Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deploy/core: kubearmor for GKE latest COS images #648

Merged
merged 1 commit into from
Mar 14, 2022
Merged

deploy/core: kubearmor for GKE latest COS images #648

merged 1 commit into from
Mar 14, 2022

Conversation

nyrahul
Copy link
Contributor

@nyrahul nyrahul commented Mar 14, 2022
edited
Loading

  • latest GKE COS images do not have path for /usr/src.
  • deploygen updated to create kubearmor.yamls accordingly

Detailed description:
GKE supports multiple images types, viz COS and non-COS(Ubuntu, Debian
etc). In case of non-COS images, the /usr/src contains the kernel
headers. In case of COS, kubearmor internally downloads the kernel
headers but still it used to mount /usr/src since we used a single yaml
for COS and non-COS images. In the latest releases of COS images
(for e.g., 1.22.6-gke-1000), the /usr/src folder is no longer
present. The current changes now mounts /usr to /opt/hostusr folder for
GKE (only). The kubearmor code internally sets BCC_KERNEL_SOURCE to
/media/root/usr/src/linux-headers-KERNELVER.

Fixes #579

Signed-off-by: Rahul Jadhav nyrahul@gmail.com

@nyrahul nyrahul marked this pull request as draft March 14, 2022 10:20
@nyrahul nyrahul marked this pull request as ready for review March 14, 2022 10:58
@nyrahul nyrahul force-pushed the main branch 2 times, most recently from 342149a to dab5cee Compare March 14, 2022 11:16
@nam-jaehyun nam-jaehyun self-requested a review March 14, 2022 11:27
nam-jaehyun
nam-jaehyun approved these changes Mar 14, 2022
View reviewed changes
Copy link
Collaborator

@nam-jaehyun nam-jaehyun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to merge it!

daemon1024
daemon1024 approved these changes Mar 14, 2022
View reviewed changes
Copy link
Member

@daemon1024 daemon1024 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@nyrahul
deploy/core: kubearmor for GKE latest COS images
e2737ef 
* latest GKE COS images do not have path for /usr/src.
* deploygen updated to create kubearmor.yamls accordingly

Detailed description:
GKE supports multiple images types, viz COS and non-COS(Ubuntu, Debian
etc). In case of non-COS images, the `/usr/src` contains the kernel
headers. In case of COS, kubearmor internally downloads the kernel
headers but still it used to mount `/usr/src` since we used a single yaml
for COS and non-COS images. In the latest releases of COS images
(for e.g., 1.22.6-gke-1000), the `/usr/src` folder is no longer
present. The current changes now mounts /usr to `/media/root/usr` folder for
GKE (only). The kubearmor code internally sets `BCC_KERNEL_SOURCE` to
`/media/root/usr/src/linux-headers-KERNELVER`.

Fixes kubearmor#579

Signed-off-by: Rahul Jadhav <nyrahul@gmail.com>
@nyrahul nyrahul merged commit b2c7d82 into kubearmor:main Mar 14, 2022
@nyrahul nyrahul mentioned this pull request Jul 15, 2022
Merged
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nam-jaehyun nam-jaehyun nam-jaehyun approved these changes

@daemon1024 daemon1024 daemon1024 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Kubearmor pod stuck in ContainerCreating with GKE Rapid Release Version
3 participants
@nyrahul @daemon1024 @nam-jaehyun