGATE_COLLECTOR_URL | Telemetry collector endpoint | https://collector.tigergate.dev |
| TIGERGATE_MODE | Enforcement mode: audit or enforce | audit |
| TIGERGATE_LOG_LEVEL | Log verbosity: debug, info, warn, error | info |
| TIGERGATE_POLICY_SYNC_INTERVAL | Policy sync interval in seconds | 30 |