Configure the Linux Agent to Monitor CRI-O

Linux Agents 3.2.0 and later support CRI-O as a container runtime for Kubernetes deployment. CRI-O is a Container Runtime Interface (CRI) compatible container runtime for Kubernetes. It is a lightweight alternative to Docker and utilizes the OpenShift platform.

Note

CRI-O monitoring in Linux Agent 3.2.0 does not have feature parity with containerd and Docker monitoring. Improvements to follow in future releases.

Configure CRI-O without a Kubernetes Cluster

To configure the Linux Agent to monitor CRI-O without using a Kubernetes cluster, run the following command:

sudo tsagent config --set container_runtimes.crio.enabled 1
Configure CRI-O Using a Kubernetes Cluster
Using the Helm Chart

To configure the Linux Agent to monitor CRI-O using the Helm chart, set the enableCrio value to true.

Example:

daemonset:
	enableCrio: true

For more information about the Helm chart, see Deploy Containerized Agent Using Helm Chart.

Using an OpenShift Cluster

To configure the Linux Agent to monitor CRI-O using an OpenShift cluster, set the following values to true in the Helm chart:

openShift: true
daemonset:
	enableCrio: true

For more information about the Helm chart, see Deploy Containerized Agent Using Helm Chart.

Support for CRI-O Runtime Monitoring on OpenShift: Known Limitations

  • Distributed Cloud AIP does not support the collection of host or login events on OpenShift or Red Hat Enterprise Linux CoreOS (RHCOS).

  • Distributed Cloud AIP does not support vulnerability monitoring on OpenShift or RHCOS.

  • The Agent does not log fanotify (MODIFY, OPEN, CLOSE) events for containers created after the Agent deploys.

  • Due to limitations in OpenShift storage configuration, containers (such as the Linux Agent) which mount the host filesystem to view host and container files do not have visibility into overlay file systems of other containers that are started after you create this host filesystem mount.

    • OpenShift does not support “HostToContainer” mount propagation.

    • This will be improved in a future OpenShift release.

Using the DaemonSet

To configure the Linux Agent to monitor CRI-O using the DaemonSet, add the key/value pair container_runtimes.crio.enabled true to THREATSTACK_CONFIG_ARGS.

Was this article helpful?
0 out of 0 found this helpful