{"id":16845047,"url":"https://github.com/phenixblue/docker-sysdig-pks","last_synced_at":"2026-04-13T16:35:08.983Z","repository":{"id":78646859,"uuid":"182383768","full_name":"phenixblue/docker-sysdig-pks","owner":"phenixblue","description":"Docker Image for running Sysdig on PKS nodes","archived":false,"fork":false,"pushed_at":"2019-09-09T19:50:23.000Z","size":98,"stargazers_count":3,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-03-18T06:29:31.777Z","etag":null,"topics":["capture","docker","image","kubernetes","pks","stemcell","sysdig","ubuntu"],"latest_commit_sha":null,"homepage":null,"language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phenixblue.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2019-04-20T09:00:05.000Z","updated_at":"2023-03-22T03:52:31.000Z","dependencies_parsed_at":"2023-07-26T09:14:10.278Z","dependency_job_id":null,"html_url":"https://github.com/phenixblue/docker-sysdig-pks","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/phenixblue/docker-sysdig-pks","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phenixblue%2Fdocker-sysdig-pks","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phenixblue%2Fdocker-sysdig-pks/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phenixblue%2Fdocker-sysdig-pks/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phenixblue%2Fdocker-sysdig-pks/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phenixblue","download_url":"https://codeload.github.com/phenixblue/docker-sysdig-pks/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phenixblue%2Fdocker-sysdig-pks/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31761985,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-13T15:25:13.801Z","status":"ssl_error","status_checked_at":"2026-04-13T15:25:09.162Z","response_time":93,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["capture","docker","image","kubernetes","pks","stemcell","sysdig","ubuntu"],"created_at":"2024-10-13T12:57:29.596Z","updated_at":"2026-04-13T16:35:08.966Z","avatar_url":"https://github.com/phenixblue.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# docker-sysdig-pks\nDocker Image for running Sysdig on PKS nodes\n\nThis was a quick and dirty hack to get the [kubectl-capture](https://github.com/sysdiglabs/kubectl-capture) plugin from Sysdig working for PKS nodes running the Ubuntu 16.04 Xenial stemcell. I'm unlikely to keep this up to date, but the general principal should remain the same if you need to improvise on versioning and such.\n\nUSE AT YOUR OWN RISK!\n\n## Build Image\n\nThis uses the existing [sysdig/sysdig](https://hub.docker.com/r/sysdig/sysdig) image, but manually loads the sysdig-probe kernel module for the specific kernel version of the underlying PKS node. \n\n### Identifying the appropriate package\n\n- As the kernel version is likely to change, you can try running the base `sysdig/sysdig` image and following the logs to see which sysdig-probe package it tries to install\n\n```bash\n* Trying to load a system sysdig-probe, if present\n* Trying to find precompiled sysdig-probe for 4.15.0-42-generic\nFound kernel config at /host/boot/config-4.15.0-42-generic\n* Trying to download precompiled module from https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/sysdig-probe-0.25-x86_64-4.15.0-42-generic-9fd133f121fd0c8ec46afcaf61cc7e51.ko\nDownload failed, consider compiling your own sysdig-probe and loading it or getting in touch with the sysdig community\n* Capturing system calls\nUnable to load the driver\nerror opening device /host/dev/sysdig0. Make sure you have root credentials and that the sysdig-probe module is loaded.\n```\n\n### Download the appropriate sysdig-probe kernel module\n\nI found that you can basically ignore the last bits past `sysdig-probe-0.25-x86_64-4.15.0-42-generic`\n\n```bash\n$ wget https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/sysdig-probe-0.25-x86_64-4.15.0-42-generic-751ae282dd3b11ba9ea4d659a9e2ffc8.ko\n\n--2019-04-20 05:26:53--  https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/sysdig-probe-0.25-x86_64-4.15.0-42-generic-751ae282dd3b11ba9ea4d659a9e2ffc8.ko\nResolving s3.amazonaws.com (s3.amazonaws.com)... 52.216.170.213\nConnecting to s3.amazonaws.com (s3.amazonaws.com)|52.216.170.213|:443... connected.\nHTTP request sent, awaiting response... 200 OK\nLength: 674592 (659K) [binary/octet-stream]\nSaving to: ‘sysdig-probe-0.25-x86_64-4.15.0-42-generic-751ae282dd3b11ba9ea4d659a9e2ffc8.ko’\n```\n\n- Edit the `Dockerfile` and `docker-entrypoint.sh` files appropriately for the local copy of the kernel module\n\n### Run Build\n\n```bash\n$ docker build -t jmsearcy/sysdig-capture .\n\nSending build context to Docker daemon  678.9kB\nStep 1/8 : FROM sysdig/sysdig\n---\u003e 8429858c7cb0\nStep 2/8 : LABEL maintainer joe@twr.io\n---\u003e Using cache\n---\u003e 7277a8548545\nStep 3/8 : ENV SYSDIG_HOST_ROOT /host\n---\u003e Using cache\n---\u003e 6fc195161501\nStep 4/8 : ENV HOME /root\n---\u003e Using cache\n---\u003e 26aa358edce2\nStep 5/8 : COPY sysdig-probe-0.24.2-x86_64-4.15.0-42-generic-751ae282dd3b11ba9ea4d659a9e2ffc8.ko /root/.sysdig\n---\u003e Using cache\n---\u003e 5536a36d9e5f\nStep 6/8 : COPY ./docker-entrypoint.sh /\n---\u003e e147b89fb7d5\nStep 7/8 : ENTRYPOINT [\"/docker-entrypoint.sh\"]\n---\u003e Running in 8cfaa2d472c0\nRemoving intermediate container 8cfaa2d472c0\napiVersion: v1\n---\u003e f93b5e7d37db\nStep 8/8 : CMD [\"bash\"]\n---\u003e Running in 9a5023a1bd2b\nRemoving intermediate container 9a5023a1bd2b\n---\u003e b5edc6526be9\nSuccessfully built b5edc6526be9\nSuccessfully tagged jmsearcy/sysdig-capture:latest\n```\n\n### Push Image\n\n```bash\n$ docker push jmsearcy/sysdig-capture\n\nThe push refers to repository [docker.io/jmsearcy/sysdig-capture]\nd13b12c9bd83: Pushed\n777e8e34691e: Layer already exists\nffd4285d34b6: Layer already exists\neaed723544b6: Layer already exists\nb6f0e96aca8d: Layer already exists\nb47c0aa6928c: Layer already exists\n460a08061286: Layer already exists\n596d5f6f5802: Layer already exists\n08fc0a3fd18f: Layer already exists\n3e3a80f2657c: Layer already exists\nd172843784d6: Layer already exists\n1c1ee869b3e7: Layer already exists\n3e59f4745922: Layer already exists\nf6dabfe7c19d: Layer already exists\n```\n\n## Deploy with kubectl plugin\n\n- https://sysdig.com/blog/tracing-in-kubernetes-kubectl-capture-plugin/\n\n- Download [kubectl-capture](https://github.com/sysdiglabs/kubectl-capture) plugin\n\n- Edit plugin script to target the new image\n\n- Edit plugin script to target the new image and the BOSH/PKS specific docker.sock\n\n    **image**\n\n    ```\n    image: jmsearcy/sysdig-capture\n    ```\n\n    **docker.sock**\n\n    ```\n    - name: docker-socket\n          path: /var/vcap/sys/run/docker/docker.sock\n    ```\n\n- Deploy to your hearts content!\n\n    ```bash\n    $ kubectl cap hello-kubernetes-2wrcl --namespace default -M 30 --snaplen 256\n\n    Sysdig is starting to capture system calls:\n\n    Node: worker-node1\n    Pod: hello-kubernetes-2wrcl\n    Duration: 30 seconds\n    Parameters for Sysdig: -S -M 30 -pk -z -w /capture-hello-kubernetes-2wrcl-1555738502.scap.gz  --snaplen 256\n\n    The capture has been downloaded to your hard disk at:\n    /home/user1/sysdig-capture/capture-hello-kubernetes-2wrcl-1555738502.scap.gz\n    ```\n\n## Use Sysdig Inspect to vew capture files\n\n- https://github.com/draios/sysdig-inspect\n- https://sysdig.com/blog/sysdig-inspect\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphenixblue%2Fdocker-sysdig-pks","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphenixblue%2Fdocker-sysdig-pks","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphenixblue%2Fdocker-sysdig-pks/lists"}