Extend the tracee-operator to monitor changes to tracee config as well as policies

aquasecurity / tracee

Linux Runtime Security and Forensics using eBPF

https://aquasecurity.github.io/tracee/latest

Apache License 2.0

3.38k stars 396 forks source link

Extend the tracee-operator to monitor changes to tracee config as well as policies #3876

Open hangrymuppet opened 4 months ago

hangrymuppet commented 4 months ago

Unless there is a different way to accomplish tracee in k8s applying new configs that I have missed in the docs

yanivagman commented 4 months ago

Yes, this is definitely on our roadmap. First we need to make some preparations in Tracee so it will be able to modify policies in runtime (for example, today Tracee is attaching all BPF programs at init time. We should change this to be in runtime)

josedonizetti commented 4 months ago

@hangrymuppet for now, would a simple rollout after a config is changed like we do for policies work? If so, should be a simple change, and we can deliver soonish.

hangrymuppet commented 4 months ago

@josedonizetti yes, that would be awesome. Thank you!