K
Q

Running sysdig on minikube

5/14/2019

I'm trying to run sysdig on my local kubernetes cluster which I'm running using minikube with kvm2 as the vm-driver. I'm new to sysdig and wanted to find the system calls run by by a pod.

The command I ran is:

sudo sysdig k8s.ns.name=default or k8s.pod.name=algorithm

The pods were running (I checked) but no system calls got trough.

I checked with with the kubectl describe command if the namespace was correct; which it is. So I'm not sure where this is going wrong. It might be that sysdig doesn't find anything because minikube is using the aforementioned VM. If that is the case, I'm not sure how to run sysdig inside it.

Thanks in advance

-- mememan
kubernetes
sysdig

Similar Questions

Which cluster name is valid DNS name?
How to enable a feature gate on the go?
What is Istio best way to create gateway based on dev, uat and production environment
How to deploy multiple ambassador daemon-set in the same namespace - kuberntes
Unable to get raw TCP traffic through Istio Gateway

1 Answer

5/14/2019

If you setup the Sysdig correctly Kubernetes Audit Logging should work.

Sysdig Secure allows users to create Falco security rules based on a stream of Kubernetes audit events, integrating Kubernetes audit logging with the Sysdig Agent. This allows users to track changes made to the cluster, including:

  • Creation and destruction of pods, services, deployments, daemonsets, etc.
  • Creating/updating/removing config maps or secrets
  • Attempts to subscribe to changes to any endpoint

Docs states that Sysdig supports Minikube from 0.33.1 and later, using default Virtualbox driver.

To enable audit logging in Minikube you need to:

  1. Clone / download the repository: https://github.com/draios/sysdig-cloud-scripts.

    The repository contains the following relevant files:

    • k8s_audit_config/audit-policy.yaml

      For more information on configuring the audit events passed to the agent, refer to the Kubernetes documentation.

    • k8s_audit_config/[webhook-config.yaml.in](http://webhook-config.yaml.in/)

    • k8s_audit_config/enable-k8s-audit.sh

  2. Run the following command in the sysdig-cloud-scripts/k8s_audit_config directory to enter the necessary values to the [webhook-config.yaml.in](http://webhook-config.yaml.in/) file:

    AGENT_SERVICE_CLUSTERIP=$(kubectl get service sysdig-agent -o=jsonpath={.spec.clusterIP}) envsubst < webhook-config.yaml.in > webhook-config.yaml

  3. Run the enable-k8s.sh script to enable audit log support on the apiserver:

    bash ./enable-k8s-audit.sh minikube

-- Crou
Source: StackOverflow