[Draft] Addition to anupam tarian detector integration

.github/workflows/charts.yaml

@@ -107,7 +107,7 @@ jobs:
           go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@938f6e2f7550e542bd78f3b9e8812665db109e02 # @v1.1.0
           make bin/protoc bin/goreleaser
           bash ./dev/run-kind-registry.sh
-          make ebpf generate
+          make generate
           ./bin/goreleaser release --snapshot --rm-dist
           make push-local-images
           cp dist/tarianctl_linux_amd64/tarianctl ./bin/

.github/workflows/ci.yaml

@@ -62,7 +62,6 @@ jobs:
         run: |
           set -x
           sudo apt update && sudo apt install -y jq pkg-config libelf-dev clang
-          make ebpf
 
       - name: Run unit tests
         run: make unit-test
@@ -131,7 +130,7 @@ jobs:
           go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@938f6e2f7550e542bd78f3b9e8812665db109e02 # @v1.1.0
           make bin/protoc bin/goreleaser
           bash ./dev/run-kind-registry.sh
-          make ebpf generate
+          make generate
           ./bin/goreleaser release --snapshot --rm-dist
           make push-local-images
           cp dist/tarianctl_linux_amd64/tarianctl ./bin/

.gitignore

@@ -4,7 +4,6 @@
 /vendor
 /.local
 /.vscode
-/pkg/**/capture_exec.bpf.o
 /pkg/tarianpb/api.pb.go
 /pkg/tarianpb/types.pb.go
 coverage.xml

.golangci.yml

@@ -1,8 +1,6 @@
 run:
   timeout: 10m
   concurrency: 4
-  skip-files:
-  - pkg/nodeagent/ebpf/exec.go
 
 linters:
   disable-all: true

.goreleaser.yml

@@ -1,7 +1,6 @@
 env:
   - CONTAINER_REGISTRY={{ if index .Env "CONTAINER_REGISTRY" }}{{ .Env.CONTAINER_REGISTRY }}{{ else }}localhost:5000{{ end }}
   - CGO_CFLAGS=-I{{ abs .ModulePath }}/output -Wno-unknown-attributes
-  - CGO_LDFLAGS=-lelf -lz {{ abs .ModulePath}}/output/libbpf.a
 builds:
   - id: tarian-server
     main: ./cmd/tarian-server/
@@ -39,7 +38,7 @@ builds:
     main: ./cmd/tarian-node-agent/
     binary: tarian-node-agent
     env:
-      - CC=clang
+      - CGO_ENABLED=0
     goos:
       - linux
     goarch:

Dockerfile-node-agent

@@ -1,6 +1,13 @@
-# FROM cgr.dev/chainguard/static:latest
 FROM cgr.dev/chainguard/static@sha256:2ea44d9bdd177a07e6fba8a60f7d45cb8a7358586a5f740187866566e6df310d
 
+ARG KERNEL_VERSION_MAJOR
+ARG KERNEL_VERSION_MINOR
+ARG KERNEL_VERSION_PATCH
+
+ENV LINUX_VERSION_MAJOR=$KERNEL_VERSION_MAJOR
+ENV LINUX_VERSION_MINOR=$KERNEL_VERSION_MINOR
+ENV LINUX_VERSION_PATCH=$KERNEL_VERSION_PATCH
+
 COPY ./tarian-node-agent .
 
 ENTRYPOINT ["./tarian-node-agent"]

Makefile

@@ -34,19 +34,12 @@ default: help
 help: ## Display this help.
 	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
 
-##@ eBPF
 
 BASEDIR = $(abspath ./)
 OUTPUT = ./output
 ARCH := $(shell uname -m | sed 's/x86_64/amd64/g; s/aarch64/arm64/g')
 
-LIBBPF_SRC = $(abspath ./3rdparty/libbpf/src)
-LIBBPF_OBJ = $(abspath $(OUTPUT)/libbpf.a)
-LIBBPF_OBJDIR = $(abspath $(OUTPUT)/libbpf)
-LIBBPF_DESTDIR = $(abspath $(OUTPUT))
-
 CC = gcc
-CLANG = clang
 GO = go
 CFLAGS = -g -O2 -Wall -fpie
 LDFLAGS =
@@ -60,16 +53,20 @@ CGO_LDFLAGS_DYN = "-lelf -lz -lbpf"
 BTFFILE = /sys/kernel/btf/vmlinux
 BPFTOOL = $(shell which bpftool || /bin/false)
 VMLINUXH = $(OUTPUT)/vmlinux.h
-NODEAGENT_EBPF_DIR = pkg/nodeagent/ebpf
+
+# extracts the major, minor, and patch version numbers of the kernel version
+KERNEL_VERSION = $(word 1, $(subst -, ,$(shell uname -r)))
+KV_S = $(subst ., ,$(KERNEL_VERSION))
+KV_MAJOR = $(word 1,$(KV_S))
+KV_MINOR = $(word 2,$(KV_S))
+KV_PATCH = $(word 3,$(KV_S))
+
 
 # output
 
 $(OUTPUT):
 	mkdir -p $(OUTPUT)
 
-$(OUTPUT)/libbpf:
-	mkdir -p $(OUTPUT)/libbpf
-
 # vmlinux header file
 
 .PHONY: vmlinuxh
@@ -88,22 +85,7 @@ $(VMLINUXH): $(OUTPUT)
 		echo "INFO: generating $(VMLINUXH) from $(BTFFILE)"; \
 		$(BPFTOOL) btf dump file $(BTFFILE) format c > $(VMLINUXH); \
 	fi
-
-# libbpf
-
-$(LIBBPF_OBJ): $(LIBBPF_SRC) $(wildcard $(LIBBPF_SRC)/*.[ch]) | $(OUTPUT)/libbpf
-	CC="$(CC)" CFLAGS="$(CFLAGS)" LD_FLAGS="$(LDFLAGS)" \
-		$(MAKE) -C $(LIBBPF_SRC) \
-		BUILD_STATIC_ONLY=1 \
-		OBJDIR=$(LIBBPF_OBJDIR) \
-		DESTDIR=$(LIBBPF_DESTDIR) \
-		INCLUDEDIR= LIBDIR= UAPIDIR= install
-
-libbpfgo-static: $(VMLINUXH) | $(LIBBPF_OBJ)
-
-$(NODEAGENT_EBPF_DIR)/capture_exec.bpf.o: vmlinuxh libbpfgo-static ## Build eBPF object
-	$(CLANG) $(CFLAGS) -target bpf -D__TARGET_ARCH_$(ARCH) -I$(OUTPUT) -c $(NODEAGENT_EBPF_DIR)/c/capture_exec.bpf.c -o $@
-
+
 ##@ Development
 
 generate: bin/controller-gen ## Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations.
@@ -115,9 +97,7 @@ fmt: ## Run go fmt against code.
 vet: ## Run go vet against code.
 	CGO_CFLAGS=$(CGO_CFLAGS_STATIC) CGO_LDFLAGS=$(CGO_LDFLAGS_STATIC) go vet ./...
 
-ebpf: $(NODEAGENT_EBPF_DIR)/capture_exec.bpf.o
-
-build: bin/goreleaser generate proto ebpf ## Build binaries and copy to ./bin/
+build: bin/goreleaser generate proto ## Build binaries and copy to ./bin/
 	./bin/goreleaser build --single-target --snapshot --rm-dist --single-target
 	cp dist/*/tarian* ./bin/
 
@@ -132,7 +112,7 @@ local-images: build
 	docker build -f Dockerfile-server -t localhost:5000/tarian-server dist/tarian-server_linux_amd64/ && docker push localhost:5000/tarian-server
 	docker build -f Dockerfile-cluster-agent -t localhost:5000/tarian-cluster-agent dist/tarian-cluster-agent_linux_amd64/ && docker push localhost:5000/tarian-cluster-agent
 	docker build -f Dockerfile-pod-agent -t localhost:5000/tarian-pod-agent dist/tarian-pod-agent_linux_amd64/ && docker push localhost:5000/tarian-pod-agent
-	docker build -f Dockerfile-node-agent -t localhost:5000/tarian-node-agent dist/tarian-node-agent_linux_amd64/ && docker push localhost:5000/tarian-node-agent
+	docker build --build-arg KERNEL_VERSION_MAJOR=$(KV_MAJOR) --build-arg KERNEL_VERSION_MINOR=$(KV_MINOR) --build-arg KERNEL_VERSION_PATCH=$(KV_PATCH) -f Dockerfile-node-agent -t localhost:5000/tarian-node-agent dist/tarian-node-agent_linux_amd64/ && docker push localhost:5000/tarian-node-agent
 	docker build -f Dockerfile-tarianctl -t localhost:5000/tarianctl dist/tarianctl_linux_amd64/ && docker push localhost:5000/tarianctl
 
 push-local-images:

charts/tarian-cluster-agent/templates/tarian-node-agent-daemonset.yaml

@@ -37,10 +37,16 @@ spec:
           mountPath: /sys/fs/bpf
           mountPropagation: Bidirectional
         env:
-          - name: NODE_NAME
-            valueFrom:
-              fieldRef:
-                fieldPath: spec.nodeName
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: LINUX_VERSION_MAJOR
+          value: "6"
+        - name: LINUX_VERSION_MINOR
+          value: "5"
+        - name: LINUX_VERSION_PATCH
+          value: "0"
       serviceAccountName: {{ .Release.Name }}-node-sa
       volumes:
       - name: host-proc

cmd/tarian-node-agent/cmd/mount_debugfs.go

@@ -9,6 +9,7 @@ import (
 // https://man7.org/linux/man-pages/man2/statfs.2.html
 const DebugFSMagic = 0x64626720
 
+// DebugFSRoot is the location of the DebugFS filesystem
 const DebugFSRoot = "/sys/kernel/debug"
 
 func isDebugFsMounted() bool {

cmd/tarian-node-agent/cmd/run.go

@@ -6,6 +6,7 @@
 	"os/signal"
 	"syscall"
 
+	"github.com/cilium/ebpf/rlimit"
 	"github.com/kube-tarian/tarian/cmd/tarian-node-agent/cmd/flags"
 	"github.com/kube-tarian/tarian/pkg/log"
 	"github.com/kube-tarian/tarian/pkg/nodeagent"
@@ -65,8 +66,15 @@
 		return fmt.Errorf("host proc is not mounted: %w", err)
 	}
 
+	if err := rlimit.RemoveMemlock(); err != nil {
+		c.logger.Fatal(err)
+	}
+
 	addr := c.clusterAgentHost + ":" + c.clusterAgentPort
 	agent := nodeagent.NewNodeAgent(c.logger, addr)
+	/*if err != nil {
+		return fmt.Errorf("error while creating tarian-node-agent: %w", err)
+	}*/
 	agent.EnableAddConstraint(c.enableAddConstraint)
 	agent.SetNodeName(c.nodeNmae)
 

cmd/tarianctl/cmd/flags/flag.go

@@ -93,7 +93,6 @@ func (globalFlags *GlobalFlags) ValidateGlobalFlags() error {
 func (globalFlags *GlobalFlags) GetFlagValuesFromEnvVar(logger *logrus.Logger) {
 	// Read environment variable for "server-address" flag
 	if globalFlags.ServerAddr == defaultServerAddress || globalFlags.ServerAddr == "" {
-		fmt.Println("here")
 		if serverAddressEnv := os.Getenv(tarianServerAddressEnv); serverAddressEnv != "" {
 			logger.Debugf("Setting server address from environment variable, TARIAN_SERVER_ADDRESS=%s", serverAddressEnv)
 			globalFlags.ServerAddr = serverAddressEnv

dev/config/tarian-cluster-agent/tarian-cluster-agent.yaml

@@ -17,6 +17,7 @@ spec:
         image: localhost:5000/tarian-cluster-agent:latest
         args:
         - --log-level=debug
+        - --log-formatter=json
         - run
         - "--server-address=tarian-server:80"
         - --enable-add-constraint

dev/config/tarian-node-agent/tarian-node-agent.yaml

@@ -16,6 +16,7 @@ spec:
         image: localhost:5000/tarian-node-agent:latest
         args:
         - --log-level=debug
+        - --log-formatter=json
         - run
         - --cluster-agent-host=tarian-cluster-agent.tarian-system.svc
         - --cluster-agent-port=80
@@ -31,10 +32,16 @@ spec:
           mountPath: /sys/fs/bpf
           mountPropagation: Bidirectional
         env:
-          - name: NODE_NAME
-            valueFrom:
-              fieldRef:
-                fieldPath: spec.nodeName
+        - name: NODE_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: spec.nodeName
+        - name: LINUX_VERSION_MAJOR
+          value: "6"
+        - name: LINUX_VERSION_MINOR
+          value: "5"
+        - name: LINUX_VERSION_PATCH
+          value: "0"
       serviceAccountName: tarian-node-agent
       volumes:
       - name: host-proc

dev/config/tarian-server/tarian-server.yaml

@@ -16,7 +16,7 @@ spec:
       - name: tarian-server
         image: "localhost:5000/tarian-server:latest"
         args:
-        - "--log-formatter=text"
+        - "--log-formatter=json"
         - "--log-level=debug"
         - run
         - "--alertmanager-address=http://alertmanager:9093"