rthooks fixes #2874
Merged
rthooks fixes #2874
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
cgroup paths such as: /kubepods.slice/kubepods-besteffort.slice/kubepods-besteffort-pod4c9f1974_5c46_44c2_b42f_3bbf0e98eef9.slice/cri-containerd-bacb920470900725e0aa7d914fee5eb0854315448b024b6b8420ad8429c607ba.scope Are not correctly handled by the rthooks code. Add a check for .slice in pods and a check for .scope in containers. Signed-off-by: Kornilios Kourtis <[email protected]>
Signed-off-by: Kornilios Kourtis <[email protected]>
cgidmap requires cri for pod association to work with existing pods.
Currently, if cri is not enabled the cgidmap code will panic:
E0904 10:02:54.892524 22765 runtime.go:79] Observed a panic: "invalid memory address or nil pointer dereference" (runtime error: invalid memory address or nil pointer dereference)
goroutine 13 [running]:
k8s.io/apimachinery/pkg/util/runtime.logPanic({0x276f260, 0x4a09c00})
/home/kkourt/src/tetragon/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:75 +0x85
k8s.io/apimachinery/pkg/util/runtime.HandleCrash({0x0, 0x0, 0xc004fd3340?})
/home/kkourt/src/tetragon/vendor/k8s.io/apimachinery/pkg/util/runtime/runtime.go:49 +0x6b
panic({0x276f260?, 0x4a09c00?})
/opt/go/src/runtime/panic.go:770 +0x132
github.com/cilium/tetragon/pkg/cgidmap.(*criResolver).enqeue(0x0, {0xc005434f20, 0xc004fdfb28?, 0x40?})
This commit adds a nil check to avoid the panic and issues a warning if
cri is not enabled but cgidmap is.
Signed-off-by: Kornilios Kourtis <[email protected]>
Currently, if cgidmap is disabled (this is the default), the agent issues the following warning: level=warning msg="failed to retrieve cgidmap, not registering rthook" error="cgidmap disabled" This commit changes the message to indicate that this actually happens in the podhook and, also, does not emit a warning if the error is that cgidmap is disabled. Signed-off-by: Kornilios Kourtis <[email protected]>
✅ Deploy Preview for tetragon ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
kkourt
added
the
release-note/misc
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Assorted rthooks fixes and updates. See commits.
Fixes: #2872