Merge pull request #27 from brness/add/install_docs_update

[Add] add container runtime requirement when install seccompAgent
kinvolk · Oct 12, 2022 · 71c161c · 71c161c
2 parents 42495fb + 5b6a189
commit 71c161c
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 5 deletions.
diff --git a/README.md b/README.md
@@ -42,6 +42,7 @@ chmod: /: Bad message
 ```
 
 ## Demo on Kubernetes
+Before you install the demo on k8s, please ensure all [the requirements](./docs/install.md) are satisfied
 
 This demo shows that the Seccomp Agent can have different behaviour depending on the Kubernetes pod (in this case, the pod's namespace and name).
 

diff --git a/docs/install.md b/docs/install.md
@@ -9,17 +9,29 @@ Seccomp Agent is a DaemonSet deployed in the cluster and relies on new features
 
 ## Installing Seccomp Agent
 
-Requirements:
-- Linux >= 5.9
-- libseccomp >= 2.5.2
-- runc >= 1.1.0
-- containerd >= 1.5.5
+System Requirements:
+- Linux kernel >= 5.9
+- Libseccomp >= 2.5.2 (>=2.5.2 recommended)
+- Runc >= 1.1.0
+- Docker from git(needs to include [this PR](https://github.com/moby/moby/pull/42604))
+- Or if you are using containerd instead of docker, containerd >=1.5.5(>=1.6.0-rc.1 recommended)
 
 Recommended:
 - Flatcar Container Linux >= 3127.0.0
 - containerd >= 1.6.0-rc1
 - Security Profiles Operator (SPO) >= v0.4.1 (unreleased) or from git main
 
+To ensure you have installed correct version of container runtime that support seccomp notify, 
+use the command below:
+```
+strings $(which dockerd) | grep listenerPath
+```
+or if you are using containerd as your runtime
+```
+strings $(which containerd) | grep listenerPath
+```
+If the output is empty, it means your container runtime haven't enabled the feature of seccomp notify. 
+Please check the requirements again in case you missed one.
 ### With Typhoon on Azure
 
 In the `docs/terraform` directory, you can find terraform files to start a
-Original file line number
+Diff line change
@@ Expand Up / @@ -42,6 +42,7 @@ chmod: /: Bad message @@
     ```
     ## Demo on Kubernetes
+    Before you install the demo on k8s, please ensure all [the requirements](./docs/install.md) are satisfied
     This demo shows that the Seccomp Agent can have different behaviour depending on the Kubernetes pod (in this case, the pod's namespace and name).
@@ Expand Down @@