8000 k8s: enrichment enabled by default by josedonizetti · Pull Request #3096 · aquasecurity/tracee · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

k8s: enrichment enabled by default #3096

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 15, 2023
Merged

k8s: enrichment enabled by default #3096

merged 1 commit into from
May 15, 2023

Conversation

josedonizetti
Copy link
Contributor
@josedonizetti josedonizetti commented May 12, 2023
edited by yanivagman
Loading

1. Explain what the PR does

Fix #2731

The PR maps the paths for tracee runtime autodiscovery, and enables enrichment by default. This might not cover all cases, see #1864, but it was tested and worked on kind, minikube, azure, digital ocean and google kubernetes engine, so it is a good start.

2. Explain how to test it

# install tracee with: 
kubectl apply -f deploy/kubernetes/tracee/tracee.yaml

# or

helm repo add aqua https://aquasecurity.github.io/helm-charts/
helm dependency update ./deploy/helm/tracee
helm install tracee ./deploy/helm/tracee \
        --namespace tracee-system --create-namespace \
        --set hostPID=true

# create a simple container to trigger a signatures
kubectl run test --image=ubuntu:latest -- tail -f /dev/null

kubectl exec -ti test -- apt update -y && apt install -y strace  && strace ls

3. Other comments

@josedonizetti josedonizetti force-pushed the k8s-enrichment-by-default branch from a2f29c6 to 74f52fd Compare May 12, 2023 21:12
@josedonizetti josedonizetti marked this pull request as ready for review May 12, 2023 21:31
yanivagman
yanivagman approved these changes May 14, 2023
View reviewed changes
Copy link
Collaborator
@yanivagman yanivagman left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@josedonizetti josedonizetti merged commit 47e4f08 into aquasecurity:main May 15, 2023
@josedonizetti josedonizetti deleted the k8s-enrichment-by-default branch May 15, 2023 03:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yanivagman yanivagman yanivagman approved these changes

Assignees

@josedonizetti josedonizetti

Labels
area/kubernetes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

k8s: container enrichment should be enabled by default
2 participants
@josedonizetti @yanivagman
0