nomad-plugin

module

v0.0.0-...-d2a50ac Latest Latest Go to latest Published: Oct 27, 2024 License: Apache-2.0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/albertollamaso/nomad-plugin

Links

Open Source Insights

README ¶

Falcosecurity Nomad Plugin

This repositry contains the Nomad plugin, which can fetch event stream containing nomad events, parse the events, and emit sinsp/scap events (e.g. the events used by Falco) for each nomad event.

Event Source

The event source for nomad events is the /event/stream endpoint used to stream events generated by Nomad.

Supported Fields

Here is the current set of supported fields:

NAME	TYPE	ARG	DESCRIPTION
`nomad.index`	`uint64`	None	The index of the nomad event.
`nomad.alloc.name`	`string`	None	The name of the nomad allocation.
`nomad.alloc.namespace`	`string`	None	The namespace of the allocation.
`nomad.alloc.jobID`	`string`	None	The job ID of the allocation.
`nomad.alloc.clientStatus`	`string`	None	The client status of the allocation.
`nomad.alloc.images`	`string (list)`	None	The list of container images on allocations.
`nomad.alloc.images.tags`	`string (list)`	None	The tags of each container image on allocations.
`nomad.alloc.images.repositories`	`string (list)`	None	The container repositories used on allocations container images.
`nomad.alloc.taskStates.type`	`string (list)`	None	The state of the task on the allocations.
`nomad.alloc.res.cpu`	`uint64`	None	The CPU required to run this allocation in MHz.
`nomad.alloc.res.cores`	`uint64`	None	The number of CPU cores to reserve for the allocation.
`nomad.alloc.res.diskMB`	`uint64`	None	the amount of disk required for the allocation.
`nomad.alloc.res.iops`	`uint64`	None	the number of iops required for the allocation.
`nomad.alloc.res.memoryMB`	`uint64`	None	The memory required in MB for the allocation.
`nomad.alloc.res.memoryMaxMB`	`uint64`	None	The maximum memory the allocation may use.
`nomad.event.topic`	`string`	None	The topic of the nomad event.
`nomad.event.type`	`string`	None	The type of the nomad event.

Configuration

`falco.yaml` Example

plugins:
  - name: nomad
    library_path: libnomad.so
    init_config:
      address: http://127.0.0.1:4646
      token: ""
      namespace: "*"

# Optional. If not specified the first entry in plugins is used.
load_plugins: [nomad, json]

Directories ¶

Path	Synopsis
pkg
nomad This plugin is an example of plugin that supports both the event sourcing and the field extraction capabilities.	This plugin is an example of plugin that supports both the event sourcing and the field extraction capabilities.
plugin

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL