The tracee command described in instruction 5 will fail, as tracee does not recognize container:all as a valid filtering criteria
Also going to add here since I'm running into this issue, but grepping for special as described does not seem to work. In fact, the only way I seem to get events from the container in question is to remove the filter from tracee and grep more generically for nginx. Thoughts?
I will look into this. There were a lot of changes from 0.3.1 to 0.4.0, which just updated. I will pin to a version and update the labs to work for that particular version. If you pin back to 0.3.1 it may work, until then.
Yup, reverting back to 0.3.1 has the command working as printed.
Thanks for the feedback. The joy of working with dynamic content. I thought I had pinned and updated. I will revisit and see if I missed updating some of the steps.
Yeah, the instructions are pinned to 0.4.0 for some reason, though it sounds like your intent was to pin to 0.3.1.
Happy to keep providing feedback. I want to help this course be as good a prep for the CKS exam as it can possibly be.
Thank you very much! A lot of moving parts with this course. Really appreciate your feedback!
The lab has been updated.
If I could make one additional suggestion for this lab, a simple way to make this lab more deterministic wrt Pod scheduling would be to cordon the nodes other than the one where tracee is supposed to be run before creating the special Deployment. Then you could cut out all the extra scaling directions and reduce it down to a cordon and uncordon command. Much simpler than mucking around with NodeAffinity rules.
Thanks! I'll keep that in mind as I continue to update. Easier is better.