From 43126362c399f33e7f018c9874228eb9311fe168 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?N=C3=A9stor=20Salceda?= Date: Thu, 25 Oct 2018 17:38:45 +0200 Subject: [PATCH 1/3] Use /captures and allow to be mounted as a volume for placing files on host --- .../kubernetes-response-engine/sysdig-capturer/Dockerfile | 2 ++ .../sysdig-capturer/docker-entrypoint.sh | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/integrations/kubernetes-response-engine/sysdig-capturer/Dockerfile b/integrations/kubernetes-response-engine/sysdig-capturer/Dockerfile index 35efbd9b..6e2f720c 100644 --- a/integrations/kubernetes-response-engine/sysdig-capturer/Dockerfile +++ b/integrations/kubernetes-response-engine/sysdig-capturer/Dockerfile @@ -21,4 +21,6 @@ ENV CAPTURE_DURATION 120 COPY ./docker-entrypoint.sh / +RUN mkdir -p /captures + ENTRYPOINT ["/docker-entrypoint.sh"] diff --git a/integrations/kubernetes-response-engine/sysdig-capturer/docker-entrypoint.sh b/integrations/kubernetes-response-engine/sysdig-capturer/docker-entrypoint.sh index 1e2e8475..8c1d27cc 100755 --- a/integrations/kubernetes-response-engine/sysdig-capturer/docker-entrypoint.sh +++ b/integrations/kubernetes-response-engine/sysdig-capturer/docker-entrypoint.sh @@ -11,5 +11,8 @@ done /usr/bin/sysdig-probe-loader -sysdig -S -M $CAPTURE_DURATION -pk -z -w $CAPTURE_FILE_NAME.scap.gz -s3cmd --access_key=$AWS_ACCESS_KEY_ID --secret_key=$AWS_SECRET_ACCESS_KEY put $CAPTURE_FILE_NAME.scap.gz $AWS_S3_BUCKET +sysdig -S -M $CAPTURE_DURATION -pk -z -w /captures/$CAPTURE_FILE_NAME.scap.gz + +s3cmd --access_key=$AWS_ACCESS_KEY_ID \ + --secret_key=$AWS_SECRET_ACCESS_KEY \ + put /captures/$CAPTURE_FILE_NAME.scap.gz $AWS_S3_BUCKET From 48d01203efe1a7764b97a44320c0b69831dfb6ed Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?N=C3=A9stor=20Salceda?= Date: Thu, 25 Oct 2018 17:39:12 +0200 Subject: [PATCH 2/3] Add a makefile for automating docker image building and pushing --- .../kubernetes-response-engine/sysdig-capturer/Makefile | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 integrations/kubernetes-response-engine/sysdig-capturer/Makefile diff --git a/integrations/kubernetes-response-engine/sysdig-capturer/Makefile b/integrations/kubernetes-response-engine/sysdig-capturer/Makefile new file mode 100644 index 00000000..246469d3 --- /dev/null +++ b/integrations/kubernetes-response-engine/sysdig-capturer/Makefile @@ -0,0 +1,7 @@ +all: build push + +build: + docker build -t sysdig/capturer . + +push: + docker push sysdig/capturer From c531d914931e580aed0ebc79a383496326d96ab9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?N=C3=A9stor=20Salceda?= Date: Fri, 26 Oct 2018 12:49:23 +0200 Subject: [PATCH 3/3] Only upload file to S3 if we have credentials and target bucket --- .../sysdig-capturer/docker-entrypoint.sh | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/integrations/kubernetes-response-engine/sysdig-capturer/docker-entrypoint.sh b/integrations/kubernetes-response-engine/sysdig-capturer/docker-entrypoint.sh index 8c1d27cc..88705bbf 100755 --- a/integrations/kubernetes-response-engine/sysdig-capturer/docker-entrypoint.sh +++ b/integrations/kubernetes-response-engine/sysdig-capturer/docker-entrypoint.sh @@ -1,6 +1,6 @@ #!/bin/bash -set -exuo +set -eo echo "* Setting up /usr/src links from host" @@ -13,6 +13,8 @@ done sysdig -S -M $CAPTURE_DURATION -pk -z -w /captures/$CAPTURE_FILE_NAME.scap.gz -s3cmd --access_key=$AWS_ACCESS_KEY_ID \ - --secret_key=$AWS_SECRET_ACCESS_KEY \ - put /captures/$CAPTURE_FILE_NAME.scap.gz $AWS_S3_BUCKET +if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$AWS_S3_BUCKET" ]; then + s3cmd --access_key=$AWS_ACCESS_KEY_ID \ + --secret_key=$AWS_SECRET_ACCESS_KEY \ + put /captures/$CAPTURE_FILE_NAME.scap.gz $AWS_S3_BUCKET +fi