From 8881a1ae0429ac714bc2f7145d91f8afca95dffe Mon Sep 17 00:00:00 2001 From: John Fastabend Date: Wed, 11 Oct 2023 14:43:23 -0700 Subject: [PATCH] tetragon: docs, fixes from Mahe Signed-off-by: John Fastabend --- .../install-tetragon/install-k8s.md | 43 +++++++++---------- .../getting-started/tetragon-execution.md | 20 ++++----- .../getting-started/tetragon-file-events.md | 19 ++++---- .../docs/getting-started/tetragon-network.md | 19 ++++---- 4 files changed, 51 insertions(+), 50 deletions(-) diff --git a/docs/content/en/docs/getting-started/install-tetragon/install-k8s.md b/docs/content/en/docs/getting-started/install-tetragon/install-k8s.md index 44751ed8bd9..752a3501262 100644 --- a/docs/content/en/docs/getting-started/install-tetragon/install-k8s.md +++ b/docs/content/en/docs/getting-started/install-tetragon/install-k8s.md @@ -8,31 +8,36 @@ description: "Discover and experiment with Tetragon in a kubernetes environment" If you don’t have a Kubernetes Cluster yet, you can use the instructions below to create a Kubernetes cluster locally or using a managed Kubernetes service: -TBD tabplane this... +{{< tabpane text=true >}} +{{% tab GKE %}} -#### Kind +The following commands create a Kubernetes cluster using [Google +Kubernetes Engine](https://cloud.google.com/kubernetes-engine). See +[Installing Google Cloud SDK](https://cloud.google.com/sdk/install) for +instructions on how to install `gcloud` and prepare your account. -Run the following command to create the Kubernetes cluster: -``` -kind create cluster +```shell-session +export NAME="$(whoami)-$RANDOM" +gcloud container clusters create "${NAME}" --zone us-west2-a +gcloud container clusters get-credentials "${NAME}" --zone us-west2-a ``` +{{% /tab %}} -#### GKE - -Run the following command to create a GKE cluster: +{{% tab Kind %}} +Run the following command to create the Kubernetes cluster: -```shell -export NAME="$(whoami)-$RANDOM" -gcloud container clusters create "${NAME}" \ - --zone us-west2-a \ - --num-nodes 1 +```shell-session +kind create cluster ``` +{{% /tab %}} + +{{< /tabpane >}} ### Deploy Tetragon To install and deploy Tetragon, run the following commands: -```shell +```shell-session helm repo add cilium https://helm.cilium.io helm repo update helm install tetragon cilium/tetragon -n kube-system @@ -51,24 +56,18 @@ HTTP application, but any workload would work equally well. To use our [demo application](https://docs.cilium.io/en/v1.11/gettingstarted/http/#deploy-the-demo-application) -```shell +```shell-session kubectl create -f https://raw.githubusercontent.com/cilium/cilium/v1.11/examples/minikube/http-sw-app.yaml ``` Before going forward, verify that all pods are up and running - it might take several seconds for some pods until they satisfy all the dependencies: -```shell +```shell-session kubectl get pods -``` - -The output should be similar to: -``` NAME READY STATUS RESTARTS AGE deathstar-6c94dcc57b-7pr8c 1/1 Running 0 10s deathstar-6c94dcc57b-px2vw 1/1 Running 0 10s tiefighter 1/1 Running 0 10s xwing 1/1 Running 0 10s ``` - - diff --git a/docs/content/en/docs/getting-started/tetragon-execution.md b/docs/content/en/docs/getting-started/tetragon-execution.md index f029c51f3ef..55761245d68 100644 --- a/docs/content/en/docs/getting-started/tetragon-execution.md +++ b/docs/content/en/docs/getting-started/tetragon-execution.md @@ -16,26 +16,26 @@ can then observe all executions in the system. The following command can be used to observe exec events. -{{< tabpane >}} -{{< tab header="K8s" >}} +{{< tabpane lang=shell-session >}} +{{< tab Kubernetes >}} kubectl exec -ti -n kube-system ds/tetragon -c tetragon -- tetra getevents -o compact --pods xwing {{< /tab >}} -{{< tab header="Docker" >}} +{{< tab Docker >}} docker exec tetragon-container tetra getevents -o compact {{< /tab >}} -{{< tab header="Systemd" >}} +{{< tab Systemd >}} {{< /tab >}} {{< /tabpane >}} This will print a compact form of the exec logs. For an example we do the following with the demo application. -``` +```shell-session kubectl exec -ti xwing -- bash -c 'curl https://ebpf.io/applications/#tetragon ``` The CLI will print a compact form of the event to the terminal -``` +```shell-session πŸš€ process default/xwing /bin/bash -c "curl https://ebpf.io/applications/#tetragon" πŸš€ process default/xwing /usr/bin/curl https://ebpf.io/applications/#tetragon πŸ’₯ exit default/xwing /usr/bin/curl https://ebpf.io/applications/#tetragon 60 @@ -46,14 +46,14 @@ The compact exec event contains the event type, the pod