Kcna26/teo

.gitignore

@@ -5,4 +5,5 @@ temp
 resources/ebpf/falco/*
 node-agent
 __pycache__
-tracers.tar
+tracers.tar
+vendor

Makefile

@@ -4,7 +4,7 @@ BINARY_NAME=node-agent
 IMAGE?=quay.io/kubescape/$(BINARY_NAME)
 GADGETS=advise_seccomp trace_capabilities trace_dns trace_exec trace_open
 VERSION=v0.48.1
-KUBESCAPE_GADGETS=bpf exit fork hardlink http iouring_new iouring_old kmod network ptrace randomx ssh symlink unshare
+KUBESCAPE_GADGETS=bpf exit fork hardlink http iouring_new iouring_old kmod kubelet_tls network ptrace randomx ssh symlink unshare
 TAG?=test
 # TAG?=v0.0.1
 

go.mod

@@ -126,21 +126,6 @@ require (
 	github.com/armosec/utils-go v0.0.58 // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/aws/aws-sdk-go v1.55.7 // indirect
-	github.com/aws/aws-sdk-go-v2 v1.41.1 // indirect
-	github.com/aws/aws-sdk-go-v2/config v1.32.7 // indirect
-	github.com/aws/aws-sdk-go-v2/credentials v1.19.7 // indirect
-	github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.17 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/configsources v1.4.17 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/endpoints/v2 v2.7.17 // indirect
-	github.com/aws/aws-sdk-go-v2/internal/ini v1.8.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ecs v1.71.0 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding v1.13.4 // indirect
-	github.com/aws/aws-sdk-go-v2/service/internal/presigned-url v1.13.17 // indirect
-	github.com/aws/aws-sdk-go-v2/service/signin v1.0.5 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sso v1.30.9 // indirect
-	github.com/aws/aws-sdk-go-v2/service/ssooidc v1.35.13 // indirect
-	github.com/aws/aws-sdk-go-v2/service/sts v1.41.6 // indirect
-	github.com/aws/smithy-go v1.24.0 // indirect
 	github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect
 	github.com/becheran/wildmatch-go v1.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
@@ -418,6 +403,7 @@ require (
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	go4.org v0.0.0-20230225012048-214862532bf5 // indirect
 	go4.org/netipx v0.0.0-20231129151722-fdeea329fbba // indirect
+	golang.org/x/arch v0.24.0 // indirect
 	golang.org/x/crypto v0.46.0 // indirect
 	golang.org/x/exp v0.0.0-20250718183923-645b1fa84792 // indirect
 	golang.org/x/image v0.18.0 // indirect
@@ -458,4 +444,6 @@ require (
 	zombiezen.com/go/sqlite v1.4.0 // indirect
 )
 
-replace github.com/inspektor-gadget/inspektor-gadget => github.com/matthyx/inspektor-gadget v0.0.0-20260203101533-6ef87216d3dd
+replace github.com/inspektor-gadget/inspektor-gadget => github.com/dorkamotorka/inspektor-gadget v0.0.0-20260228094312-bf5c2eaa6a48
+
+replace github.com/kubescape/storage => github.com/k8sstormcenter/storage v0.0.240-0.20260220214509-f4507e8afed1

pkg/config/config.go

@@ -39,6 +39,7 @@ type Config struct {
 	DHttp                          bool                                 `mapstructure:"dHttp"`
 	DIouring                       bool                                 `mapstructure:"dIouring"`
 	DKmod                          bool                                 `mapstructure:"dKmod"`
+	DKubeletTLS                    bool                                 `mapstructure:"dKubeletTLS"`
 	DNSCacheSize                   int                                  `mapstructure:"dnsCacheSize"`
 	DNetwork                       bool                                 `mapstructure:"dNetwork"`
 	DOpen                          bool                                 `mapstructure:"dOpen"`

pkg/containerwatcher/v2/container_watcher.go

@@ -158,6 +158,9 @@ func CreateContainerWatcher(
 	// Create worker pool for processing individual events
 	workerPool, err := ants.NewPoolWithFunc(cfg.WorkerPoolSize, func(i interface{}) {
 		enrichedEvent := i.(*events.EnrichedEvent)
+		//if enrichedEvent.Event.GetEventType() == utils.KubeletTLSEventType {
+    //  fmt.Printf("TeoX: Processing kubelet_tls event!\n")
+    //} else { fmt.Printf("TeoY: Processing other event!\n") }
 		eventHandlerFactory.ProcessEvent(enrichedEvent)
 		if enrichedEvent.Event.GetEventType() != utils.SyscallEventType {
 			enrichedEvent.Event.Release() // at this time we should not need the event anymore
@@ -462,6 +465,7 @@ func (cw *ContainerWatcher) processQueueBatch() {
 
 func (cw *ContainerWatcher) enrichAndProcess(entry EventEntry) {
 	enrichedEvent := cw.eventEnricher.EnrichEvents(entry)
+  //fmt.Printf("Teo3: Just pulled the %+v event of type %s from the Queue and enriched it %+v\n", entry, string(entry.EventType), enrichedEvent)
 
 	select {
 	case cw.workerChan <- enrichedEvent:

pkg/containerwatcher/v2/container_watcher_collection.go

@@ -108,22 +108,27 @@ func (cw *ContainerWatcher) StartContainerCollection(ctx context.Context) error
 
