Open XelK opened 2 months ago
It seems that this version of cri-o
uses paths such as:
/sys/fs/cgroup//kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-pod2263b521_f8ac_475e_82a0_95937cce8f0f.slice/crio-4ff86f4fe0ebd2556606a6b049b94ae571e3486c4c265230dc8ce87f887ffd15.scope/container
For the container cgroup that do not work well with tetragon. I think the best solution is to connect to the container runtime (https://github.com/kubernetes/cri-api/blob/c75ef5b/pkg/apis/runtime/v1/api.proto), get the cgroups used, and use the cgroup id to do the mapping. I think we would want to have an option to enable this.
There was a short discussion about this in the Tetragon Community Meeting (July 8th): https://docs.google.com/document/d/1BFMJLdtisiCSLfMct0GHof_ioL-5QVNLEaeMSlk_7Eo/edit#heading=h.cd9xm2lbvnw4.
I'm reopening this to add instructions on how to use the features introduced from #2776
What happened?
It seems that with CRI-O 1.29, Tetragon does not visualize information about namespaces and pods.
Check the logs of the test container:
kubectl exec -ti -n tetragon tetragon-r292s -c tetragon -- tetra -d getevents -o compact|grep passwd
Switching log to tracing mode I can see this messages:
where exec_id is the same from:
I execute
crictl insepct
andcrictl inspect <container_id>| grep cgroupsPath
and into cgroupsPath:
Tetragon Version
1.1.2
Kernel Version
6.1.0-24
Kubernetes Version
1.29.2
Bugtool
No response
Relevant log output
No response
Anything else?
No response