Forked from vicenteherrera/Install Sysdig agent on local Minikube
Last active
October 22, 2021 10:18
-
-
Save alonsoir/79a66dedb5d935bc4875b8a8b7b0761d to your computer and use it in GitHub Desktop.
Revisions
-
alonsoir revised this gist
Oct 22, 2021 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -41,7 +41,7 @@ helm repo add sysdig https://charts.sysdig.com helm repo update # Cómo se consigue el access_key? helm install sysdig-agent --namespace sysdig-agent \ --set sysdig.accessKey=8cb7325b-0ffc-479c-b2d9-b3bf52f2da45 \ --set sysdig.settings.collector=collector-static.sysdigcloud.com \ --set sysdig.settings.collector_port=6443 \ --set clusterName=minikube sysdig/sysdig \ -
Oct 22, 2021 . 1 changed file with 2 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -18,6 +18,7 @@ find /usr/src -name linux-headers-*-amd64 -type d sudo ln -s $(find /usr/src -name linux-headers-*-amd64 -type d) /lib/modules/$(uname -r)/build # Fix the filesystem so it's not readonly in /lib/modules and the agent installation can create the kernel module sudo fsck -f / # # Reboot for changes sudo reboot @@ -38,6 +39,7 @@ sudo chown -R vagrant /root/.kube /root/.minikube /root /home/vagrant/.kube kubectl create ns sysdig-agent helm repo add sysdig https://charts.sysdig.com helm repo update # Cómo se consigue el access_key? helm install sysdig-agent --namespace sysdig-agent \ --set sysdig.accessKey=YOUR_ACCESS_KEY \ --set sysdig.settings.collector=collector-static.sysdigcloud.com \ -
vicenteherrera revised this gist
Oct 22, 2021 . 1 changed file with 1 addition and 3 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,8 +1,6 @@ # We will create a VM with Debian, and inside it execute Minikube with driver=none # This way we avoid using Minikube's VM on Windows or Macos, that has a custom kernel # You need to install VirtualBox and Vagrant on your host machine before you continue # This works for latest versions on 2021-10-22. It doesn't work using Win+WSL2 # Use the following repository to download Vagrant boxes definition -
Oct 22, 2021 . 1 changed file with 6 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -3,6 +3,8 @@ # You need to install VirtualBox and Vagrant on your host machine before you continue # This works for latest versions on 2021-10-22. It doesn't work using Win+WSL2 # Use the following repository to download Vagrant boxes definition git clone https://github.com/sysdiglabs/falco-workshop.git # Use box4 that includes Docker, Kubectl, Minikube and many other tools @@ -12,8 +14,10 @@ vagrant up vagrant ssh # Inside the VM, execute the following # Find where the Linux Kernel sources are located find /usr/src -name linux-headers-*-amd64 -type d # If the directory is for example /usr/src/linux-headers-4.19.0-18-amd64, link it to where it's expected by using uname sudo ln -s $(find /usr/src -name linux-headers-*-amd64 -type d) /lib/modules/$(uname -r)/build # Fix the filesystem so it's not readonly in /lib/modules and the agent installation can create the kernel module sudo fsck -f / # Reboot for changes -
Oct 22, 2021 . 1 changed file with 5 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -54,8 +54,11 @@ kubectl logs daemonset/sysdig-agent # Get inside a pod kubectl run my-shell --rm -i --tty --image ubuntu -- bash # Write to root inside the pod's container so it fires a Falco rule sudo touch /test.txt # Exit the pod exit # Exit Vagrant VM exit # Now go to Sysdig Secure web dashboard and check that you have an event on Event Feed section. -
Oct 22, 2021 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -37,7 +37,7 @@ kubectl create ns sysdig-agent helm repo add sysdig https://charts.sysdig.com helm repo update helm install sysdig-agent --namespace sysdig-agent \ --set sysdig.accessKey=YOUR_ACCESS_KEY \ --set sysdig.settings.collector=collector-static.sysdigcloud.com \ --set sysdig.settings.collector_port=6443 \ --set clusterName=minikube sysdig/sysdig \ -
