Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Tetragon oci hook setup #1842

Merged
merged 6 commits into from
Dec 12, 2023
Merged

Tetragon oci hook setup #1842

merged 6 commits into from
Dec 12, 2023

Commits on Dec 8, 2023

  1. rthooks: move tetragon-oci-hook into its own dir 

    This is a preparation patch for subsequent patches.

Signed-off-by: Kornilios Kourtis <kornilios@isovalent.com>
    @kkourt
    kkourt committed Dec 8, 2023
    Configuration menu
    Copy the full SHA
    c88892e View commit details
    Browse the repository at this point in the history

  2. add tetragon-oci-hook-setup 

    tetragon-oci-hook-setup is meant to be executed in an init container to
setup run-time hooks on the host. Currently, it only supports the
oci-hooks interface (as, for example, used by cri-o). NRI or other
interfaces fall into future work.

There are two commands: install and uninstall.

Install will copy the hook binary to a directory (which should be a host
mount) and add a configuration file to the hooks directory (also should
be a host mount) to call the binary.

Signed-off-by: Kornilios Kourtis <kornilios@isovalent.com>
    @kkourt
    kkourt committed Dec 8, 2023
    Configuration menu
    Copy the full SHA
    f8bcd54 View commit details
    Browse the repository at this point in the history

  3. image: add tetragon-oci-hook{,-setup} 

    Add tetragon-oci-hook and tetragon-oci-hook-setup in the tetragon image.
This will enable us to use it as an init container to setup the OCI
hooks.

Signed-off-by: Kornilios Kourtis <kornilios@isovalent.com>
    @kkourt
    kkourt committed Dec 8, 2023
    Configuration menu
    Copy the full SHA
    5a40c77 View commit details
    Browse the repository at this point in the history

  4. helm: add init container to install hooks 

    This patch adds the ociHookSetup helm value to configure the tetragon
oci hook. For now, it is disabled by default.

Signed-off-by: Kornilios Kourtis <kornilios@isovalent.com>
    @kkourt
    kkourt committed Dec 8, 2023
    Configuration menu
    Copy the full SHA
    9a67bc2 View commit details
    Browse the repository at this point in the history

  5. tetragon-oci-hook: daemonset to uninstall the hook 

    This is mostly for illustration purposes until we find something better.

Signed-off-by: Kornilios Kourtis <kornilios@isovalent.com>
    @kkourt
    kkourt committed Dec 8, 2023
    Configuration menu
    Copy the full SHA
    2497c0d View commit details
    Browse the repository at this point in the history

  6. tetragon-oci-hook: developer demo 

    Add a developer demo. We will move this to docuemntation proper once the
PR is merged, and the image is updated.

Signed-off-by: Kornilios Kourtis <kornilios@isovalent.com>
    @kkourt
    kkourt committed Dec 8, 2023
    Configuration menu
    Copy the full SHA
    28d751f View commit details
    Browse the repository at this point in the history