From 50d2429bd4af543ccf1d733661cff11183ef9b73 Mon Sep 17 00:00:00 2001 From: Amit Schendel Date: Tue, 3 Dec 2024 13:12:32 +0000 Subject: [PATCH] Adding pyroscope support Signed-off-by: Amit Schendel --- go.mod | 2 ++ go.sum | 4 ++++ main.go | 19 +++++++++++++++++++ .../v1/r0007_kubernetes_client_executed.go | 5 ++--- 4 files changed, 27 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index cafe7430..c022c6a4 100644 --- a/go.mod +++ b/go.mod @@ -23,6 +23,7 @@ require ( github.com/google/go-containerregistry v0.20.2 github.com/google/uuid v1.6.0 github.com/goradd/maps v1.0.0 + github.com/grafana/pyroscope-go v1.2.0 github.com/hashicorp/golang-lru/v2 v2.0.7 github.com/inspektor-gadget/inspektor-gadget v0.35.0 github.com/kinbiko/jsonassert v1.1.1 @@ -181,6 +182,7 @@ require ( github.com/gookit/color v1.5.4 // indirect github.com/gopacket/gopacket v1.3.1 // indirect github.com/gorilla/websocket v1.5.1 // indirect + github.com/grafana/pyroscope-go/godeltaprof v0.1.8 // indirect github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.22.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect diff --git a/go.sum b/go.sum index 47c91a52..7d4e4f88 100644 --- a/go.sum +++ b/go.sum @@ -565,6 +565,10 @@ github.com/goradd/maps v1.0.0 h1:21HC3xxKFk3p6BdQsELZXg/ByANMVYhCl0Mylzt0R38= github.com/goradd/maps v1.0.0/go.mod h1:O3i5k17BAjHa9h5dzGWWfRJizF03umiBDZsNSqFdbVA= github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= +github.com/grafana/pyroscope-go v1.2.0 h1:aILLKjTj8CS8f/24OPMGPewQSYlhmdQMBmol1d3KGj8= +github.com/grafana/pyroscope-go v1.2.0/go.mod h1:2GHr28Nr05bg2pElS+dDsc98f3JTUh2f6Fz1hWXrqwk= +github.com/grafana/pyroscope-go/godeltaprof v0.1.8 h1:iwOtYXeeVSAeYefJNaxDytgjKtUuKQbJqgAIjlnicKg= +github.com/grafana/pyroscope-go/godeltaprof v0.1.8/go.mod h1:2+l7K7twW49Ct4wFluZD3tZ6e0SjanjcUUBPVD/UuGU= github.com/gregjones/httpcache v0.0.0-20180305231024-9cad4c3443a7/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 h1:+ngKgrYPPJrOjhax5N+uePQ0Fh1Z7PheYoUI/0nzkPA= github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79/go.mod h1:FecbI9+v66THATjSRHfNgh1IVFe/9kFxbXtjV0ctIMA= diff --git a/main.go b/main.go index 2539b81b..695190e8 100644 --- a/main.go +++ b/main.go @@ -59,6 +59,8 @@ import ( "github.com/kubescape/node-agent/pkg/validator" "github.com/kubescape/node-agent/pkg/watcher/dynamicwatcher" "github.com/kubescape/node-agent/pkg/watcher/seccompprofilewatcher" + + pyroscope "github.com/grafana/pyroscope-go" ) func main() { @@ -112,6 +114,23 @@ func main() { }() } + if pyroscopeServerSvc, present := os.LookupEnv("PYROSCOPE_SERVER_SVC"); present { + logger.L().Info("Starting pyroscope profiler") + + if os.Getenv("APPLICATION_NAME") == "" { + os.Setenv("APPLICATION_NAME", "node-agent") + } + _, err := pyroscope.Start(pyroscope.Config{ + ApplicationName: os.Getenv("APPLICATION_NAME"), + ServerAddress: pyroscopeServerSvc, + Logger: pyroscope.StandardLogger, + Tags: map[string]string{"node": cfg.NodeName, "app": "node-agent", "pod": os.Getenv("POD_NAME")}, + }) + if err != nil { + logger.L().Ctx(ctx).Error("error starting pyroscope", helpers.Error(err)) + } + } + if m := os.Getenv("MULTIPLY"); m == "true" { logger.L().Info("MULTIPLY environment variable is true. Multiplying feature enabled - this is a feature for testing purposes only") } diff --git a/pkg/ruleengine/v1/r0007_kubernetes_client_executed.go b/pkg/ruleengine/v1/r0007_kubernetes_client_executed.go index f4137a38..4d3af669 100644 --- a/pkg/ruleengine/v1/r0007_kubernetes_client_executed.go +++ b/pkg/ruleengine/v1/r0007_kubernetes_client_executed.go @@ -103,9 +103,8 @@ func (rule *R0007KubernetesClientExecuted) handleNetworkEvent(event *tracernetwo "port": event.Port, "proto": event.Proto, }, - InfectedPID: event.Pid, - FixSuggestions: "If this is a legitimate action, please consider removing this workload from the binding of this rule.", - Severity: R0007KubernetesClientExecutedDescriptor.Priority, + InfectedPID: event.Pid, + Severity: R0007KubernetesClientExecutedDescriptor.Priority, }, RuntimeProcessDetails: apitypes.ProcessTree{ ProcessTree: apitypes.Process{