The Tetragonsidekick project is a Kubernetes operator designed to process logs emitted by Tetragon pods, enhance the logs using an LLM (Large Language Model), and forward them to an OpenSearch server for future analysis. This project uses Redpands as the central data platform for event streaming, ensuring scalability and real-time processing.

• Log Streaming: Captures logs from Tetragon pods in the kube-system namespace and streams them into a Redpanda topic.
• Protobuf Serialization: Processes Tetragon logs using the official events.proto definitions.
• Event Enhancement: Uses an LLM (e.g., OpenAI GPT-4) to analyze and enhance events.
• OpenSearch Integration: Forward enhanced logs to OpenSearch for indexing and analytics.
• Scalable Architecture: Built on Redpanda for efficient and scalable data processing.

1. Tetragon Pods:
   1. Emit structured logs in protobuf format.
2. Custom Kubernetes Controller:
   1. Captures logs from Tetragon pods.
   2. Serializes logs using Tetragon’s protobuf definitions.
   3. Streams logs to Redpands.
3. Stream Processor:
   1. Enhances logs using an LLM.
   2. Writes enhanced logs back to a separate Redpands topic.
4. OpenSearch Sink:
   1. Consumes enhanced logs from Redpands.
   2. Indexes them in OpenSearch.

The official Tetragon protobuf for events provides a structured way to work with Tetragon logs. By leveraging this, you can deserialize and process events effectively, ensuring compatibility with Tetragon's data structure. Below is a detailed implementation plan using the protobuf definitions and integrating Redpands for a data-driven architecture. Sample event.json.

1. Kubernetes Cluster: A running Kubernetes cluster (v1.29 or higher).
   1. Linux kernel >= 4.19 (for eBPF)
2. Redpands: Installed in the cluster.
3. OpenSearch: Running in the cluster or externally.
4. Operator SDK: Installed on your development machine.
5. Protobuf Compiler: protoc must be installed.

todo

todo

todo

Contributions are what make the open source community such an amazing place to learn, inspire, and create. Any contributions you make are greatly appreciated.

If you have a suggestion that would make this better, please fork the repo and create a pull request. You can also simply open an issue with the tag "enhancement". Don't forget to give the project a star! Thanks again!

1. Fork the Project
2. Create your Feature Branch (git checkout -b feature/AmazingFeature)
3. Commit your Changes (git commit -m 'Add some AmazingFeature')
4. Push to the Branch (git push origin feature/AmazingFeature)
5. Open a Pull Request

(back to top)

Distributed under the MIT License. See LICENSE.txt for more information.

(back to top)

Mitchell Murphy - @mitchellmurphy | mitchmurphy.io

Project Link: https://github.com/mkm29/tetragonsidekick

(back to top)

Use this space to list resources you find helpful and would like to give credit to. I've included a few of my favorites to kick things off!

• Choose an Open Source License
• GitHub Emoji Cheat Sheet
• Malven's Flexbox Cheatsheet
• Malven's Grid Cheatsheet
• Img Shields
• GitHub Pages
• Font Awesome
• React Icons

(back to top)