-
Notifications
You must be signed in to change notification settings - Fork 24
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Make the sinsp-builder script compatible with current state of collector
Build with CORE BPF and skip driver building Remove unneeded driver handling Add basic YAML for deploying sinsp-builder to k8s/ocp Fix mounts Simplify the sinsp-builder script Some minor fixes to the pod deployment.
- Loading branch information
Showing
3 changed files
with
111 additions
and
102 deletions.
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
--- | ||
apiVersion: v1 | ||
kind: Pod | ||
metadata: | ||
name: sinsp-builder | ||
namespace: default | ||
spec: | ||
containers: | ||
- name: sinsp-builder | ||
image: quay.io/stackrox-io/collector-builder:master | ||
stdin: true | ||
tty: true | ||
securityContext: | ||
privileged: true | ||
env: | ||
- name: HOST_ROOT | ||
value: /host | ||
volumeMounts: | ||
- mountPath: /host/proc | ||
name: proc-fs | ||
readOnly: true | ||
- mountPath: /host/sys | ||
name: sys-fs | ||
readOnly: true | ||
- mountPath: /host/etc | ||
name: etc-fs | ||
readOnly: true | ||
volumes: | ||
- name: proc-fs | ||
hostPath: | ||
path: /proc/ | ||
- name: sys-fs | ||
hostPath: | ||
path: /sys/ | ||
- name: etc-fs | ||
hostPath: | ||
path: /etc/ |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,74 @@ | ||
#!/usr/bin/env bash | ||
|
||
set -euo pipefail | ||
|
||
# This script is meant to be run from inside a collector-builder image. It will | ||
# create the driver for the current system, as well as Falco's sinsp-example | ||
# binary, which is useful for quickly testing driver changes. | ||
# | ||
# Run the collector-builder image with the following command: | ||
# docker run --rm -it --entrypoint bash \ | ||
# --privileged \ | ||
# -e HOST_ROOT=/host \ | ||
# -v /proc:/host/proc:ro \ | ||
# -v /sys:/host/sys:ro \ | ||
# -v /etc:/host/etc:ro \ | ||
# -v /tmp:/tmp \ | ||
# quay.io/stackrox-io/collector-builder:master | ||
# | ||
# If you are running on an immutable system, create a docker volume then add | ||
# the following arguments: | ||
# -v <your-volume>:/tmp/collector -e DEV_SHARED_VOLUME=<your-volume> | ||
# | ||
# If you are lazy like me, you don't need to clone the collector repo before | ||
# executing, you can simply run this inside the container: | ||
# curl https://raw.githubusercontent.com/stackrox/collector/master/utilities/sinsp-builder.sh | sh | ||
# | ||
# The script will clone the repo for you and build everything. You can also | ||
# re-run the script without cloning if you provide the path to the repository | ||
# in the `LIBS_DIR` environment variable. | ||
# | ||
# If you don't want to re-run the entire script though, you can run | ||
# `make -C "${LIBS_DIR}/build sinsp-example` to rebuild the executable. | ||
# | ||
# For debug builds, `export CMAKE_BUILD_TYPE=Debug` should do the trick. | ||
# | ||
# If the libs repo is already cloned and you want to build everything for | ||
# the branch you are working on, simply set `LIBS_DIR` appropriately. | ||
# | ||
# If you are cloning the repo and want to use a specific branch, set | ||
# `LIBS_BRANCH`, otherwise, master will be used. | ||
|
||
using_branch=1 | ||
if [[ "${LIBS_DIR:-}" == "" ]]; then | ||
LIBS_DIR=/tmp/collector | ||
|
||
if ! git -C "${LIBS_DIR}" status &> /dev/null; then | ||
git clone -b "${LIBS_BRANCH:-master}" https://github.com/stackrox/falcosecurity-libs "${LIBS_DIR}" | ||
fi | ||
elif [[ "${LIBS_BRANCH:-}" != "" ]]; then | ||
echo >&2 "Ignoring LIBS_BRANCH variable." | ||
echo >&2 "Using '${LIBS_DIR}' as is" | ||
using_branch=0 | ||
fi | ||
|
||
mkdir -p "${LIBS_DIR}"/build | ||
cd "${LIBS_DIR}"/build | ||
|
||
cmake -DUSE_BUNDLED_DEPS=OFF \ | ||
-DBUILD_LIBSCAP_MODERN_BPF=ON \ | ||
-S"${LIBS_DIR}" \ | ||
-B"${LIBS_DIR}/build" | ||
make -j"$(nproc)" -C "${LIBS_DIR}" sinsp-example | ||
|
||
echo "" | ||
echo "All done! You should have everything you need under '${LIBS_DIR}/build'" | ||
echo "" | ||
if ! ((using_branch)); then | ||
echo >&2 "'LIBS_BRANCH' variable has been ignored" | ||
echo >&2 "Used '${LIBS_DIR}' with no further changes" | ||
echo "" | ||
fi | ||
echo "If you plan to keep running this script run the following command" | ||
echo "to prevent another clone of the libs repos from happening:" | ||
echo " export LIBS_DIR=${LIBS_DIR}" |