|
| 1 | +# Kubectl Sysdig Capture plugin |
| 2 | + |
| 3 | +Sysdig is a powerful open source tool for container troubleshooting, performance |
| 4 | +tunning and security investigation. |
| 5 | + |
| 6 | +This repository implements a `kubectl` plugin which triggers a capture in the |
| 7 | +underlying host which is running a pod. A capture file is created for a |
| 8 | +duration of time and is download locally in order to use it with |
| 9 | +[Sysdig Inspect](https://sysdig.com/opensource/inspect/). |
| 10 | + |
| 11 | +## Installing |
| 12 | + |
| 13 | +In order to use this plugin, just copy the `kubectl-sysdig_capture` to your |
| 14 | +PATH, and ensure it has execution permissions. |
| 15 | + |
| 16 | +You can verify its installation using `kubectl`: |
| 17 | + |
| 18 | +```bash |
| 19 | +$ kubectl plugin list |
| 20 | +The following kubectl-compatible plugins are available: |
| 21 | + |
| 22 | +/usr/local/bin/kubectl-sysdig_capture |
| 23 | +``` |
| 24 | + |
| 25 | +In this case is installed into /usr/local/bin, but will work with another |
| 26 | +location listed in PATH. |
| 27 | + |
| 28 | +## Getting started |
| 29 | + |
| 30 | +Once you have the `kubectl` plugin installed, you can start taking captures: |
| 31 | + |
| 32 | +```bash |
| 33 | +$ kubectl sysdig-capture nginx-78f5d695bd-bcbd8 |
| 34 | +Sysdig is starting to capture system calls. See details below: |
| 35 | + |
| 36 | +Node: gke-sysdig-work-default-pool-c2d817f5-ggwv |
| 37 | +Pod: nginx-78f5d695bd-bcbd8 |
| 38 | +Duration: 120 seconds |
| 39 | + |
| 40 | +Your capture is now available at sysdig-capture-1550080529-nginx-78f5d695bd-bcbd8.scap.gz |
| 41 | +``` |
| 42 | + |
| 43 | +And then, you can start troubleshooting with [Sysdig Inspect](https://sysdig.com/opensource/inspect/). |
| 44 | + |
| 45 | +### Extra initialization time |
| 46 | + |
| 47 | +When the capture container is being spinned, it takes some time to compile the |
| 48 | +Sysdig Kernel module and start to capture system calls. You can check the logs |
| 49 | +of the Sysdig Capture Pod if you need to know with accuracy when Sysdig starts |
| 50 | +to capture. |
| 51 | + |
| 52 | +## Parameters |
| 53 | + |
| 54 | +There are a few parameters for this plugin: |
| 55 | + |
| 56 | +| Flag | Description | |
| 57 | +|--------------------|---------------------------------------------------------------| |
| 58 | +| `-d | --duration` | The duration in seconds that Sysdig is capturing system calls | |
| 59 | +| `-n | --namespace` | The namespace scope of the target Pod | |
| 60 | + |
| 61 | +## Cleanup |
| 62 | + |
| 63 | +You can uninstall this plugin from `kubectl` by simply removing it from your |
| 64 | +PATH: |
| 65 | + |
| 66 | +```bash |
| 67 | +$ rm /usr/local/bin/kubectl-sysdig_capture |
| 68 | +``` |
0 commit comments