Use an init container to facilitate the incorporation of the agent into the containers to be monitored. An init container is an auxiliary container that runs before the main container and is commonly used to perform initialization or configuration tasks before the main container starts running. Once it has fulfilled its function, the init container stops and stops consuming resources.
Instead of directly copying the agent into the containers to be monitored, an init container is used in the Kubernetes manifest. This init container will be responsible for copying the agent to the required path within the main container before it starts running. In this way, it is not necessary to modify the construction of the images, only their deployment.
The agent is copied through a volume temporarily shared between the init container and the container of the application/service to be monitored. The image with the init container will be supplied from the DOCair repository with the agent already inside.
In the example below, the “/mnt” path of the init container is mounted to “/usr/local/bin/” of the target container to be monitored. The entrypoint is then defined
.#!/bin/bash
DOCAIR_API_FQDN=’https://api.docair.docexploit.local/v1′
#DOCAIR_API_FQDN=’https://api.docair.docexploit.com/v1′
API_ENDPOINT_AGENT=’event’
API_ENDPOINT_DOCAIR=’event/api’
#
API_NAME=’docair-api’
API_VERSION=’0.0.2b’
DOCKERFILE=’tools/docker/Dockerfile’
MANIFEST=’tools/kubernetes’
#
SECRET_API_KEY=’815a2a92-4ad6-4ddb-8d4e-d406d76a9c18′
SECRET_CLUTER_KEY=’1ad4bc26-1463-418e-99f8-36453fba3fd1′
#SECRET_API_KEY=’0a520c80-0d24-4735-b7b1-9b6287d74816′
#SECRET_CLUTER_KEY=’97177236-2380-4f72-998f-c52087e40610′
#
NAMESPACE=’docair-client’
#
if [ $# -eq 1 ]; then
if [ “$1” == “dev” ]; then
DOCKERFILE=”tools/docker/dev.Dockerfile”
fi
fi
9
