search

draios / instruqt-assets

3 stars 3 forks source link

add: VM runtime scanner #118

Closed pabloopez closed 1 year ago

pabloopez commented 1 year ago

Adds option to deploy the VM runtime scanner with the agent: --runtime-vm.

pabloopez commented 1 year ago

tested and failing with:

  Warning  Failed     7m5s (x3 over 7m53s)    kubelet            Error: failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: error mounting "/run/k3s/containerd/containerd.sock" to rootfs at "/var/run/containerd/containerd.sock": mount /run/k3s/containerd/containerd.sock:/var/run/containerd/containerd.sock (via /proc/self/fd/6), flags: 0x5000: not a directory: unknown
  Normal   Pulled     7m5s (x2 over 7m33s)    kubelet            Container image "quay.io/sysdig/vuln-runtime-scanner:1.5.6" already present on machine
  Warning  BackOff    3m29s (x28 over 7m21s)  kubelet            Back-off restarting failed container sysdig-runtime-scanner in pod sysdig-agent-node-analyzer-b892l_sysdig-agent(4c593851-1953-4be9-89cf-5d20fee14eb5)
pabloopez commented 1 year ago

Logs from the sysdig-runtime-scanner container in the node-analyzer pod:

ubuntu@ip-172-31-32-214:~$ k logs -n sysdig-agent sysdig-agent-node-analyzer-stbbc  -c sysdig-runtime-scanner
{"level":"info","version":"v1.5.6","time":"2023-09-11T09:54:39Z","message":"Starting Runtime Scanner"}
{"level":"info","version":"v1.5.6","scannerId":"insq_2023-09-11__11_36_tall_step-brother_student_cluster:a2b58707-fbc7-4603-b932-df5258cef612:ip-172-31-32-214","nodeInfo":{"RuntimeName":"containerd","RuntimeVersion":"1.6.22","Architecture":"amd64","KernelVersion":"6.2.0-1010-aws","KubeletVersion":"v1.28.1","KubeProxyVersion":"v1.28.1","OSImage":"Ubuntu 22.04.3 LTS","OS":"linux","ServerGitVersion":"v1.28.1","ServerGoVersion":"go1.20.7"},"platform":"linux/amd64","time":"2023-09-11T09:54:39Z","message":"node info detected"}
{"level":"warn","version":"v1.5.6","scannerId":"insq_2023-09-11__11_36_tall_step-brother_student_cluster:a2b58707-fbc7-4603-b932-df5258cef612:ip-172-31-32-214","ContainerRuntime":"containerd","error":"could not connect to the cri socket unix:///var/run/containerd/containerd.sock: context deadline exceeded","time":"2023-09-11T09:54:42Z","message":"failed to build container runtime client , retrying with another container runtime"}
{"level":"warn","version":"v1.5.6","scannerId":"insq_2023-09-11__11_36_tall_step-brother_student_cluster:a2b58707-fbc7-4603-b932-df5258cef612:ip-172-31-32-214","ContainerRuntime":"docker","error":"docker did not respond: Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?","time":"2023-09-11T09:54:42Z","message":"failed to build container runtime client , retrying with another container runtime"}
{"level":"warn","version":"v1.5.6","scannerId":"insq_2023-09-11__11_36_tall_step-brother_student_cluster:a2b58707-fbc7-4603-b932-df5258cef612:ip-172-31-32-214","ContainerRuntime":"cri-o","error":"could not connect to the cri socket unix:///var/run/crio/crio.sock: context deadline exceeded","time":"2023-09-11T09:54:45Z","message":"failed to build container runtime client "}
{"level":"fatal","version":"v1.5.6","scannerId":"insq_2023-09-11__11_36_tall_step-brother_student_cluster:a2b58707-fbc7-4603-b932-df5258cef612:ip-172-31-32-214","error":"failed to instantiate container runtime client with any container runtimes","time":"2023-09-11T09:54:45Z","message":"failed to get Container Runtime Client"}
pabloopez commented 1 year ago

Fixed: 

ubuntu@ip-172-31-32-11:~$ k -n sysdig-agent logs sysdig-agent-node-analyzer-bdmhk -c sysdig-runtime-scanner
{"level":"info","version":"v1.5.6","time":"2023-09-11T11:37:14Z","message":"Starting Runtime Scanner"}
{"level":"info","version":"v1.5.6","scannerId":"insq_2023-09-11__13_36_okay_storey_student_cluster:bf37c230-a3f8-4c03-96c6-ad820e917d08:ip-172-31-32-11","nodeInfo":{"RuntimeName":"containerd","RuntimeVersion":"1.6.22","Architecture":"amd64","KernelVersion":"6.2.0-1010-aws","KubeletVersion":"v1.28.1","KubeProxyVersion":"v1.28.1","OSImage":"Ubuntu 22.04.3 LTS","OS":"linux","ServerGitVersion":"v1.28.1","ServerGoVersion":"go1.20.7"},"platform":"linux/amd64","time":"2023-09-11T11:37:14Z","message":"node info detected"}
{"level":"info","version":"v1.5.6","scannerId":"insq_2023-09-11__13_36_okay_storey_student_cluster:bf37c230-a3f8-4c03-96c6-ad820e917d08:ip-172-31-32-11","ContainerRuntime":"containerd","time":"2023-09-11T11:37:14Z","message":"container runtime client built successfully"}
{"level":"info","version":"v1.5.6","scannerId":"insq_2023-09-11__13_36_okay_storey_student_cluster:bf37c230-a3f8-4c03-96c6-ad820e917d08:ip-172-31-32-11","containerRuntimeName":"containerd","time":"2023-09-11T11:37:14Z","message":"Starting metrics server on :25001 exposing /metrics ..."}
{"level":"info","version":"v1.5.6","scannerId":"insq_2023-09-11__13_36_okay_storey_student_cluster:bf37c230-a3f8-4c03-96c6-ad820e917d08:ip-172-31-32-11","containerRuntimeName":"containerd","time":"2023-09-11T11:37:14Z","message":"starting probes server on :7002"}
{"level":"info","version":"v1.5.6","scannerId":"insq_2023-09-11__13_36_okay_storey_student_cluster:bf37c230-a3f8-4c03-96c6-ad820e917d08:ip-172-31-32-11","containerRuntimeName":"containerd","keepaliveInterval":"10m0s","incrementalScanInterval":"15m0s","fullScanInterval":"12h0m0s","time":"2023-09-11T11:37:14Z","message":"received keepalive response"}
{"level":"info","version":"v1.5.6","scannerId":"insq_2023-09-11__13_36_okay_storey_student_cluster:bf37c230-a3f8-4c03-96c6-ad820e917d08:ip-172-31-32-11","containerRuntimeName":"containerd","seconds":493,"time":"2023-09-11T11:37:14Z","message":"startup sleep"}

Waiting for the first scan results to be ready to merge and close this.