github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-28 15:47:25 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #448 from nestorsalceda/capturer-use-volumes

Browse Source 
Allow that sysdig/capturer used in Kubernetes Response Engine uses volumes
This commit is contained in:
Jorge Salamero Sanz 2018-11-05 10:19:29 +01:00 committed by GitHub
commit 774046d57e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
integrations/kubernetes-response-engine/sysdig-capturer/Dockerfile
View File

@ -21,4 +21,6 @@ ENV CAPTURE_DURATION 120
COPY ./docker-entrypoint.sh / COPY ./docker-entrypoint.sh /
RUN mkdir -p /captures
ENTRYPOINT ["/docker-entrypoint.sh"] ENTRYPOINT ["/docker-entrypoint.sh"]

7
integrations/kubernetes-response-engine/sysdig-capturer/Makefile Normal file
View File

@ -0,0 +1,7 @@
all: build push
build:
docker build -t sysdig/capturer .
push:
docker push sysdig/capturer

11
integrations/kubernetes-response-engine/sysdig-capturer/docker-entrypoint.sh
View File

@ -1,6 +1,6 @@
#!/bin/bash #!/bin/bash
set -exuo set -eo
echo "* Setting up /usr/src links from host" echo "* Setting up /usr/src links from host"
@ -11,5 +11,10 @@ done
/usr/bin/sysdig-probe-loader /usr/bin/sysdig-probe-loader
sysdig -S -M $CAPTURE_DURATION -pk -z -w $CAPTURE_FILE_NAME.scap.gz sysdig -S -M $CAPTURE_DURATION -pk -z -w /captures/$CAPTURE_FILE_NAME.scap.gz
s3cmd --access_key=$AWS_ACCESS_KEY_ID --secret_key=$AWS_SECRET_ACCESS_KEY put $CAPTURE_FILE_NAME.scap.gz $AWS_S3_BUCKET
if [ -n "$AWS_ACCESS_KEY_ID" ] && [ -n "$AWS_SECRET_ACCESS_KEY" ] && [ -n "$AWS_S3_BUCKET" ]; then
s3cmd --access_key=$AWS_ACCESS_KEY_ID \
--secret_key=$AWS_SECRET_ACCESS_KEY \
put /captures/$CAPTURE_FILE_NAME.scap.gz $AWS_S3_BUCKET
fi