-
Notifications
You must be signed in to change notification settings - Fork 420
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kubernetes information missing #4181
Comments
It seems that the container enrichment isn't working in general on your instance. Could you print the startup debug logs using |
Sure. Here is the output with the
|
Could you try running this with the standard tracee binary? tracee-ebpf as a standalone binary is being deprecated and it is not as actively supported. |
@jeason81 did you have a chance to test it again by running |
Description
I am using the Vagrantfile located within this repo to create a test VM to deploy Tracee (using the provided helm charts). Everything seems to work but I have noticed that the Kubernetes information is missing from the output. I see
"kubernetes":{}
for every entry. I am using the-s container
option to ensure I am scoped properly and I do see that the container ID is reported and so is containerStarted. Strangely, other container information is not present, such as the container name, tag, or digest.Output of
tracee version
:Output of
uname -a
:Additional details
I am using a M1 MacBook Pro with Parallels installed. Vagrant is configured to use Parallels and both the Mac and Parallels have all the latest updates.
To test this, I monitored for
execve
and logged into the tracee container. I then rancat /etc/os-release
, which can be seen in the logs below. However, the container information is still limited, and the Kubernetes information is still empty.The text was updated successfully, but these errors were encountered: