红帽全球峰会5.4. Updating kernel support packages in offline mode
Support packages are deprecated and have no effect on secured clusters running version 4.5 or later. Support package uploads only affect secured clusters on version 4.4 and earlier.
Collector monitors the runtime activity for each node in your secured clusters. To monitor the activities, Collector requires probes in the form of eBPF programs.
With the CORE_BPF collection method, the probe is not specific to any kernel version, and can still be used after the underlying kernel has been updated. This collection method does not require you to provide or update a support package.
Instead, when you use the collection method EBPF, the probes are specific to the Linux kernel version installed on the host. The Collector image contains a set of built-in probes for the kernels supported at release time. However, later kernels will require newer probes.
When Red Hat Advanced Cluster Security for Kubernetes runs in normal mode (connected to the internet), Collector automatically downloads a new probe if the required probe is not built in.
In offline mode, you can manually download packages containing probes for all recent and supported Linux kernel versions and upload them to Central. Collectors then download these probes from Central.
Collector checks for the new probes in the following order. It checks:
- The existing Collector image.
- The kernel support package (if you have uploaded one to Central).
- A Red Hat-operated server available on the internet. Collector uses Central’s network connection to check and download the probes.
If Collector does not get new probes after checking, it reports a CrashLoopBackoff event.
If your network configuration restricts outbound traffic, you can manually download packages containing probes for all recent and supported Linux kernel versions and upload them to Central. Collectors then download these probes from Central, thus avoiding any outbound internet access.
5.4.1. Downloading kernel support packages
Support packages are deprecated and have no effect on secured clusters running version 4.5 or later. Support package uploads only affect secured clusters on version 4.4 and earlier.
If you are running Red Hat Advanced Cluster Security for Kubernetes in offline mode, you can download packages containing probes for all recent and supported Linux kernel versions and then upload them to Central.
Procedure
- View and download available support packages from https://install.stackrox.io/collector/support-packages/index.html. The kernel support packages list categorizes support packages based on Red Hat Advanced Cluster Security for Kubernetes version.
5.4.2. Uploading kernel support packages to Central
You can upload the kernel support packages containing probes for all recent and supported Linux kernel versions to Central.
Prerequisites
- You must have an API token with the administrator role.
-
You must have installed the
roxctlcommand-line interface (CLI).
Procedure
Set the
ROX_API_TOKENand theROX_CENTRAL_ADDRESSenvironment variables:$ export ROX_API_TOKEN=<api_token>
$ export ROX_CENTRAL_ADDRESS=<address>:<port_number>Run the following command to upload the kernel support packages:
$ roxctl collector support-packages upload <package_file> \ -e "$ROX_CENTRAL_ADDRESS"
- When you upload a new support package that includes content uploaded to Central previously, only new files are uploaded.
When you upload a new support package that includes files with the same name but different contents than those present on the Central,
roxctlshows a warning message and does not overwrite files.-
You can use the
--overwriteoption with the upload command to overwrite the files.
-
You can use the
- When you upload a support package that contains a required probe, Central does not make any outbound requests (to the internet) for downloading this probe. Central uses the probe from the support package.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}