Hello @milans100. I was looking on your blog post about osquery on Kubernetes : https://www.uptycs.com/blog/securing-containers-running-in-hosted-orchestration-services. Can you share details and if there is any osquery image built for it? The problem is that in osquery source code it is hardcoded the path to /proc so then in the DaemonSet we need to mount /proc as /host/proc for instance, but then osquery will not see it without replacing in the source code and recompiling which is something we did and worked, but not clean. K8s is not using docker but directly containerd so the docker tables are not working either. Any input would be appreciated. Also, if Uptycs has something for this please let me know! Thank you!!

Hi @Marian Tataru - yes, we can provide an osquery image that can be used for this part as part of the Uptycs platform (i.e. with a matching Uptycs account). As part of the setup there is a config file that you can set things like the /host/proc mount. We’ve also done some work to ensure the image can operate in a containerd environment as well. Happy to chat further about this if you want more info.

Awesome @Pat Haley! Thank you for your reply! I'll ping you.