Updated getting started for file visibility

Signed-off-by: PrimalPimmy <[email protected]> added more info Signed-off-by: PrimalPimmy <[email protected]> improved msg Signed-off-by: PrimalPimmy <[email protected]>
kubearmor · Feb 1, 2024 · c8a19b7 · c8a19b7
1 parent 933047a
commit c8a19b7
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/getting-started/deployment_guide.md b/getting-started/deployment_guide.md
@@ -34,6 +34,7 @@ POD=$(kubectl get pod -l app=nginx -o name)
 > [!NOTE] 
 > `$POD` is used to refer to the target nginx pod in many cases below.
 
+
 ## Sample policies
 
 <details>
@@ -190,6 +191,13 @@ If you don't see Permission denied please refer [here](FAQ.md#debug-kubearmor-in
 
 Access to certain folders/paths might have to be audited for compliance/reporting reasons.
 
+File Visibility is disabled by default to minimize telemetry. Some file based policies will need that enabled. To enable file visibility on a namespace level:
+```
+kubectl annotate ns default kubearmor-visibility="process,file,network" --overwrite
+```
+
+For more details on this: https://docs.kubearmor.io/kubearmor/documentation/kubearmor_visibility#updating-namespace-visibility
+
 Lets audit access to `/etc/nginx/` folder within the deployment.
 ```
 cat <<EOF | kubectl apply -f -