Garnet Docs — Runtime visibility for untrusted execution

Privileged DaemonSet — Jibril loads eBPF on each node. Linux kernel 5.8+ required.

Add Helm repo

helm repo add garnet https://helm.garnet.ai
helm repo update

Install

helm install garnet garnet/garnet \
  --namespace security \
  --create-namespace \
  --set garnet.token=YOUR_API_TOKEN

Replace YOUR_API_TOKEN with a token from app.garnet.ai → Settings → API Tokens.

Verify

kubectl get pods -n security

One pod per node. Runs appear at app.garnet.ai within seconds.

Configuration

Parameter	Description	Default
`garnet.token`	API token	`""`
`cluster.name`	Dashboard display name	`garnet-cluster`

For init containers, heartbeat intervals, and full overrides, see the chart’s values.yaml.

Agent doesn't appear in the dashboard

kubectl get pods -n security
kubectl logs -n security -l app=garnet

Pods in CrashLoopBackOff

Kernel 5.8+ required. Check: kubectl get nodes -o wide.

Local chart sources

helm upgrade --install garnet ./helm/garnet \
  --namespace security \
  --create-namespace \
  --set garnet.token=YOUR_API_TOKEN

Custom cluster name

helm upgrade --install garnet garnet/garnet \
  --namespace security \
  --set garnet.token=YOUR_API_TOKEN \
  --set cluster.name=my-cluster