Merge pull request #425 from kubescape/feature/pyroscope

Adding pyroscope support
kubescape · Dec 3, 2024 · 72054a6 · 72054a6
2 parents 6d67cbc + 50d2429
commit 72054a6
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 3 deletions.
diff --git a/go.mod b/go.mod
@@ -23,6 +23,7 @@ require (
 	github.com/google/go-containerregistry v0.20.2
 	github.com/google/uuid v1.6.0
 	github.com/goradd/maps v1.0.0
+	github.com/grafana/pyroscope-go v1.2.0
 	github.com/hashicorp/golang-lru/v2 v2.0.7
 	github.com/inspektor-gadget/inspektor-gadget v0.35.0
 	github.com/kinbiko/jsonassert v1.1.1
@@ -181,6 +182,7 @@ require (
 	github.com/gookit/color v1.5.4 // indirect
 	github.com/gopacket/gopacket v1.3.1 // indirect
 	github.com/gorilla/websocket v1.5.1 // indirect
+	github.com/grafana/pyroscope-go/godeltaprof v0.1.8 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect

diff --git a/go.sum b/go.sum
@@ -565,6 +565,10 @@ github.com/goradd/maps v1.0.0 h1:21HC3xxKFk3p6BdQsELZXg/ByANMVYhCl0Mylzt0R38=
 github.com/goradd/maps v1.0.0/go.mod h1:O3i5k17BAjHa9h5dzGWWfRJizF03umiBDZsNSqFdbVA=
 github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY=
 github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY=
+github.com/grafana/pyroscope-go v1.2.0 h1:aILLKjTj8CS8f/24OPMGPewQSYlhmdQMBmol1d3KGj8=
+github.com/grafana/pyroscope-go v1.2.0/go.mod h1:2GHr28Nr05bg2pElS+dDsc98f3JTUh2f6Fz1hWXrqwk=
+github.com/grafana/pyroscope-go/godeltaprof v0.1.8 h1:iwOtYXeeVSAeYefJNaxDytgjKtUuKQbJqgAIjlnicKg=
+github.com/grafana/pyroscope-go/godeltaprof v0.1.8/go.mod h1:2+l7K7twW49Ct4wFluZD3tZ6e0SjanjcUUBPVD/UuGU=
 github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA=
 github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA=

diff --git a/main.go b/main.go
@@ -59,6 +59,8 @@ import (
 	"github.com/kubescape/node-agent/pkg/validator"
 	"github.com/kubescape/node-agent/pkg/watcher/dynamicwatcher"
 	"github.com/kubescape/node-agent/pkg/watcher/seccompprofilewatcher"
+
+	pyroscope "github.com/grafana/pyroscope-go"
 )
 
 func main() {
@@ -112,6 +114,23 @@ func main() {
 		}()
 	}
 
+	if pyroscopeServerSvc, present := os.LookupEnv("PYROSCOPE_SERVER_SVC"); present {
+		logger.L().Info("Starting pyroscope profiler")
+
+		if os.Getenv("APPLICATION_NAME") == "" {
+			os.Setenv("APPLICATION_NAME", "node-agent")
+		}
+		_, err := pyroscope.Start(pyroscope.Config{
+			ApplicationName: os.Getenv("APPLICATION_NAME"),
+			ServerAddress:   pyroscopeServerSvc,
+			Logger:          pyroscope.StandardLogger,
+			Tags:            map[string]string{"node": cfg.NodeName, "app": "node-agent", "pod": os.Getenv("POD_NAME")},
+		})
+		if err != nil {
+			logger.L().Ctx(ctx).Error("error starting pyroscope", helpers.Error(err))
+		}
+	}
+
 	if m := os.Getenv("MULTIPLY"); m == "true" {
 		logger.L().Info("MULTIPLY environment variable is true. Multiplying feature enabled - this is a feature for testing purposes only")
 	}

diff --git a/pkg/ruleengine/v1/r0007_kubernetes_client_executed.go b/pkg/ruleengine/v1/r0007_kubernetes_client_executed.go
@@ -103,9 +103,8 @@ func (rule *R0007KubernetesClientExecuted) handleNetworkEvent(event *tracernetwo
 				"port":  event.Port,
 				"proto": event.Proto,
 			},
-			InfectedPID:    event.Pid,
-			FixSuggestions: "If this is a legitimate action, please consider removing this workload from the binding of this rule.",
-			Severity:       R0007KubernetesClientExecutedDescriptor.Priority,
+			InfectedPID: event.Pid,
+			Severity:    R0007KubernetesClientExecutedDescriptor.Priority,
 		},
 		RuntimeProcessDetails: apitypes.ProcessTree{
 			ProcessTree: apitypes.Process{