Включение логов для отладки | Enabling debugging logs |
Falco | Falco |
По умолчанию используется уровень логирования | By default, the log level for |
Falcosidekick | Falcosidekick |
По умолчанию отладочное логирование выключено в | By default, the debug logging for |
Для включения отладочного логирования установите параметр | To enable debugging logging set the |
yaml apiVersion: deckhouse.io/v1alpha1 kind: ModuleConfig metadata: name: runtime-audit-engine spec: enabled: true settings: debugLogging: true | yaml apiVersion: deckhouse.io/v1alpha1 kind: ModuleConfig metadata: name: runtime-audit-engine spec: enabled: true settings: debugLogging: true |
Просмотр метрик | Viewing metrics |
Для получения метрик можно использовать PromQL-запрос | You can use the PromQL query |
shell
kubectl -n d8-monitoring exec -it prometheus-main-0 prometheus – | shell
kubectl -n d8-monitoring exec -it prometheus-main-0 prometheus – |
В будущем мы добавим Grafana dashboard для просмотра метрик. | We will add Grafana dashboard in the future for viewing metrics. |
Эмуляция события Falco | Emulating a Falco event |
Вы можете использовать утилиту event-generator для генерации событий Falco. | You can use the event-generator CLI utility to generate a Falco events. |
|
|
Вы можете использовать следующую команду для запуска тестового набора событий в кластере Kubernetes: | Use the following command to run all events with the Pod in Kubernetes cluster: |
shell kubectl run falco-event-generator –image=falcosecurity/event-generator run | shell kubectl run falco-event-generator –image=falcosecurity/event-generator run |
Если вам нужно реализовать действие, воспользуйтесь руководством. | If you need to implement an action, use this guide. |
Эмуляция события Falcosidekick | Emulating a Falcosidekick event |
Вы можете использовать Falcosidekick | You can use the Falcosidekick |
|
|
shell kubectl -n d8-runtime-audit-engine get pods | shell kubectl -n d8-runtime-audit-engine get pods |
Пример вывода: | Example of the output: |
text NAME READY STATUS RESTARTS AGE runtime-audit-engine-4cpjc 4/4 Running 0 3d12h runtime-audit-engine-rn7nj 4/4 Running 0 3d12h | text NAME READY STATUS RESTARTS AGE runtime-audit-engine-4cpjc 4/4 Running 0 3d12h runtime-audit-engine-rn7nj 4/4 Running 0 3d12h |
|
|
shell export POD_IP=$(kubectl -n d8-runtime-audit-engine get pod runtime-audit-engine-4cpjc –template ‘{{.status.podIP}}’) | shell export POD_IP=$(kubectl -n d8-runtime-audit-engine get pod runtime-audit-engine-4cpjc –template ‘{{.status.podIP}}’) |
|
|
shell kubectl run curl –image=curlimages/curl curl -X POST -H “Content-Type: application/json” -H “Accept: application/json” $POD_IP:2801/test | shell kubectl run curl –image=curlimages/curl curl -X POST -H “Content-Type: application/json” -H “Accept: application/json” $POD_IP:2801/test |
|
|
shell
kubectl -n d8-monitoring exec -it prometheus-main-0 prometheus – | shell
kubectl -n d8-monitoring exec -it prometheus-main-0 prometheus – |
|
|
json { “metric”: { “name”: “falco_events”, “container”: “kube-rbac-proxy”, “instance”: “192.168.199.60:4212”, “job”: “runtime-audit-engine”, “node”: “dev-master-0”, “priority”: “Debug”, “rule”: “Test rule”, “tier”: “cluster” }, “value”: [ 1687150913.828, “2” ] } | json { “metric”: { “name”: “falco_events”, “container”: “kube-rbac-proxy”, “instance”: “192.168.199.60:4212”, “job”: “runtime-audit-engine”, “node”: “dev-master-0”, “priority”: “Debug”, “rule”: “Test rule”, “tier”: “cluster” }, “value”: [ 1687150913.828, “2” ] } |