diff --git a/README.md b/README.md index 3423fce..cf81843 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # Kubectl Sysdig Capture plugin Sysdig is a powerful open source tool for container troubleshooting, performance -tunning and security investigation. +tunning, and security investigation. This repository implements a `kubectl` plugin which triggers a capture in the underlying host which is running a pod. A capture file is created for a @@ -10,10 +10,10 @@ duration of time and is download locally in order to use it with ## Installing -In order to use this plugin, just copy the `kubectl-capture` to your -PATH, and ensure it has execution permissions. +In order to use this plugin, just copy the `kubectl-capture` script to your +shell's path, and ensure it has execution permissions. -You can verify its installation using `kubectl`: +You can verify its installation by running `kubectl`: ```bash $ kubectl plugin list @@ -22,8 +22,8 @@ The following kubectl-compatible plugins are available: /usr/local/bin/kubectl-capture ``` -In this case is installed into /usr/local/bin, but will work with another -location listed in PATH. +In this case `kubectl-capture` is installed in `/usr/local/bin`, but will work with another +location listed in the shell's search path. ## Getting started @@ -38,22 +38,22 @@ Pod: nginx-78f5d695bd-bcbd8 Duration: 30 seconds Parameters for Sysdig: -S -M 30 -pk -z -w /capture-nginx-78f5d695bd-bcbd8-1550246926.scap.gz -The capture has been downloaded to your hard disk at: +The capture has been downloaded to your filesystem as: ~/captures/capture-nginx-78f5d695bd-bcbd8-1550246926.scap.gz ``` -And then, you can start troubleshooting with [Sysdig Inspect](https://sysdig.com/opensource/inspect/). +Then you can start investigating with [Sysdig Inspect](https://sysdig.com/opensource/inspect/). ### Extra initialization time -When the capture container is being spinned, it takes some time to compile the +When the capture container is brought up, it takes some time to compile the Sysdig Kernel module and start to capture system calls. You can check the logs of the Sysdig Capture Pod if you need to know with accuracy when Sysdig starts to capture. ## Parameters -There are a few parameters for this plugin: +There are two parameters for this plugin: | Flag | Description | |------------------------|----------------------------------------------------------------| @@ -61,14 +61,13 @@ There are a few parameters for this plugin: | `--ebpf` | Use eBPF probe instead of kernel module for capturing syscalls | -Aditionally, all the flags for the `sysdig` cli tool are supported. You can -check more of these parameters in its -[documentation](https://github.com/draios/sysdig/wiki). +Aditionally, all the flags for the `sysdig` CLI tool are supported. Consult its +[documentation](https://github.com/draios/sysdig/wiki) to learn more. ## Cleanup You can uninstall this plugin from `kubectl` by simply removing it from your -PATH: +shell's path: ```bash $ rm /usr/local/bin/kubectl-capture diff --git a/kubectl-capture b/kubectl-capture index d66f3c1..9ee30ec 100755 --- a/kubectl-capture +++ b/kubectl-capture @@ -96,7 +96,7 @@ function start_capture() { kubectl cp ${capture_pod}:/${capture_pod}.scap.gz ${capture_pod}.scap.gz > /dev/null 2>&1 kubectl delete pod ${capture_pod} > /dev/null 2>&1 - echo "The capture has been downloaded to your hard disk at:" + echo "The capture has been downloaded to your filesystem as:" echo "${PWD}/${capture_pod}.scap.gz" }