Oct 22, 2021 . 1 changed file with 3 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -7,6 +7,7 @@ git clone https://github.com/sysdiglabs/falco-workshop.git # Use box4 that includes Docker, Kubectl, Minikube and many other tools cd box4 vagrant box update vagrant up vagrant ssh @@ -54,5 +55,7 @@ kubectl logs daemonset/sysdig-agent kubectl run my-shell --rm -i --tty --image ubuntu -- bash # Write to root inside the pod's container so it fires a Falco rule $ sudo touch /test.txt # Exit the pod $ exit # Now go to Sysdig Secure web dashboard and check that you have an event on Event Feed section. -
Oct 21, 2021 . 1 changed file with 6 additions and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,4 +1,9 @@ # We will create a VM with Debian, and inside it execute Minikube with driver=none # This way we avoid using Minikube's VM on Windows or Macos, that has a custom named kernel # You need to install VirtualBox and Vagrant on your host machine before you continue # Use the following repository to download Vagrant boxes definition git clone https://github.com/sysdiglabs/falco-workshop.git # Use box4 that includes Docker, Kubectl, Minikube and many other tools cd box4 -
Oct 21, 2021 . 1 changed file with 1 addition and 1 deletion.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ # Use the following repository to download Vagrant boxes definition: git clone https://github.com/sysdiglabs/falco-workshop.git # Use box4 that includes Docker, Kubectl, Minikube and many other tools cd box4 vagrant up vagrant ssh -
Oct 21, 2021 . No changes.There are no files selected for viewing
-
Oct 21, 2021 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,53 @@ # Use the following repository to download Vagrant boxes definition: git clone https://github.com/sysdiglabs/falco-workshop.git # Use box4 cd box4 vagrant up vagrant ssh # Inside the VM, execute the following # Link the linux headers source folder to the expected one by uname sudo ln -s /usr/src/linux-headers-4.19.0-18-amd64/ /lib/modules/$(uname -r)/build # Fix the filesystem so it's not readonly in /lib/modules and the agent installation can create the kernel module sudo fsck -f / # Reboot for changes sudo reboot # Last command rebooted the machine and exited the session, let's get inside it again (it will take a minute) vagrant ssh # We have to start minikube again. # We use sudo and driver=none to execute it on the bare VM sudo minikube start --driver=none \ --apiserver-ips 127.0.0.1 \ --apiserver-name localhost # Assign kubeconfig to current user 'vagrant' sudo cp -R /root/.kube /root/.minikube /home/vagrant/ sudo chown -R vagrant /root/.kube /root/.minikube /root /home/vagrant/.kube # Install Sysdig agent, modify settings according to your account kubectl create ns sysdig-agent helm repo add sysdig https://charts.sysdig.com helm repo update helm install sysdig-agent --namespace sysdig-agent \ --set sysdig.accessKey=access_key \ --set sysdig.settings.collector=collector-static.sysdigcloud.com \ --set sysdig.settings.collector_port=6443 \ --set clusterName=minikube sysdig/sysdig \ --set nodeAnalyzer.apiEndpoint=secure.sysdig.com kubectl config set-context --current --namespace=sysdig-agent # Remove Node Analyzer as it consumes a lot of CPU and blocks the agent from being deployed # This has the side effect of container images not being automatically scanned kubectl delete daemonset sysdig-agent-node-analyzer # Alternatively, add more CPU to the Vagrantfile, or reduce CPU assignation on daemonsets # Check agent log for errors kubectl logs daemonset/sysdig-agent # Get inside a pod kubectl run my-shell --rm -i --tty --image ubuntu -- bash # Write to root inside the pod's container so it fires a Falco rule $ sudo touch /test.txt # Now go to Sysdig Secure web dashboard and check that you have an event on Event Feed section.