API endpoint for traced profile Per-Pod #2748
Labels
kind/feature
Categorizes issue or PR as related to a new feature.
Comments
ubuitrago-pjr
added
the
kind/feature
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
What would you like to be added:
The SPO currently does not expose a convenient API endpoint for gathering details such as the Processes and Syscalls traced per Pod.
Why is this needed:
Such a feature would be very useful for gathering container process/syscall/event metrics. This could be helpful for debugging container seccomps and providing additional metrics capabilities for developers. Knowing the intermediate information used to create a profile seems equally as valuable as the profile itself. Right now, this information is not easily shareable or exposed.
User story covered
https://github.com/kubernetes-sigs/security-profiles-operator/blob/main/doc/user-stories.md#as-an-application-developer-ming-would-like-to-be-able-to-debug-syntax-errors-in-a-given-profile
As an application developer, Ming would like to be able to debug and develop their security profiles using similar tools as would be used to deploy the app in production.
Ming would like to gather container processes and statically generate a seccomp (more coarse-grain). This could be helpful for containers that do not posses a workload because they're still in early development.
The text was updated successfully, but these errors were encountered: