Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

tetragon-oci-hook: fix issue for containerd #1375

Merged
merged 1 commit into from
Sep 11, 2023
Merged

tetragon-oci-hook: fix issue for containerd #1375

merged 1 commit into from
Sep 11, 2023

Conversation

kkourt
Copy link
Contributor

@kkourt kkourt commented Aug 21, 2023

containerd seems to be using a different label key for the container namespace than cri-o, which results in the fail detection of tetragon-oci-hook to not work properly because the teragon container cannot start.

While this can be fixed via appropriate arguments to the hook, we also want to have it working by default. So this patch:

  • changes the cel expression to support multiple keys
  • adds the key used by containerd (io.kubernetes.cri.sandbox-namespace) to the one used by cri-o (io.kubernetes.cri.sandbox-namespace).

The patch also adds a --debug option, and cleans up some dead code.

This issue was reported on slack by @akshay196.

@kkourt
tetragon-oci-hook: fix issue for containerd
a052404 
containerd seems to be using a different label key for the container
namespace than cri-o, which results in the fail detection of
tetragon-oci-hook to not work properly because the teragon container
cannot start.

While this can be fixed via appropriate arguments to the hook,
we also want to have it working by default. So this patch:
 - changes the cel expression to support multiple keys
 - adds the key used by containerd (io.kubernetes.cri.sandbox-namespace)
   to the one used by cri-o (io.kubernetes.cri.sandbox-namespace).

The patch also adds a --debug option, and cleans up some dead code.

Signed-off-by: Kornilios Kourtis <kornilios@isovalent.com>
@kkourt kkourt requested a review from a team as a code owner August 21, 2023 10:59
@kkourt kkourt requested a review from willfindlay August 21, 2023 10:59
willfindlay
willfindlay approved these changes Sep 11, 2023
View reviewed changes
Copy link
Contributor

@willfindlay willfindlay left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure if I know enough about this component to give a proper review but everything looks solid to me.

@kkourt kkourt merged commit da2406c into main Sep 11, 2023
@kkourt kkourt deleted the pr/kkourt/tetragon-oci-containerd-fix branch September 11, 2023 13:16
@kkourt kkourt added the release-note/minor This PR introduces a minor user-visible change label Nov 1, 2023
@p-linnane p-linnane mentioned this pull request Nov 1, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@willfindlay willfindlay willfindlay approved these changes

Assignees
No one assigned
Labels
release-note/minor This PR introduces a minor user-visible change
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kkourt @willfindlay