Ramon:
cant seem to figure out this falco lab, im looking at the output from journalctl but im not seeing the name of the pod nor namespace. I also checked syslogs as its configured to write to syslogs…nada
RP:
when you run journalctl -fu falco, you can see this:
11:15:37.028019693: Error Package management process launched in container (user=root user_loginuid=-1 command=apt update container_id=685bf6feaafa container_name=k8s_simple-webapp-1_simple-webapp-1_critical-apps_37c708e6-3f82-4e1c-addc-e1ee28a399f9_0 image=nginx:latest)
root@controlplane:/# kubectl get namespaces
NAME STATUS AGE
critical-apps Active 5m23s
default Active 32m
kube-node-lease Active 32m
kube-public Active 32m
kube-system Active 32m
staging-area Active 5m24s
root@controlplane:/#
root@controlplane:/# kubectl get pods -n critical-apps
NAME READY STATUS RESTARTS AGE
simple-webapp-1 1/1 Running 0 8m22s
root@controlplane:/#
Ramon:
Thanks, I was seeing that, just didn’t click how to put it all together. Appreciate the help!