 	// Create virtual host container if host monitoring enabled
 	if cw.cfg.HostMonitoringEnabled {
+		fmt.Println("TeoTeo: HostMonitoringEnabled")
 		virtualHostContainer, err := GetHostAsContainer()
 		if err != nil {
 			logger.L().Warning("ContainerManager - failed to create virtual host container",
 				helpers.Error(err))
 		} else {
+			fmt.Println("TeoTeo: Adding Host Container HostMonitoringEnabled")
 			cw.containerCollection.AddContainer(virtualHostContainer)
 
+			fmt.Println("TeoTeo: Adding Host Container - calling containerCallback")
 			// Manually trigger callbacks to ensure context detection runs
 			cw.containerCallback(containercollection.PubSubEvent{
 				Type:      containercollection.EventTypeAddContainer,
 				Container: virtualHostContainer,
 			})
 
+			fmt.Println("TeoTeo: Adding Host Container - donedone")
 			logger.L().Info("ContainerManager - virtual host container created",
 				helpers.String("mntns", fmt.Sprintf("%d", virtualHostContainer.Mntns)),
-				helpers.String("pid", fmt.Sprintf("%d", virtualHostContainer.Runtime.ContainerPID)))
+				helpers.String("pid", fmt.Sprintf("%d", virtualHostContainer.Runtime.ContainerPID)),
+				helpers.String("id", fmt.Sprintf("%s", virtualHostContainer.Runtime.ContainerID)))
 		}
 	}
 

pkg/containerwatcher/v2/event_enricher.go

@@ -30,6 +30,9 @@ func (ee *EventEnricher) EnrichEvents(entry EventEntry) *ebpfevents.EnrichedEven
 
 	eventType := entry.EventType
 	event := entry.Event
+  if eventType == utils.KubeletTLSEventType {
+    fmt.Printf("TeoZ: ContainerID in EnrichEvents is %s", entry.ContainerID)
+  }
 
 	if isProcessTreeEvent(eventType) {
 		if err := ee.processTreeManager.ReportEvent(eventType, event); err != nil {

pkg/containerwatcher/v2/event_handler_factory.go

@@ -1,6 +1,7 @@
 package containerwatcher
 
 import (
+  "fmt"
 	mapset "github.com/deckarep/golang-set/v2"
 	"github.com/goradd/maps"
 	containercollection "github.com/inspektor-gadget/inspektor-gadget/pkg/container-collection"
@@ -173,32 +174,55 @@ func NewEventHandlerFactory(
 
 // ProcessEvent processes an event through all registered handlers
 func (ehf *EventHandlerFactory) ProcessEvent(enrichedEvent *events.EnrichedEvent) {
+	eventTypeTest := enrichedEvent.Event.GetEventType()
+  if eventTypeTest == utils.KubeletTLSEventType {
+    fmt.Printf("Teo4-before: Got the %s enriched event!\n", eventTypeTest)
+  }
+
+  // TODO: THIS IS RETURNING WHICH THEN BLOCKS PROCESSING OF THE MESSAGE
 	if enrichedEvent.ContainerID == "" {
+    	fmt.Println("Teo-ContainerId is empty - returning")
 		return
 	}
 
 	// Get container information to check if it should be ignored
+  /*
 	container, err := ehf.getContainerInfo(enrichedEvent.ContainerID)
 	if err != nil || container == nil {
+    	fmt.Println("Teo-containerInfo is empty - returning")
 		return
 	}
 
 	if ehf.cfg.IgnoreContainer(container.K8s.Namespace, container.K8s.PodName, container.K8s.PodLabels) {
+    fmt.Println("Teo-ignoredContainer - returning")
 		return
 	}
+  */
 
 	// Get handlers for this event type
 	eventType := enrichedEvent.Event.GetEventType()
+  if eventType == utils.KubeletTLSEventType {
+    fmt.Printf("Teo4-after: Got the %s enriched event!\n", eventType)
+  } else { fmt.Printf("Teo4-other: Got the %s enriched event!\n", eventType) }
 	handlers, exists := ehf.handlers[eventType]
 	if !exists {
 		return
 	}
+  if eventType == utils.KubeletTLSEventType {
+    fmt.Printf("Teo4: FOUND THE HANDLER for %s TO HANDLE IT!\n", eventType)
+  }
 
