The recommended way to deploy Tetragon on a Kubernetes cluster is to use the Helm chart with Helm 3. Tetragon uses the helm.cilium.io repository to release the helm chart. Install To install the latest release of the Tetragon helm chart, use the following command. Note You can find the chart and its documentation with all available values for configuration in install/kubernetes/tetragon in the Tetragon repository. You can use any of the values and override them with --set KEY1=VALUE1,KEY2=VAL...| Installation and Configuration on Tetragon - eBPF-based Security Observabilit...
Install Stable versions To run a stable version, please check Tetragon quay repository and select which version you want. For example if you want to run the latest version which is v1.4.0 currently. docker run --name tetragon --rm -d \ --pid=host --cgroupns=host --privileged \ -v /sys/kernel/btf/vmlinux:/var/lib/tetragon/btf \ quay.io/cilium/tetragon:v1.4.0 Unstable-development versions To run unstable development versions of Tetragon, use the latest tag from Tetragon-CI quay repository. This...| Installation and Configuration on Tetragon - eBPF-based Security Observabilit...
Install Tetragon will be managed as a systemd service. Tarballs are built and distributed along the assets in the releases. Note Tetragon as of version 1.0 supports amd64 and arm64 architectures. First download the latest binary tarball, using curl for example to download the amd64 release: curl -LO https://github.com/cilium/tetragon/releases/download/v1.4.0/tetragon-v1.4.0-amd64.tar.gz Extract the downloaded archive, and start the install script to install Tetragon. Feel free to inspect the ...| Installation and Configuration on Tetragon - eBPF-based Security Observabilit...
See Tetragon Runtime Hooks, for an introduction to the topic. Install Tetragon with Runtime Hooks We use minikube as the example platform because it supports both cri-o and containerd, but the same steps can be applied to other platforms. Setup Helm helm repo add cilium https://helm.cilium.io helm repo update Setup cluster minikube with CRI-O minikube with Containerd kind (with Containerd) minikube start --driver=kvm2 --container-runtime=cri-o minikube start --driver=kvm2 --container-runtime=...| Installation and Configuration on Tetragon - eBPF-based Security Observabilit...
Verify Tetragon image signature Learn how to verify Tetragon container images signatures. Prerequisites You will need to install cosign. Verify Signed Container Images Since version 0.8.4, all Tetragon container images are signed using cosign. Let’s verify a Tetragon image’s signature using the cosign verify command: cosign verify --certificate-github-workflow-repository cilium/tetragon --certificate-oidc-issuer https://token.actions.githubusercontent.com <Image URL> | jq Note If you are ...| Installation and Configuration on Tetragon - eBPF-based Security Observabilit...
Depending on your deployment mode, Tetragon configuration can be changed by: Kubernetes Docker systemd kubectl edit cm -n kube-system tetragon-config # Change your configuration setting, save and exit # Restart Tetragon daemonset kubectl rollout restart -n kube-system ds/tetragon # Change configuration inside /etc/tetragon/ then restart container. # Example: # 1. As a privileged user, write to the file /etc/tetragon/tetragon.conf.d/export-file # the path where to export events, example "/var/...| Installation and Configuration on Tetragon - eBPF-based Security Observabilit...
Tetragon exposes a number of Prometheus metrics that can be used for two main purposes: Monitoring the health of Tetragon itself Monitoring the activity of processes observed by Tetragon For the full list, refer to metrics reference. Enable/Disable Metrics Kubernetes In a Kubernetes installation, metrics are enabled by default and exposed via the endpoint /metrics. The tetragon service exposes the Tetragon Agent metrics on port 2112, and the tetragon-operator-metrics service the Tetragon Oper...| Installation and Configuration on Tetragon - eBPF-based Security Observabilit...
To interact with Tetragon, install the Tetragon client CLI tetra| Tetragon - eBPF-based Security Observability and Runtime Enforcement