So if you want to see me live demo this check out my live stream at 11am Pacific at twitch.tv/setns on Friday. I will post the recording here after it’s done.
So if you have been following along on Twitter you have probably seen my talking about my new server cabinet I have been working on, as well as a few tweets about running Falco on ARM.
So recently I joined Sysdig, Inc as chief OSS and I have been hacking on the kernel and our open source security tools for the past few months.
If you have ever used
falco then yeah – we are THOSE folks. Falco is written in C++ and uses either a kernel module or a BPF probe to trace system call events in the Linux kernel. It’s fairly complicated to get all the pieces installed and working well on a Linux system, let alone a Kubernetes system.
So I figured everyone could use a fun project during the apocalypse including myself. So today I made a few branches of Linux, Falco, and Kubernetes and got everything dialed in nicely and compiling on ARMv7
So if you are interested in Kubernetes and Linux security, if you enjoy free and open source software, and if you have a raspberry pi or another arm board laying around please follow along and try out my distro I slapped together today.
So let’s understand what we have going on here.
So I put together an image that should make this is easy as pi (pun intended) to set up. It’s my operating system so if you don’t like I don’t care. Get off my lawn.
What is inside NOVIX?
|Kernel||Linux novix 4.19.118-1-ARCH armv7l GNU/Linux|
|Operating System Base||Arch Linux|
|Tested on Chips||RaspberryPi 3/4 (armv7) Raspberry Pi 1 B (armv6)|
Where do I get NOVIX?
See the latest RELEASE on GitHub
Included in the image:
- Kernel headers
- Falco objects
- Kubernetes binaries
Setting up NOVIX on a Raspberry Pi 3/4
I am assuming you are running Linux, if you aren’t you should probably start. Otherwise you can duck duck go how to do this on Windows or a Mac – I am sure there are a lot of resources out there.
Download NOVIX and flash to your SD card
mkdir ~/novix && cd ~/novix fdisk -l # Use this command to find your SD card (mine is usually /dev/sdc) umount/dev/sdc* fdisk /dev/sdc # (Use the device that matches your SD card from above)
At the fdisk prompt, delete old partitions and create a new one:
Type o. This will clear out any partitions on the drive.
Type p to list partitions. There should be no partitions left.
Type n, then p for primary, 1 for the first partition on the drive, press ENTER to accept the default first sector, then type +110M for the last sector.
Type t, then c to set the first partition to type W95 FAT32 (LBA).
Type n, then p for primary, 2 for the second partition on the drive, and then press ENTER twice to accept the default first and last sector.
Write the partition table and exit by typing w.
Now format the boot partition
And now the root partition
And now let’s set up our sd card
wget https://nivenly.com/novix/novix-1.0.1-armv7.img.gz gunzip --stdout novix-1.0.1-armv7.img.gz | sudo dd bs=4M of=/dev/sdc sync
If you get stuck check out the official installation guide and just use my image instead of the one they suggest.
A better example can be found at the official arm for arch linux installation guide
Throw the SD card into the back of your raspberry pi, hook it up to your network, and give it some power. You should see a solid light and a blinky light on the card (not the network) indicating that your pi is online.
SSH into your NOVIX instance
Now we are assuming you have a lovely DHCP server online somewhere and your pi should now be on your network. Find it’s IP address by pulling client lists from your networking gear, arping, guessing, nmap, whatever. I just went into my unifi dashboard and there it was!
|Default NOVIX Username||Default NOVIX Password|
ssh email@example.com cat README
Notice if you type
novix and hit tab to complete there are a handful of handy commands.
Falco should come precompiled. The kernel module should be loaded and the daemon should already be running.
Kubernetes 1.18 should also be baked into the image and all dependencies should already be installed and configured.
The Kubernetes Master
Start by setting up a master. Pick a hostname you want to use for your master (NOTE: you should also probably put this in
/etc/hosts on all the machines in your cluster)
In this example we will use
novix-master for our hostname. Set it using the following command
Now start your master server
You should see the output of
kubeadm giving you a “join command” that should look something like
kubeadm join 10.0.0.44:443 --token uvjdta.h41bhz0aw5scnvka \
Note the following:
Now install Calico CNI on your cluster.
The Kubernetes Node(s)
Set up a new novix machine as one of your nodes. Set a new hostname.
Now either run the pasted
kubeadm join command above, or you can try
novix.k8s-join 10.0.0.43 uvjdta.h41bhz0aw5scnvka sha256:0d0c32d30ab1dd2a5f3ca6f1d83b61aba9204bf6f8aa8f76e6c50ee37becb6ba
As long as everything can route you should now have a working kubernetes cluster with Falco.