 	// Process event through each handler
 	for _, handler := range handlers {
 		if enrichedHandler, ok := handler.(containerwatcher.EnrichedEventReceiver); ok {
+			if eventType == utils.KubeletTLSEventType {
+				fmt.Println("Teo5: ReportEnrichedEvent() called")
+			}
 			enrichedHandler.ReportEnrichedEvent(enrichedEvent)
 		} else if handler, ok := handler.(containerwatcher.EventReceiver); ok {
+			if eventType == utils.KubeletTLSEventType {
+				fmt.Println("Teo5: ReportEvent() called")
+			}
 			handler.ReportEvent(eventType, enrichedEvent.Event)
 		}
 	}
@@ -253,6 +277,9 @@ func (ehf *EventHandlerFactory) registerHandlers(
 	// IoUring events
 	ehf.handlers[utils.IoUringEventType] = []Manager{ruleManager, metrics, rulePolicy}
 
+	// KubeletTLS events
+	ehf.handlers[utils.KubeletTLSEventType] = []Manager{ruleManager, metrics}
+
 	// Syscall events
 	ehf.handlers[utils.SyscallEventType] = []Manager{containerProfileManager, ruleManager, metrics}
 

pkg/containerwatcher/v2/ordered_event_queue.go

@@ -2,6 +2,7 @@ package containerwatcher
 
 import (
 	"time"
+  "fmt"
 
 	"github.com/kubescape/go-logger"
 	"github.com/kubescape/go-logger/helpers"
@@ -45,6 +46,7 @@ func (oeq *OrderedEventQueue) AddEventDirect(eventType utils.EventType, event ut
 		ContainerID: containerID,
 		ProcessID:   processID,
 	}
+  fmt.Printf("Teo: %s (containerID: %s)\n", eventType, containerID)
 
 	priority := timestamp.UnixNano()
 	oeq.eventQueue.Push(eventEntry, priority)

pkg/containerwatcher/v2/tracers/bpf.go

@@ -107,7 +107,7 @@ func (bt *BpfTracer) eventOperator() operators.DataOperator {
 		simple.OnInit(func(gadgetCtx operators.GadgetContext) error {
 			for _, d := range gadgetCtx.GetDataSources() {
 				err := d.Subscribe(func(source datasource.DataSource, data datasource.Data) error {
-					bt.callback(&utils.DatasourceEvent{Datasource: d, Data: source.DeepCopy(data), EventType: utils.BpfEventType})
+					bt.callback(&utils.DatasourceEvent{Datasource: d, Data: data, EventType: utils.BpfEventType})
 					return nil
 				}, opPriority)
 				if err != nil {

pkg/containerwatcher/v2/tracers/capabilities.go

@@ -108,7 +108,7 @@ func (ct *CapabilitiesTracer) eventOperator() operators.DataOperator {
 		simple.OnInit(func(gadgetCtx operators.GadgetContext) error {
 			for _, d := range gadgetCtx.GetDataSources() {
 				err := d.Subscribe(func(source datasource.DataSource, data datasource.Data) error {
-					ct.callback(&utils.DatasourceEvent{Datasource: d, Data: source.DeepCopy(data), EventType: utils.CapabilitiesEventType})
+					ct.callback(&utils.DatasourceEvent{Datasource: d, Data: data, EventType: utils.CapabilitiesEventType})
 					return nil
 				}, opPriority)
 				if err != nil {

pkg/containerwatcher/v2/tracers/dns.go

@@ -119,7 +119,7 @@ func (dt *DNSTracer) eventOperator() operators.DataOperator {
 		simple.OnInit(func(gadgetCtx operators.GadgetContext) error {
 			for _, d := range gadgetCtx.GetDataSources() {
 				err := d.Subscribe(func(source datasource.DataSource, data datasource.Data) error {
-					dt.callback(&utils.DatasourceEvent{Datasource: d, Data: source.DeepCopy(data), EventType: utils.DnsEventType})
+					dt.callback(&utils.DatasourceEvent{Datasource: d, Data: data, EventType: utils.DnsEventType})
 					return nil
 				}, opPriority)
 				if err != nil {

pkg/containerwatcher/v2/tracers/exec.go

@@ -111,7 +111,7 @@ func (et *ExecTracer) eventOperator() operators.DataOperator {
 		simple.OnInit(func(gadgetCtx operators.GadgetContext) error {
 			for _, d := range gadgetCtx.GetDataSources() {
 				err := d.Subscribe(func(source datasource.DataSource, data datasource.Data) error {
-					et.callback(&utils.DatasourceEvent{Datasource: d, Data: source.DeepCopy(data), EventType: utils.ExecveEventType})
+					et.callback(&utils.DatasourceEvent{Datasource: d, Data: data, EventType: utils.ExecveEventType})
 					return nil
 				}, opPriority)
 				if err != nil {

