filters/cel: add k8s ip and cidr library functions #3211

will-isovalent · 2024-12-11T20:10:35Z

This simple PR adds CIDR and IP helpers from the k8s CEL libraries to our CEL filters.
This should enable users to write export filters in CEL that match IPs in kprobe events
using CIDR ranges etc.

For example, the following CEL expression written as a CEL filter would match kprobe
events where the first argument contains a socket with source address in CIDR range
10.0.0.0/16:

cidr('10.0.0.0/16').containsIP(process_kprobe.args[0].sock_arg.saddr)

The specific documentation for these CEL libraries is available here:

- add IP and CIDR helpers to CEL filters

This simple PR adds CIDR and IP helpers from the k8s CEL libraries to our CEL filters. This should enable users to write export filters in CEL that match IPs in kprobe events using CIDR ranges etc. For example, the following CEL expression written as a CEL filter would match kprobe events where the first argument contains a socket with source address in CIDR range 10.0.0.0/16: cidr('10.0.0.0/16').containsIP(process_kprobe.args[0].sock_arg.saddr) The specific documentation for these CEL libraries is available here: - https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#CIDR - https://pkg.go.dev/k8s.io/apiserver/pkg/cel/library#IP Signed-off-by: William Findlay <[email protected]>

Add CIDR and IP CEL extensions to the docs by sneaking them in through gRPC API documentation. A subsequent commit will add similar docs to the event filtering documentation. Signed-off-by: William Findlay <[email protected]>

Add docs for missing event filter types: - cel - container_id - in_init_tree Signed-off-by: William Findlay <[email protected]>

netlify · 2024-12-11T20:11:32Z

✅ Deploy Preview for tetragon ready!

Name	Link
🔨 Latest commit	`e1159a4`
🔍 Latest deploy log	https://app.netlify.com/sites/tetragon/deploys/6759f1bed68e6f0008c3a693
😎 Deploy Preview	https://deploy-preview-3211--tetragon.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

michi-covalent

i like it

will-isovalent added 3 commits December 11, 2024 14:57

api: ensure CIDR and IP CEL extensions are documented

59477f0

Add CIDR and IP CEL extensions to the docs by sneaking them in through gRPC API documentation. A subsequent commit will add similar docs to the event filtering documentation. Signed-off-by: William Findlay <[email protected]>

docs: add missing event filter docs

e1159a4

Add docs for missing event filter types: - cel - container_id - in_init_tree Signed-off-by: William Findlay <[email protected]>

will-isovalent added the release-note/minor This PR introduces a minor user-visible change label Dec 11, 2024

will-isovalent requested a review from michi-covalent December 11, 2024 20:10

will-isovalent requested review from a team and mtardy as code owners December 11, 2024 20:10

michi-covalent approved these changes Dec 11, 2024

View reviewed changes

will-isovalent merged commit fc77143 into main Dec 11, 2024
50 checks passed

will-isovalent deleted the pr/will/cidr-cel branch December 11, 2024 21:37

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

filters/cel: add k8s ip and cidr library functions #3211

filters/cel: add k8s ip and cidr library functions #3211

will-isovalent commented Dec 11, 2024

netlify bot commented Dec 11, 2024

michi-covalent left a comment

filters/cel: add k8s ip and cidr library functions #3211

filters/cel: add k8s ip and cidr library functions #3211

Conversation

will-isovalent commented Dec 11, 2024

netlify bot commented Dec 11, 2024

✅ Deploy Preview for tetragon ready!

michi-covalent left a comment

Choose a reason for hiding this comment