Skip to content

Instantly share code, notes, and snippets.

@vicenteherrera
Last active October 22, 2021 09:28
Show Gist options
  • Save vicenteherrera/cbeacfd8cb06668e6eddcfda68697077 to your computer and use it in GitHub Desktop.
Save vicenteherrera/cbeacfd8cb06668e6eddcfda68697077 to your computer and use it in GitHub Desktop.
Instructions to instal Sysdig agent on local Minikube so it can be used to learn Kubernetes without a cloud account
# We will create a VM with Debian, and inside it execute Minikube with driver=none
# This way we avoid using Minikube's VM on Windows or Macos, that has a custom kernel
# You need to install VirtualBox and Vagrant on your host machine before you continue
# This works for latest versions on 2021-10-22. It doesn't work using Win+WSL2
# Use the following repository to download Vagrant boxes definition
git clone https://github.com/sysdiglabs/falco-workshop.git
# Use box4 that includes Docker, Kubectl, Minikube and many other tools
cd box4
vagrant box update
vagrant up
vagrant ssh
# Inside the VM, execute the following
# Find where the Linux Kernel sources are located
find /usr/src -name linux-headers-*-amd64 -type d
# If the directory is for example /usr/src/linux-headers-4.19.0-18-amd64, link it to where it's expected by using uname
sudo ln -s $(find /usr/src -name linux-headers-*-amd64 -type d) /lib/modules/$(uname -r)/build
# Fix the filesystem so it's not readonly in /lib/modules and the agent installation can create the kernel module
sudo fsck -f /
# Reboot for changes
sudo reboot
# Last command rebooted the machine and exited the session, let's get inside it again (it will take a minute)
vagrant ssh
# We have to start minikube again.
# We use sudo and driver=none to execute it on the bare VM
sudo minikube start --driver=none \
--apiserver-ips 127.0.0.1 \
--apiserver-name localhost
# Assign kubeconfig to current user 'vagrant'
sudo cp -R /root/.kube /root/.minikube /home/vagrant/
sudo chown -R vagrant /root/.kube /root/.minikube /root /home/vagrant/.kube
# Install Sysdig agent, modify settings according to your account
kubectl create ns sysdig-agent
helm repo add sysdig https://charts.sysdig.com
helm repo update
helm install sysdig-agent --namespace sysdig-agent \
--set sysdig.accessKey=YOUR_ACCESS_KEY \
--set sysdig.settings.collector=collector-static.sysdigcloud.com \
--set sysdig.settings.collector_port=6443 \
--set clusterName=minikube sysdig/sysdig \
--set nodeAnalyzer.apiEndpoint=secure.sysdig.com
kubectl config set-context --current --namespace=sysdig-agent
# Remove Node Analyzer as it consumes a lot of CPU and blocks the agent from being deployed
# This has the side effect of container images not being automatically scanned
kubectl delete daemonset sysdig-agent-node-analyzer
# Alternatively, add more CPU to the Vagrantfile, or reduce CPU assignation on daemonsets
# Check agent log for errors
kubectl logs daemonset/sysdig-agent
# Get inside a pod
kubectl run my-shell --rm -i --tty --image ubuntu -- bash
# Write to root inside the pod's container so it fires a Falco rule
sudo touch /test.txt
# Exit the pod
exit
# Exit Vagrant VM
exit
# Now go to Sysdig Secure web dashboard and check that you have an event on Event Feed section.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment