-
Notifications
You must be signed in to change notification settings - Fork 424
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubernetes information missing #4181
Comments
It seems that the container enrichment isn't working in general on your instance. Could you print the startup debug logs using |
Sure. Here is the output with the
|
Could you try running this with the standard tracee binary? tracee-ebpf as a standalone binary is being deprecated and it is not as actively supported. |
@jeason81 did you have a chance to test it again by running |
I was digging into this today when I realised that the current Vagrant creates a VM with 6.2.0-1018-aws (> 5.15.0-92-generic than previously used) and the last published release is 0.22.5. Unfortunately I was not able to reproduce, maybe due to the steps that might be different. @jeason81 how are you setting up k8s in you VM, applying policies, triggering events from etc? Would you mind bumping you dev env and trying to reproduce that behaviour? If it happens again, please provide us the steps to reproduce (commands, settings etc). Thank you for using and testing Tracee. |
Description
I am using the Vagrantfile located within this repo to create a test VM to deploy Tracee (using the provided helm charts). Everything seems to work but I have noticed that the Kubernetes information is missing from the output. I see
"kubernetes":{}
for every entry. I am using the-s container
option to ensure I am scoped properly and I do see that the container ID is reported and so is containerStarted. Strangely, other container information is not present, such as the container name, tag, or digest.Output of
tracee version
:Output of
uname -a
:Additional details
I am using a M1 MacBook Pro with Parallels installed. Vagrant is configured to use Parallels and both the Mac and Parallels have all the latest updates.
To test this, I monitored for
execve
and logged into the tracee container. I then rancat /etc/os-release
, which can be seen in the logs below. However, the container information is still limited, and the Kubernetes information is still empty.The text was updated successfully, but these errors were encountered: