[FEATURE]: Add Kubernetes support similar to Docker #107
Description
Is your feature request related to a problem? Please describe.
Currently Capture is only able to grab information from a docker.sock to see running containers on a host. When deployed in Kubernetes, a lot of distros now favor containerd over docker. This means that we cannot monitor the docker containers that exist on this host.
Describe the solution you'd like
I'd like for Capture to be able to pull information about running pods or containers.
I see 3 ways to achieve this:
- from the containerd.sock directly or via crictl
- from the kubelet.sock using
- using the cluster's Kubernetes API using the Informer pattern in go.
To get the container metrics we would be using either the cluster's metrics-server (less timely updates, about every 15s) or through stats from the kubelet.sock (instant stats).
The .sock solutions are full-featured and performant but require privileged access. The Informer pattern is slower to update (can be a few seconds before receiving changes) but requires only a list/watch pods permission inside the cluster and the Capture agent can run as a non root user.
The setup could implement a parameter to tell the agent if it is running in privileged mode or not, which will impact the method used and how fast and accurate the data and metrics will be.
This is related to bluewave-labs/Checkmate#2684