30-04-2024 Aarixa training event @BrewdogBrussels
Notes on containers, kubernetes and LLM apps
Previous02-05-2024 23rd Belgium NLP Meetup @InThePocketNext01-02-2024 Belgium Kubernetes and Cloud Native Meetup @Google Brussels
Last updated
Notes on containers, kubernetes and LLM apps
Last updated
ubuntu machine
public ip address
security group 80, 443, 8080, 8081
curl -fsSL https://get.docker.com -o get-docker.sh
sudo sh ./get-docker.shsudo groupadd docker
sudo usermod -aG docker $USER
newgrp dockerexport IP="x.x.x.x"docker run -d -p 8080:80 --name www nginx:1.24docker run -d -p 8081:80 --name www2 nginx:1.25curl -kv $IP:8080curl -kv $IP:8081mkdir ./lab1
cd lab1echo "My Annacon secret" >./secret.txtcat >Dockerfile <<EOF
FROM ubuntu:20.04
ADD ./secret.txt /secret.txt
RUN apt-get update && apt-get install -y curl netcat
RUN rm -f /secret.txt
CMD bash
EOFdocker build -t myimage ./.docker run -it myimagedocker tag myimage xxradar/myimage:01docker logindocker push xxradar/myimage:01docker run -it xxradar/myimage:01docker run -d --privileged --name www3 nginx:1.25docker exec -it www3 bashmkdir /tmp/host-fs
mount /dev/vda1docker run --name tracee --rm -it \
--pid=host \
--cgroupns=host \
--privileged \
-v /etc/os-release:/etc/os-release-host:ro \
aquasec/tracee:latestsudo curl -s https://falco.org/repo/falcosecurity-packages.asc |sudo apt-key add -
sudo echo "deb https://download.falco.org/packages/deb stable main" | sudo tee -a /etc/apt/sources.list.d/falcosecurity.list
sudo apt-get update -y
sudo apt-get install -y falco
- rule: spawned_process_in_test_container
desc: A process was spawned in the test container.
condition: container.name = "falco-test" and evt.type = execve
output: "%evt.time,%user.uid,%proc.name,%container.id,%container.name,command=%proc.cmdline"
priority: WARNINGfalco -r ./falco.rule
....docker run -d --name tetragon-container --rm --pull always \
--pid=host \
--cgroupns=host \
--privileged \
-v /sys/kernel/btf/vmlinux:/var/lib/tetragon/btf \
quay.io/cilium/tetragon-ci:latestdocker exec tetragon-container tetra getevents -o compactroot@ip-172-31-31-30:~# cat ./tracing_policy.yaml
# This tracing policy 'connect-only-local-addrs' will report attempts
# to make outbound TCP connections to any IP address other than those
# within the 127.0.0.0/8 CIDR, from the binary /usr/bin/curl. In
# addition it will also kill the offending curl process.
#
# Description:
# Report and block outbound TCP connections outside loopback from
# /usr/bin/curl.
#
# In production, this could be used to force processes to only connect
# to their side cars on their local loopback, and to treat transgressions
# as evidence of malicious activity, resulting in the process being
# killed.
apiVersion: cilium.io/v1alpha1
kind: TracingPolicy
metadata:
name: "connect-only-local-addrs"
spec:
kprobes:
- call: "tcp_connect"
syscall: false
args:
- index: 0
type: "sock"
selectors:
- matchArgs:
- index: 0
operator: "NotDAddr"
values:
- "127.0.0.0/8"
matchBinaries:
- operator: "In"
values:
- "/usr/bin/curl"
matchActions:
- action: Sigkilldocker run -d --name tetragon-container --rm --pull always \
--pid=host --cgroupns=host --privileged \
-v $PWD/tracing_policy.yaml:/tracing_policy.yaml \
-v /sys/kernel/btf/vmlinux:/var/lib/tetragon/btf \
quay.io/cilium/tetragon-ci:latest \
--tracing-policy /tracing_policy.yaml