docs: Network Monitoring section of Getting Started incorrectly indicates no new events

[scottslowe]

The Networking Monitoring section of the Getting Started guide states that "no new events" will be generated when using curl to connect from the "xwing" Pod to a cluster-internal FQDN (like deathstar.svc.cluster.local) or its equivalent ClusterIP (like 10.100.100.1).

However, this isn't correct. No new connect events will be generated, but new process and exit events will be generated since execution monitoring is still active:

🚀 process default/xwing /usr/bin/curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing
💥 exit    default/xwing /usr/bin/curl -s -XPOST deathstar.default.svc.cluster.local/v1/request-landing 0
💥 exit    default/xwing /bin/bash  0
🚀 process default/xwing /usr/bin/bash -c "curl -s -XPOST 10.100.100.1/v1/request-landing"
🚀 process default/xwing /usr/bin/curl -s -XPOST 10.100.100.1/v1/request-landing
💥 exit    default/xwing /usr/bin/curl -s -XPOST 10.100.100.1/v1/request-landing 0
🚀 process default/xwing /usr/bin/bash -c "curl -s -XPOST 10.100.100.1/v1/request-landing"
🚀 process default/xwing /usr/bin/curl -s -XPOST 10.100.100.1/v1/request-landing
💥 exit    default/xwing /usr/bin/curl -s -XPOST 10.100.100.1/v1/request-landing 0

We should either:

1. Update the docs to indicate that Tetragon won't generate new connect events, but that execution monitoring events are still reported; or
2. update the docs to filter out execution monitoring events (which I believe can be done via --event-types, but I haven't personally tested this yet).

[rahulmansharamani14]

Hi @mtardy, Is there anyone working on this? If not, I'd like to give it a try.

[mtardy]

Hi @mtardy, Is there anyone working on this? If not, I'd like to give it a try.

sure please go ahead, sorry for missing your message, it might have happen during kubecon :)