Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support multiple container runtime in one node #3279

Closed
hitsub2 opened this issue Jul 11, 2024 · 6 comments · Fixed by falcosecurity/libs#2141
Closed

Support multiple container runtime in one node #3279

hitsub2 opened this issue Jul 11, 2024 · 6 comments · Fixed by falcosecurity/libs#2141
Assignees
@leogr
Labels
kind/feature
Milestone
0.40.0

Comments

@hitsub2
Copy link

hitsub2 commented Jul 11, 2024
edited
Loading

Motivation
The bottlerocket OS has two containerd runtime with different sock file, one for k8s, one for host-containers(management), currently only the k8s containerd is monitored, but we need falco to monitor another containerd.

And also in some scenarios, like Docker in Docker, the CI pod would host another docker daemon for build purpose.

Feature
Support multiple container runtime in one node.

Alternatives
None.

Additional context

Bottlerocket uses host containers(exclude from the k8s containerd, called host-containerd) to run ssh server (admin-container) and aws ssm. And these host containers should be monitored because of all the privileges that host containers have can access the k8s pods.
@poiana
Copy link
Contributor

poiana commented Oct 15, 2024

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

@leogr
Copy link
Member

leogr commented Oct 16, 2024

/remove-lifecycle stale

@leogr
Copy link
Member

leogr commented Oct 16, 2024

Tentatively for
/milestone 0.40.0

@poiana poiana added this to the 0.40.0 milestone Oct 16, 2024
@leogr
Copy link
Member

leogr commented Oct 22, 2024

/assign

@leogr leogr mentioned this issue Oct 22, 2024
Closed
@leogr leogr mentioned this issue Oct 31, 2024
Merged
@FedeDP FedeDP mentioned this issue Nov 13, 2024
Open
@leogr
Copy link
Member

leogr commented Dec 11, 2024

Update

short-term solution (tentatively for 0.40) 👇
My PR falcosecurity/libs#2141 is now ready for review and, once merged, will bring support to multiple CRI engines simultaneously. We also discovered that specific containerd support is specifically required to address the Bottlerocket use case. A fix is in the making falcosecurity/libs#2195

long-term solution 👉 #3403

@leogr
Copy link
Member

leogr commented Dec 20, 2024

Note: we still miss falcosecurity/libs#2195 for full compatibility.
We should have everything addressed for Falco 0.40

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@leogr leogr

Labels
kind/feature
Projects
None yet
Milestone
0.40.0
Development

Successfully merging a pull request may close this issue.

new(userspace/libsinsp): support multiple CRI engines simultaneously falcosecurity/libs
3 participants
@leogr @hitsub2 @poiana