tetragon icon indicating copy to clipboard operation
tetragon copied to clipboard

Published 20 hours ago verified publisher icon cilium

tetragon: GetPodInfo() is called even a non k8s deployments

Open tixxdz opened this issue 2 years ago • 3 comments

GetPodInfo() where we get the pod info for the events is being called even if Tetragon is run with enable-k8s-api:false , this is not an urgent or real issue unless it starts pulling some other bugs...

The ideal case would be to disable K8s code completely for such deployments, but before the question: what would be the side effects on k8s deployments then ? needs to be answered.

tixxdz avatar Jul 07 '22 15:07 tixxdz

GetPodInfo() function can basically show the information about a particular running pod & status. To access the information we have to use a CLI tool like kubectl. And called the API server to get the information about the pod from the worker node via kubelet, i.e. kubectl get pod

Kubernetes-node-taxonomy

But what is happen when we request a pod information from a non kubernates deployment.

if the deployment can't occur the pod is writing non-persisting data which won't survive a restart or the pod is intended to be very short.

There are lots of issues are arise while disable K8s code completely for such deployments.

  • Lots of users can't access the application running inside the containers while disable all the servers.
  • Chance to arise bugs while restarting the deployment.
  • Problem to maintain the pause or postponed deployment.
  • May have chances some delay to restart the deployment cause of sudden spike in network traffic.
  • Problem to maintain and monitoring to all the deployments running in their particular container or not.

For this kind of issues comes in to picture k8s orchestration tool. By using kubernates orchestration we can easily manage and do some operation in our running deployment like

  • Deploy the application
  • zero downtime
  • Update the application
  • Scaling the application
  • Self healing of a application
  • Fault tolerance
  • load balancing and request and stuffs.

ADITYADAS1999 avatar Aug 09 '22 12:08 ADITYADAS1999

Hi @ADITYADAS1999,

To access the information we have to use a CLI tool like kubectl. And called the API server to get the information about the pod from the worker node via kubelet,

The problem here is that in Tetragon some k8s code path is being executed even if there is no real Kubernetes deployment, that shouldn't be the case.

Thank you for the node components picture, I suspected it may work this way!

tixxdz avatar Aug 09 '22 18:08 tixxdz

Thanks, hope this something helpful 👨‍💻

ADITYADAS1999 avatar Aug 10 '22 03:08 ADITYADAS1999