Capture files not saved

kwri-avongluck commented 4 years ago

$ kubectl capture app-586868cdc-8dkgm -ns mynamespace -M 30 --snaplen 256
Sysdig is starting to capture system calls:

Node: gke-cluster-default-pool-93caf4f1-6b2j
Pod: app-586868cdc-8dkgm
Duration: 30 seconds
Parameters for Sysdig: -S -M 30 -pk -z -w /capture-app-586868cdc-8dkgm-1592332339.scap.gz  --snaplen 256

The capture has been downloaded to your hard disk at:
/Users/john/capture-app-586868cdc-8dkgm-1592332339.scap.gz

$ ls /Users/john/capture-app-586868cdc-8dkgm-1592332339.scap.gz
gls: cannot access '/Users/john/capture-app-586868cdc-8dkgm-1592332339.scap.gz': No such file or directory

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-13T11:51:44Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"15+", GitVersion:"v1.15.9-gke.24", GitCommit:"39e41a8d6b7221b901a95d3af358dea6994b4a40", GitTreeState:"clean", BuildDate:"2020-02-29T01:24:35Z", GoVersion:"go1.12.12b4", Compiler:"gc", Platform:"linux/amd64"}

Not 100% sure why it isn't working, but the message that it wrote out the file makes it seem like kubectl-capture isn't validating the results of the sysdig capture.

kwri-avongluck commented 4 years ago

$ kubectl logs capture-app-586868cdc-8dkgm-1592340541
* Setting up /usr/src links from host
* Unloading sysdig-probe, if present
* Running dkms install for sysdig
Error! echo
Your kernel headers for kernel 4.19.102+ cannot be found at
/lib/modules/4.19.102+/build or /lib/modules/4.19.102+/source.
* Running dkms build failed, couldn't find /var/lib/dkms/sysdig/0.26.7/build/make.log
* Trying to load a system sysdig-probe, if present
* Trying to find precompiled sysdig-probe for 4.19.102+
Found kernel config at /proc/config.gz
* Trying to download precompiled module from https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/sysdig-probe-0.26.7-x86_64-4.19.102%2B-e0d915406c87215c571075f54ded2193.ko
Download of sysdig-probe for version 0.26.7 failed. This is because the probe for this particular version does not exist in the repo.
Consider compiling your own sysdig-probe and loading it or getting in touch with the sysdig community
* Capturing system calls
Unable to load the driver
error opening device /host/dev/sysdig0. Make sure you have root credentials and that the sysdig-probe module is loaded.
----------------------
Event           #Calls
----------------------

withtwoemms commented 4 years ago

Can corroborate that this is an issue for me using:

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.5", GitCommit:"e6503f8d8f769ace2f338794c914a96fc335df0f", GitTreeState:"clean", BuildDate:"2020-06-27T00:36:48Z", GoVersion:"go1.14.4", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"14+", GitVersion:"v1.14.10-gke.45", GitCommit:"42bef28c2031a74fc68840fce56834ff7ea08518", GitTreeState:"clean", BuildDate:"2020-06-17T19:54:40Z", GoVersion:"go1.12.12b4", Compiler:"gc", Platform:"linux/amd64"}

fcostabr78 commented 3 years ago

any news?

rkm-ravi94 commented 3 years ago

Doesn't seems to be due to version mismatch. Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.4", GitCommit:"3cce4a82b44f032d0cd1a1790e6d2f5a55d20aae", GitTreeState:"clean", BuildDate:"2021-08-11T18:16:05Z", GoVersion:"go1.16.7", Compiler:"gc", Platform:"darwin/amd64"} Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:53:14Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"linux/amd64"}

What I found in logs is this for minikube `Your kernel headers for kernel 5.10.47-linuxkit cannot be found at /lib/modules/5.10.47-linuxkit/build or /lib/modules/5.10.47-linuxkit/source.

Running dkms build failed, couldn't find /var/lib/dkms/sysdig/0.27.1/build/make.log
Trying to load a system sysdig-probe, if present
Trying to find precompiled sysdig-probe for 5.10.47-linuxkit Found kernel config at /proc/config.gz
Trying to download precompiled module from https://download.sysdig.com/stable/sysdig-probe-binaries/sysdig-probe-0.27.1-x86_64-5.10.47-linuxkit-4d8a36681e85a6d2064c34eff88cb0c2.ko curl: (22) The requested URL returned error: 404
Capturing system calls Unable to load the driver error opening device /host/dev/sysdig0. Make sure you have root credentials and that the sysdig-probe module is loaded.

Event #Calls

`

sysdiglabs / kubectl-capture

Capture files not saved #12

Capturing system calls Unable to load the driver error opening device /host/dev/sysdig0. Make sure you have root credentials and that the sysdig-probe module is loaded.

Event #Calls