name, the binary and the For the complete exec event in JSON format remove the compact option. -{{< tabpane >}} -{{< tab header="K8s" >}} +{{< tabpane lang=shel-session >}} +{{< tab Kubernetes >}} kubectl exec -ti -n kube-system ds/tetragon -c tetragon -- tetra getevents {{< /tab >}} -{{< tab header="Docker" >}} +{{< tab Docker >}} docker exec tetragon-container tetra getevents {{< /tab >}} -{{< tab header="Systemd" >}} +{{< tab Systemd >}} {{< /tab >}} {{< /tabpane >}} diff --git a/docs/content/en/docs/getting-started/tetragon-file-events.md b/docs/content/en/docs/getting-started/tetragon-file-events.md index 85abd2856c3..f89ec94d9bb 100644 --- a/docs/content/en/docs/getting-started/tetragon-file-events.md +++ b/docs/content/en/docs/getting-started/tetragon-file-events.md @@ -16,32 +16,33 @@ The following extends the example from Execution Tracing with a policy to monitor sensitive files in Linux. The policy used is the [`file-monitoring.yaml`](https://github.com/cilium/tetragon/blob/main/quickstart/file-monitoring.yaml) it can be reviewed and extended as needed. However, files monitored here serve as a good base set of files. -To apply the policy +To apply the policy -{{< tabpane >}} -{{< tab header="K8s" >}} +{{< tabpane lang=shell-session >}} + +{{< tab Kubernetes >}} kubectl apply -f http://github.com/cilium/tetragon/quickstart/file-monitoring.yaml {{< /tab >}} -{{< tab header="Docker" >}} +{{< tab Docker >}} {{< /tab >}} -{{< tab header="Systemd" >}} +{{< tab Systemd >}} {{< /tab >}} {{< /tabpane >}} With the file applied we can attach tetra to observe events again, -``` +```shell-session kubectl exec -ti -n kube-system ds/tetragon -c tetragon -- tetra getevents -o compact --pods xwing ``` Then reading a sensitive file, -``` +```shell-session kubectl exec -ti xwing -- bash -c 'cat /etc/shadow' ``` This will generate a read event, -``` +```shell-session πŸš€ process default/xwing /bin/bash -c "cat /etc/shadow" πŸš€ process default/xwing /bin/cat /etc/shadow πŸ“š read default/xwing /bin/cat /etc/shadow @@ -50,7 +51,7 @@ This will generate a read event, Attempts to write in sensitive directories will similar create an event. For example attempting to write in '/etc'. -``` +```shell-session πŸš€ process default/xwing /bin/bash -c "echo foo >> /etc/bar" πŸ“ write default/xwing /bin/bash /etc/bar πŸ“ write default/xwing /bin/bash /etc/bar diff --git a/docs/content/en/docs/getting-started/tetragon-network.md b/docs/content/en/docs/getting-started/tetragon-network.md index f73352a58bd..c8713d4da26 100644 --- a/docs/content/en/docs/getting-started/tetragon-network.md +++ b/docs/content/en/docs/getting-started/tetragon-network.md @@ -10,37 +10,38 @@ all network traffic outside the Kubernetes CIDR. # Network Access Monitoring -To apply the policy +To apply the policy -{{< tabpane >}} -{{< tab header="K8s" >}} +{{< tabpane lang=shell-session >}} + +{{< tab Kubernetes >}} wget http://github.com/cilium/tetragon/quickstart/network_egress_cluster.yaml kubectl get nodes -o jsonpath='{.items[*].spec.podCIDR}'| awk '{ for (i = 1; i <= NF; i++) print " - \"" $i "\"" }' >> network_egress_cluster.yaml kubectl get services -o jsonpath='{.items[*].spec.clusterIP}'| awk '{ for (i = 1; i <= NF; i++) print " - \"" $i "\"" }' >> network_egress_cluster.yaml kubectl apply -f network_egress_cluster.yaml {{< /tab >}} -{{< tab header="Docker" >}} +{{< tab Docker >}} {{< /tab >}} -{{< tab header="Systemd" >}} +{{< tab Systemd >}} {{< /tab >}} {{< /tabpane >}} With the file applied we can attach tetra to observe events again, -``` +```shell-session kubectl exec -ti -n kube-system ds/tetragon -c tetragon -- tetra getevents -o compact --pods xwing --processes curl ``` Then execute a curl command in the xwing pod to curl one of our favorite sites. -``` +```shell-session kubectl exec -ti xwing -- bash -c 'curl https://ebpf.io/applications/#tetragon' ``` A connect will be observed in the tetra shell -``` +```shell-session πŸš€ process default/xwing /usr/bin/curl https://ebpf.io/applications/#tetragonon πŸ”Œ connect default/xwing /usr/bin/curl tcp 10.32.0.19:33978 -> 104.198.14.52:443 πŸ’₯ exit default/xwing /usr/bin/curl https://ebpf.io/applications/#tetragonon 60 @@ -50,7 +51,7 @@ We can confirm in-kernel BPF filters are not producing events for in cluster traffic by issuing a curl to one of our services and noting there is no connect event. -``` +```shell-session $ kubectl exec -ti xwing -- bash -c 'curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing' Ship landed ```