Closed tahsinrahman closed 4 years ago
@tahsinrahman: There is not a label identifying the kind of this issue.
Please specify it either using /kind <group>
or manually from the side menu.
In case you do not know which kind this proposal is please mention the maintainers using @team/maintainers
.
Have you watched the TGIK we did? https://youtu.be/fRoTKqH3rHI?t=3808
This is a good introduction to Falco and Kubernetes
In general
We use libraries libscap
and libsinsp
which are found in multiple places:
Here is where we concretely parse the Kubernetes Audit JSON
In general I think we are too tightly coupled with Kubernetes and need to refactor this to make it more dynamic/modular.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
Hi, I'm trying to understand falco codebase and wondering how falco determines which syscall is coming from which kubernetes pod?
My guess is, falco lists all pods by calling kubernetes api, then go through
podStatus.containerStatus.containerID
for all pods. Am I correct?I'd be great if you can point me to the code where this is actually happening!
Thanks!