π³ Docker
Running Jibril as a Docker container provides consistent, isolated deployments with minimal setup. This method is ideal for containerized environments, cloud deployments, and development workflows.
π¦ Overviewβ
Docker deployment offers several advantages:
- π Isolation: Contained environment with minimal host dependencies
- π¦ Portability: Run anywhere Docker is supported
- π Consistency: Same behavior across dev, staging, and production
- β‘ Quick Setup: No manual binary installation required
- π― Version Control: Easy rollback and version management
π Quick Startβ
1οΈβ£ Pull Docker Imageβ
# Pull daily version
docker pull docker.io/garnetlabs/jibril:v0.0
# Or pull the latest version
docker pull docker.io/garnetlabs/jibril:v2.8.1
2οΈβ£ Create Configurationβ
# Create config directory
sudo mkdir -p /etc/jibril
# Create configuration file
sudo vi /etc/jibril/config.yaml
π See Configuration Guide for configuration options.
3οΈβ£ Run Containerβ
docker run -d \
--name jibril \
--privileged \
--pid host \
--network host \
-v /sys:/sys:ro \
-v /sys/fs/bpf:/sys/fs/bpf:rw \
-v /var/log/jibril:/var/log/jibril:rw \
docker.io/garnetlabs/jibril:v2.8.1
Add options to the docker command:
# Bind mount /etc/jibril into the container.
-v /etc/jibril:/etc/jibril:rw
# Append Jibril cmdline arguments to the docker command.
--config /etc/jibril/config.yaml
π Required Flagsβ
--privilegedβ
Required for eBPF
Grants full access to host devices and capabilities needed for eBPF program loading.
π Volume Mountsβ
Essential volume mounts for Jibril operation:
Required Mounts
| Host Path | Container Path | Mode | Purpose |
|---|---|---|---|
/sys | /sys | ro | System information |
/sys/fs/bpf | /sys/fs/bpf | rw | eBPF filesystem |
Optional Mounts (depending on configuration)
| Host Path | Container Path | Mode | Purpose |
|---|---|---|---|
/etc/jibril | /etc/jibril | rw | Configuration files |
/var/log/jibril | /var/log/jibril | rw | Event output files (when using varlog printer) |
π¨οΈ Output Configurationβ
Jibril supports multiple output methods (printers) for events. Understanding these options is crucial for proper Docker configuration.
πΊ Stdout Printerβ
Events are printed to stdout/stderr and captured by Docker.
Configuration:
printers:
stdout:
enabled: true
Docker Requirements:
- β No volume mounts needed
- β
Use
docker logsto view events - β Integrates with Docker logging drivers
- β Perfect for Docker/systemd log management
Example:
docker run -d \
--name jibril \
--privileged \
--pid host \
--network host \
-v /sys:/sys:ro \
-v /sys/fs/bpf:/sys/fs/bpf:rw \
-v /etc/jibril:/etc/jibril:rw \
docker.io/garnetlabs/jibril:v2.8.1 \
--config /etc/jibril/config.yaml
# View events
docker logs -f jibril
π Varlog Printerβ
Events are written to specific files on disk.
Configuration:
printers:
varlog:
enabled: true
path: /var/log/jibril/events.log
Docker Requirements:
- β οΈ Must mount the log directory
- π Volume:
-v /var/log/jibril:/var/log/jibril:rw - π Ensure directory exists on host
- π Proper permissions required
Example:
# Create log directory
sudo mkdir -p /var/log/jibril
sudo chmod 755 /var/log/jibril
# Run container with varlog
docker run -d \
--name jibril \
--privileged \
--pid host \
--network host \
-v /sys:/sys:ro \
-v /sys/fs/bpf:/sys/fs/bpf:rw \
-v /etc/jibril:/etc/jibril:rw \
-v /var/log/jibril:/var/log/jibril:rw \
docker.io/garnetlabs/jibril:v2.8.1 \
--config /etc/jibril/config.yaml
# View events directly on host
tail -f /var/log/jibril/events.log
π§ Choosing the Right Printerβ
πΊ Use Stdout Whenβ
- π³ Using Docker logging drivers (json-file, syslog, etc.)
- π€ Forwarding logs to external systems via Docker
- βΈοΈ Running in Kubernetes (logs collected by kubelet)
- β‘ Want simpler Docker configuration
- π Need dynamic log routing
π Use Varlog Whenβ
- π Need direct file access on the host
- π Using custom log rotation tools
- πΎ Want persistent logs independent of container lifecycle
- π Integrating with file-based log collectors
- π Need high-performance file I/O
π Use Both Whenβ
- π‘οΈ Need redundancy and failover
- π§ Different systems consume logs differently
- π Debugging + production logging simultaneously
- π Real-time monitoring + persistent storage
- βοΈ Compliance requires multiple outputs
π‘ Tip
- Multiple printers can be enabled simultaneously. Events will be sent to all enabled printers.
- Printers can be tailored to your needs. Contact us at support@garnet.ai for custom configurations.
π― Common Usage Examplesβ
π Foreground Modeβ
Run interactively with logs:
docker run --rm \
--name jibril \
--privileged \
--pid host \
--network host \
-v /sys:/sys:ro \
-v /sys/fs/bpf:/sys/fs/bpf:rw \
docker.io/garnetlabs/jibril:v2.8.1
π Custom Outputβ
Direct output to specific location:
docker run -d \
--name jibril \
--privileged \
--pid host \
--network host \
-v /sys:/sys:ro \
-v /sys/fs/bpf:/sys/fs/bpf:rw \
-v /custom/log:/var/log/jibril:rw \
docker.io/garnetlabs/jibril:v2.8.1
π§ͺ Testing Configurationβ
Test config without daemon mode:
docker run --rm \
--privileged \
--pid host \
--network host \
-v /sys:/sys:ro \
-v /sys/fs/bpf:/sys/fs/bpf:rw \
-v ./test-config.yaml:/config.yaml:ro \
docker.io/garnetlabs/jibril:v2.8.1 \
--config /config.yaml
π Container Managementβ
π Monitor Containerβ
# View container status
docker ps | grep jibril
# View resource usage
docker stats jibril
# Follow logs
docker logs -f jibril
# View last 100 lines
docker logs --tail 100 jibril
π Control Containerβ
# Stop container
docker stop jibril
# Start container
docker start jibril
# Restart container
docker restart jibril
# Remove container
docker rm -f jibril
π³ Docker Composeβ
For easier management, use Docker Compose:
version: '3.8'
services:
jibril:
image: docker.io/garnetlabs/jibril:v2.8.1
container_name: jibril
privileged: true
pid: host
network_mode: host
restart: unless-stopped
volumes:
- /sys:/sys:ro
- /sys/fs/bpf:/sys/fs/bpf:rw
- /etc/jibril:/etc/jibril:rw
- /var/log/jibril:/var/log/jibril:rw
command: --config /etc/jibril/config.yaml
Usage:
# Start service
docker-compose up -d
# View logs
docker-compose logs -f
# Stop service
docker-compose down
π Upgradingβ
To upgrade to a newer version:
# Stop and remove current container
docker stop jibril
docker rm jibril
# pull the daily version
docker pull docker.io/garnetlabs/jibril:v0.0
# Or pull the latest released version
docker pull docker.io/garnetlabs/jibril:v2.8.1
# Run new container with same configuration
docker run -d \
--name jibril \
--privileged \
--pid host \
--network host \
-v /sys:/sys:ro \
-v /sys/fs/bpf:/sys/fs/bpf:rw \
-v /etc/jibril:/etc/jibril:rw \
-v /var/log/jibril:/var/log/jibril:rw \
docker.io/garnetlabs/jibril:v2.8.1 \
--config /etc/jibril/config.yaml
π Tips & Best Practicesβ
β Best Practicesβ
- π Use Docker Compose for production deployments if not using Kubernetes.
- π·οΈ Pin specific image versions to avoid unexpected behavior.
- π Use
restart: unless-stoppedpolicy to ensure the container is always running. - π Monitor container resource usage to ensure the container is not consuming too many resources. Configure the
cadencessection in the configuration file to reduce the number of events and resources usage. - π Keep configuration on a dedicated host volume to avoid conflicts with other containers.
β οΈ Common Issuesβ
- β Permission denied β Ensure the container is running as privileged and has the required capabilities.
- β Can't load eBPF β Check if
/sys/fs/bpfis mounted for both the host and the container. - β Events have bad content β Verify if Jibril is running on the host PID namespaces.
- β Network not monitored β Verify if Jibril is running on the host network namespace and if network related features and events are enabled.
βΈοΈ Kubernetes Deploymentβ
For Kubernetes, use the dedicated Helm chart instead of plain Docker:
Recommended for K8s
helm install jibril jibril/jibril --namespace jibril-system --create-namespace
π See Kubernetes Guide for detailed Kubernetes deployment using the Helm chart.