Non-root Aembit containers and configurable Agent Proxy file descriptor limits
Aembit has released two new feature updates that enhance existing Aembit functionality.
Aembit Containers
All injected Aembit containers are now run as non-root users.
Agent Proxy File Descriptor Limits
Users may configure limits for the number of file descriptors Agent Proxy is allowed to open on a VM. You may configure this number when Agent Proxy is installed (using the AEMBIT_FD_LIMIT flag).
virtual machines
-
Default Limit - 65535, set by Agent Proxy installer
-
Configuration - This limit is configurable via the
AEMBIT_FD_LIMITenvironment variable. This value is passed directly tosystemdin Agent Proxy’s service file at the time of installation. -
Example -
AEMBIT_FD_LIMIT=200000 [...] ./install
Kubernetes
-
Default Limit - This limit is inherited from container runtime.
-
Configuration - There is no official support without modifying the underlying runtime. For more information on configuring these limits, please see the Kubernetes limits support GitHub thread.
AWS ECS
-
Default Limit - 1024
-
Configuration - This limit is configurable via the ECS Task Definition API or ECS Dashboard. Please refer to the AWS ECS Developer Guide for more detailed information on how to configure these limits.
AWS Lambda
-
Default Limit - 1024
-
Configuration - This limit is not configurable. For more information, please refer to the AWS Lambda Developer Guide.