Sensorless installation
Overview
This guide explains how to deploy the Upwind operator and Cluster manager without installing the kernel-level Upwind sensor DaemonSet.
The Upwind sensor is typically deployed as a DaemonSet that collects runtime data across the entire cluster.
When the Sensor component is disabled, the Operator and Cluster Manager remain functional for orchestration and image-based vulnerability scanning.
Components
| Component | Description |
|---|---|
| Operator | Manages deployment, configuration, and lifecycle of all Upwind workloads within the cluster. |
| Cluster Manager | Deployed as a Kubernetes Deployment to coordinate image scanning and communicate with the Upwind backend. |
| Sensor (Disabled) | Normally deployed as a DaemonSet to collect runtime data. Disabled in this configuration. |
Prerequisites
- Kubernetes version 1.20 or higher (supported by EKS, GKE, AKS, and OpenShift).
- Helm installed and configured.
- Valid Upwind credentials (both
clientIdandclientSecret). - Cluster connectivity verified (
kubectl get nodesreturns results).
Installation
To install the Operator and Cluster Manager without the Sensor component, run the following Helm command:
helm repo add upwind https://charts.upwind.io
helm repo update
helm upgrade --install upwind-operator upwind/upwind-operator \
--set credentials.clientId=<clientId> \
--set credentials.clientSecret=<clientSecret> \
--set agent.create=false \
--set clusterAgent.values.scanJob.enabled=true
Parameter Explanation
| Parameter | Description |
|---|---|
agent.create | Enables or disables the Sensor DaemonSet deployment. |
clusterAgent.values.scanJob.enabled | Enables or disables vulnerability scanning through Kubernetes scan jobs. |
credentials.clientId and credentials.clientSecret | Authenticate the Operator and Cluster Manager with the Upwind backend. |
Expected Console Behavior
After deploying the Operator and Cluster manager without the Sensor, the Upwind console will reflect limited visibility.
Runtime and behavioral data will not be collected, while image-based, configuration, asset and identity data will remain accessible.
Although the sensorless installation provides a lighter component with limited capabilities, you would still see data in the Vulnerabilities, Inventory, Configurations and Identities modules.
Difference between regular and Sensorless installations
| Feature | Operator And Cluster Manager Only | Full Sensor Deployment |
|---|---|---|
| Real-time process, file, and network monitoring | Not available | Available |
| Runtime vulnerability correlation | Not available | Available |
| Threat detection and alerting | Not available | Available |
| API traffic and endpoint analysis | Not available | Available |
| Secrets and configuration scanning | Limited | Available |
| Kubernetes configuration findings | Limited | Available |
| Image scanning and SBOM generation | Available | Available |
| Workload and deployment discovery | Available | Available |
| Operator and Cluster Manager visibility | Available | Available |
Notice that Map view may place the cluster under "Unconnected assets" since no runtime data is being transmitted.
Health indications
Under Settings → Sensors, the following status is expected:
- Operator: Healthy
- Cluster Manager: Healthy
- Sensor: Unhealthy (no nodes reporting)
This indicates that the Operator and Cluster Manager are functioning as intended, while the Sensor remains disabled.
Conclusion
Deploying the Operator and Cluster Manager without the Sensor provides limited yet functional visibility.
Workloads, images, and configurations can be viewed in the console, while runtime detections, API analytics, and vulnerability correlation are disabled.
This behavior is expected when the Sensor DaemonSet is not deployed.
For complete runtime visibility, vulnerability mapping, and API detection, install the full Upwind sensor using the default Helm configuration.
Next Steps
To enable real-time visibility, follow the Install Sensor Guide for a full deployment including the Sensor DaemonSet.
For assistance, contact Upwind’s technical support.