- For docker, kubernetes, and podman containers we now start collecting extra metadata such as:
- container name
- container hostname
- image name
- image ref
- image tags
- pod namespace
- pod name
- Depending on the system, we may not be able to gather some of the metadata in certain cases, such as short-lived containers or nested containers.
- Kubernetes containers: We support containerd and cri-o as the kubernetes runtimes.
- Podman containers: The API socket must be enabled to gather the metadata. The socket must be in its default path:
/run/user/$USER_ID/podman/podman.sockfor rootless containers, and
/run/podman/podman.sockfor root containers.
- Docker containers: If the socket is managed by systemd, we expect the socket to be in its default path:
- Support for eBPF filemod on systems whose kernels were compiled with CONFIG_SECURITY_PATH is disabled. In practice we have seen this be the case on older RHEL-like environments (e.g., fedora and some older AWS Linux kernels.)
- In containerized deployments of the sensor, tracefs always mount if not available. This mount will only affect the container in which the sensor is deployed.
- Be more resilient on detecting podman containers.
- Be more resilient about possible sensor restarts caused by a resource-starved system during sensor boot up.