Last active
October 22, 2021 09:28
-
-
Save vicenteherrera/cbeacfd8cb06668e6eddcfda68697077 to your computer and use it in GitHub Desktop.
Instructions to instal Sysdig agent on local Minikube so it can be used to learn Kubernetes without a cloud account
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# We will create a VM with Debian, and inside it execute Minikube with driver=none | |
# This way we avoid using Minikube's VM on Windows or Macos, that has a custom kernel | |
# You need to install VirtualBox and Vagrant on your host machine before you continue | |
# This works for latest versions on 2021-10-22. It doesn't work using Win+WSL2 | |
# Use the following repository to download Vagrant boxes definition | |
git clone https://github.com/sysdiglabs/falco-workshop.git | |
# Use box4 that includes Docker, Kubectl, Minikube and many other tools | |
cd box4 | |
vagrant box update | |
vagrant up | |
vagrant ssh | |
# Inside the VM, execute the following | |
# Find where the Linux Kernel sources are located | |
find /usr/src -name linux-headers-*-amd64 -type d | |
# If the directory is for example /usr/src/linux-headers-4.19.0-18-amd64, link it to where it's expected by using uname | |
sudo ln -s $(find /usr/src -name linux-headers-*-amd64 -type d) /lib/modules/$(uname -r)/build | |
# Fix the filesystem so it's not readonly in /lib/modules and the agent installation can create the kernel module | |
sudo fsck -f / | |
# Reboot for changes | |
sudo reboot | |
# Last command rebooted the machine and exited the session, let's get inside it again (it will take a minute) | |
vagrant ssh | |
# We have to start minikube again. | |
# We use sudo and driver=none to execute it on the bare VM | |
sudo minikube start --driver=none \ | |
--apiserver-ips 127.0.0.1 \ | |
--apiserver-name localhost | |
# Assign kubeconfig to current user 'vagrant' | |
sudo cp -R /root/.kube /root/.minikube /home/vagrant/ | |
sudo chown -R vagrant /root/.kube /root/.minikube /root /home/vagrant/.kube | |
# Install Sysdig agent, modify settings according to your account | |
kubectl create ns sysdig-agent | |
helm repo add sysdig https://charts.sysdig.com | |
helm repo update | |
helm install sysdig-agent --namespace sysdig-agent \ | |
--set sysdig.accessKey=YOUR_ACCESS_KEY \ | |
--set sysdig.settings.collector=collector-static.sysdigcloud.com \ | |
--set sysdig.settings.collector_port=6443 \ | |
--set clusterName=minikube sysdig/sysdig \ | |
--set nodeAnalyzer.apiEndpoint=secure.sysdig.com | |
kubectl config set-context --current --namespace=sysdig-agent | |
# Remove Node Analyzer as it consumes a lot of CPU and blocks the agent from being deployed | |
# This has the side effect of container images not being automatically scanned | |
kubectl delete daemonset sysdig-agent-node-analyzer | |
# Alternatively, add more CPU to the Vagrantfile, or reduce CPU assignation on daemonsets | |
# Check agent log for errors | |
kubectl logs daemonset/sysdig-agent | |
# Get inside a pod | |
kubectl run my-shell --rm -i --tty --image ubuntu -- bash | |
# Write to root inside the pod's container so it fires a Falco rule | |
sudo touch /test.txt | |
# Exit the pod | |
exit | |
# Exit Vagrant VM | |
exit | |
# Now go to Sysdig Secure web dashboard and check that you have an event on Event Feed section. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment