tetragon-oci-hook: support container name

Tested as follows: Containerd: ``` $ minikube start --container-runtime=containerd $ ./contrib/rthooks/minikube-install-hook.sh -l $ kubectl run ubuntu-pizza --restart=Never --image=ubuntu $ minikube ssh -- sudo cat /opt/tetragon/tetragon-oci-hook.log | \ tr -d "[:cntrl:]" | \ jq '. | select(.msg | contains("gRPC was disabled")) | ."req-containerName"' "storage-provisioner" "ubuntu-pizza" ``` Crio: ``` $ minikube start --container-runtime=cri-o $ ./contrib/rthooks/minikube-install-hook.sh -l $ kalypso:~/src/tetragon:[oci-hooks-update]> kubectl run ketchup --restart=Never --image=ubuntu pod/ketchup created $ minikube ssh -- sudo cat /opt/tetragon/tetragon-oci-hook.log | \ tr -d "[:cntrl:]" | \ jq '. | select(.msg | contains("gRPC was disabled")) | ."req-containerName"' "ketchup" ``` Signed-off-by: Kornilios Kourtis <[email protected]>
BonySmoke · Mar 25, 2024 · 84bece3 · 84bece3
1 parent 756c636
commit 84bece3
Showing 1 changed file with 21 additions and 3 deletions.
diff --git a/contrib/rthooks/tetragon-oci-hook/cmd/hook/main.go b/contrib/rthooks/tetragon-oci-hook/cmd/hook/main.go
@@ -130,6 +130,20 @@ func getCgroupPath(spec *specs.Spec) (string, error) {
 	return "", fmt.Errorf("Unknown cgroup path: %s", cgroupPath)
 }
 
+func containerNameFromAnnotations(annotations map[string]string) string {
+	// containerd
+	if val, ok := annotations["io.kubernetes.cri.container-name"]; ok {
+		return val
+	}
+
+	// crio
+	if val, ok := annotations["io.kubernetes.container.name"]; ok {
+		return val
+	}
+
+	return ""
+}
+
 // NB: the second argument is only used in case of an error, so disable revive's complains
 // revive:disable:error-return
 func createContainerHook(log *slog.Logger) (error, map[string]string) {
@@ -176,19 +190,23 @@ func createContainerHook(log *slog.Logger) (error, map[string]string) {
 		return fmt.Errorf("unable to determine either RootDir or cgroupPath, bailing out"), nil
 	}
 
+	containerName := containerNameFromAnnotations(spec.Annotations)
+
 	req := &tetragon.RuntimeHookRequest{
 		Event: &tetragon.RuntimeHookRequest_CreateContainer{
 			CreateContainer: &tetragon.CreateContainer{
-				CgroupsPath: cgroupPath,
-				RootDir:     rootDir,
-				Annotations: spec.Annotations,
+				CgroupsPath:   cgroupPath,
+				RootDir:       rootDir,
+				Annotations:   spec.Annotations,
+				ContainerName: containerName,
 			},
 		},
 	}
 
 	log = log.With(
 		"req-cgroups", cgroupPath,
 		"req-rootdir", rootDir,
+		"req-containerName", containerName,
 	)
 	if log.Enabled(context.TODO(), slog.LevelDebug) {
 		// NB: only add annotations in debug level since they are too noisy