pkg/containerwatcher/v2/tracers/exit.go

@@ -106,7 +106,7 @@ func (et *ExitTracer) eventOperator() operators.DataOperator {
 		simple.OnInit(func(gadgetCtx operators.GadgetContext) error {
 			for _, d := range gadgetCtx.GetDataSources() {
 				err := d.Subscribe(func(source datasource.DataSource, data datasource.Data) error {
-					et.callback(&utils.DatasourceEvent{Datasource: d, Data: source.DeepCopy(data), EventType: utils.ExitEventType})
+					et.callback(&utils.DatasourceEvent{Datasource: d, Data: data, EventType: utils.ExitEventType})
 					return nil
 				}, opPriority)
 				if err != nil {

pkg/containerwatcher/v2/tracers/fork.go

@@ -106,7 +106,7 @@ func (ft *ForkTracer) eventOperator() operators.DataOperator {
 		simple.OnInit(func(gadgetCtx operators.GadgetContext) error {
 			for _, d := range gadgetCtx.GetDataSources() {
 				err := d.Subscribe(func(source datasource.DataSource, data datasource.Data) error {
-					ft.callback(&utils.DatasourceEvent{Datasource: d, Data: source.DeepCopy(data), EventType: utils.ForkEventType})
+					ft.callback(&utils.DatasourceEvent{Datasource: d, Data: data, EventType: utils.ForkEventType})
 					return nil
 				}, opPriority)
 				if err != nil {

pkg/containerwatcher/v2/tracers/hardlink.go

@@ -107,7 +107,7 @@ func (ht *HardlinkTracer) eventOperator() operators.DataOperator {
 		simple.OnInit(func(gadgetCtx operators.GadgetContext) error {
 			for _, d := range gadgetCtx.GetDataSources() {
 				err := d.Subscribe(func(source datasource.DataSource, data datasource.Data) error {
-					ht.callback(&utils.DatasourceEvent{Datasource: d, Data: source.DeepCopy(data), EventType: utils.HardlinkEventType})
+					ht.callback(&utils.DatasourceEvent{Datasource: d, Data: data, EventType: utils.HardlinkEventType})
 					return nil
 				}, opPriority)
 				if err != nil {

pkg/containerwatcher/v2/tracers/http.go

@@ -121,7 +121,7 @@ func (ht *HTTPTracer) eventOperator() operators.DataOperator {
 		simple.OnInit(func(gadgetCtx operators.GadgetContext) error {
 			for _, d := range gadgetCtx.GetDataSources() {
 				err := d.Subscribe(func(source datasource.DataSource, data datasource.Data) error {
-					ht.callback(&utils.DatasourceEvent{Datasource: d, Data: source.DeepCopy(data), EventType: utils.HTTPEventType})
+					ht.callback(&utils.DatasourceEvent{Datasource: d, Data: data, EventType: utils.HTTPEventType})
 					return nil
 				}, opPriority)
 				if err != nil {

pkg/containerwatcher/v2/tracers/iouring.go

@@ -121,7 +121,7 @@ func (it *IoUringTracer) eventOperator() operators.DataOperator {
 		simple.OnInit(func(gadgetCtx operators.GadgetContext) error {
 			for _, d := range gadgetCtx.GetDataSources() {
 				err := d.Subscribe(func(source datasource.DataSource, data datasource.Data) error {
-					it.callback(&utils.DatasourceEvent{Datasource: d, Data: source.DeepCopy(data), EventType: utils.IoUringEventType})
+					it.callback(&utils.DatasourceEvent{Datasource: d, Data: data, EventType: utils.IoUringEventType})
 					return nil
 				}, opPriority)
 				if err != nil {

pkg/containerwatcher/v2/tracers/kmod.go

@@ -107,7 +107,7 @@ func (kt *KmodTracer) eventOperator() operators.DataOperator {
 		simple.OnInit(func(gadgetCtx operators.GadgetContext) error {
 			for _, d := range gadgetCtx.GetDataSources() {
 				err := d.Subscribe(func(source datasource.DataSource, data datasource.Data) error {
-					kt.callback(&utils.DatasourceEvent{Datasource: d, Data: source.DeepCopy(data), EventType: utils.KmodEventType})
+					kt.callback(&utils.DatasourceEvent{Datasource: d, Data: data, EventType: utils.KmodEventType})
 					return nil
 				}, opPriority)
 				if err != nil {