Skip to content

Commit

Permalink
cleanup: rename .id into .uid
Browse files Browse the repository at this point in the history 
Signed-off-by: Andrea Terzolo <[email protected]>
Co-authored-by: Melissa Kilby <[email protected]>
  • Loading branch information
@Andreagit97 @incertum
Andreagit97 and incertum committed Dec 15, 2023
1 parent 0a1bae8 commit 1cc7159
Show file tree
Hide file tree
Showing 5 changed files with 97 additions and 85 deletions.
54 changes: 33 additions & 21 deletions plugins/k8smeta/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,33 +19,33 @@ The `k8smeta` plugin implements these capabilities:
### Supported Fields

<!-- README-PLUGIN-FIELDS -->
| NAME | TYPE | ARG | DESCRIPTION |
|----------------------------|-----------------|---------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `k8smeta.pod.name` | `string` | None | Kubernetes pod name. |
| `k8smeta.pod.id` | `string` | None | Kubernetes pod ID. |
| NAME | TYPE | ARG | DESCRIPTION |
|-----------------------------|-----------------|---------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `k8smeta.pod.name` | `string` | None | Kubernetes pod name. |
| `k8smeta.pod.uid` | `string` | None | Kubernetes pod UID. |
| `k8smeta.pod.label` | `string` | Key, Required | Kubernetes pod label. E.g. 'k8smeta.pod.label[foo]'. |
| `k8smeta.pod.labels` | `string (list)` | None | Kubernetes pod comma-separated key/value labels. E.g. '(foo1:bar1,foo2:bar2)'. |
| `k8smeta.pod.ip` | `string` | None | Kubernetes pod ip |
| `k8smeta.ns.name` | `string` | None | Kubernetes namespace name. |
| `k8smeta.ns.id` | `string` | None | Kubernetes namespace ID. |
| `k8smeta.pod.labels` | `string (list)` | None | Kubernetes pod comma-separated key/value labels. E.g. '(foo1:bar1,foo2:bar2)'. |
| `k8smeta.pod.ip` | `string` | None | Kubernetes pod ip |
| `k8smeta.ns.name` | `string` | None | Kubernetes namespace name. |
| `k8smeta.ns.uid` | `string` | None | Kubernetes namespace UID. |
| `k8smeta.ns.label` | `string` | Key, Required | Kubernetes namespace label. E.g. 'k8smeta.ns.label[foo]'. |
| `k8smeta.ns.labels` | `string (list)` | None | Kubernetes namespace comma-separated key/value labels. E.g. '(foo1:bar1,foo2:bar2)'. |
| `k8smeta.deployment.name` | `string` | None | Kubernetes deployment name. |
| `k8smeta.deployment.id` | `string` | None | Kubernetes deployment ID. |
| `k8smeta.ns.labels` | `string (list)` | None | Kubernetes namespace comma-separated key/value labels. E.g. '(foo1:bar1,foo2:bar2)'. |
| `k8smeta.deployment.name` | `string` | None | Kubernetes deployment name. |
| `k8smeta.deployment.uid` | `string` | None | Kubernetes deployment UID. |
| `k8smeta.deployment.label` | `string` | Key, Required | Kubernetes deployment label. E.g. 'k8smeta.rs.label[foo]'. |
| `k8smeta.deployment.labels` | `string (list)` | None | Kubernetes deployment comma-separated key/value labels. E.g. '(foo1:bar1,foo2:bar2)'. |
| `k8smeta.svc.name` | `string (list)` | None | Kubernetes services name. Return a list with all the names of the services associated with the current pod. E.g. '(service1,service2)' |
| `k8smeta.svc.id` | `string (list)` | None | Kubernetes services ID. Return a list with all the IDs of the services associated with the current pod. E.g. '(88279776-941c-491e-8da1-95ef30f50fe8,149e72f4-a570-4282-bfa0-25307c5007e8)' |
| `k8smeta.deployment.labels` | `string (list)` | None | Kubernetes deployment comma-separated key/value labels. E.g. '(foo1:bar1,foo2:bar2)'. |
| `k8smeta.svc.name` | `string (list)` | None | Kubernetes services name. Return a list with all the names of the services associated with the current pod. E.g. '(service1,service2)' |
| `k8smeta.svc.uid` | `string (list)` | None | Kubernetes services UID. Return a list with all the UIDs of the services associated with the current pod. E.g. '(88279776-941c-491e-8da1-95ef30f50fe8,149e72f4-a570-4282-bfa0-25307c5007e8)' |
| `k8smeta.svc.label` | `string (list)` | Key, Required | Kubernetes services label. If the services associated with the current pod have a label with this name, return the list of label's values. E.g. if the current pod has 2 services associated and both have the 'foo' label, 'k8smeta.svc.label[foo]' will return '(service1-label-value,service2-label-value) |
| `k8smeta.svc.labels` | `string (list)` | None | Kubernetes services labels. Return a list with all the comma-separated key/value labels of the services associated with the current pod. E.g. '(foo1:bar1,foo2:bar2)' |
| `k8smeta.rs.name` | `string` | None | Kubernetes replica set name. |
| `k8smeta.rs.id` | `string` | None | Kubernetes replica set ID. |
| `k8smeta.svc.labels` | `string (list)` | None | Kubernetes services labels. Return a list with all the comma-separated key/value labels of the services associated with the current pod. E.g. '(foo1:bar1,foo2:bar2)' |
| `k8smeta.rs.name` | `string` | None | Kubernetes replica set name. |
| `k8smeta.rs.uid` | `string` | None | Kubernetes replica set UID. |
| `k8smeta.rs.label` | `string` | Key, Required | Kubernetes replica set label. E.g. 'k8smeta.rs.label[foo]'. |
| `k8smeta.rs.labels` | `string (list)` | None | Kubernetes replica set comma-separated key/value labels. E.g. '(foo1:bar1,foo2:bar2)'. |
| `k8smeta.rc.name` | `string` | None | Kubernetes replication controller name. |
| `k8smeta.rc.id` | `string` | None | Kubernetes replication controller ID. |
| `k8smeta.rs.labels` | `string (list)` | None | Kubernetes replica set comma-separated key/value labels. E.g. '(foo1:bar1,foo2:bar2)'. |
| `k8smeta.rc.name` | `string` | None | Kubernetes replication controller name. |
| `k8smeta.rc.uid` | `string` | None | Kubernetes replication controller UID. |
| `k8smeta.rc.label` | `string` | Key, Required | Kubernetes replication controller label. E.g. 'k8smeta.rc.label[foo]'. |
| `k8smeta.rc.labels` | `string (list)` | None | Kubernetes replication controller comma-separated key/value labels. E.g. '(foo1:bar1,foo2:bar2)'. |
| `k8smeta.rc.labels` | `string (list)` | None | Kubernetes replication controller comma-separated key/value labels. E.g. '(foo1:bar1,foo2:bar2)'. |
<!-- /README-PLUGIN-FIELDS -->

## Usage
Expand Down Expand Up @@ -77,3 +77,15 @@ The plugin doesn't have open params
### Rule Example

To see how to use the plugin fields in a Falco rule check the example rule `/k8smeta/test/rules/example_rule.yaml`.

### Build the plugin on a fresh Ubuntu 22.04 machine

```bash
sudo apt update -y
sudo apt install -y cmake build-essential autoconf libtool pkg-config
git clone https://github.com/falcosecurity/plugins.git
cd plugins/k8smeta
mkdir build && cd build
cmake ..
make k8smeta -j10
```
Loading

0 comments on commit 1cc7159

Please sign in to comment.