search

CrowdStrike / falcon-operator

https://artifacthub.io/packages/olm/falcon-operator/falcon-operator
Apache License 2.0
49 stars 36 forks source link

Removing falcon-operator issues #557

Closed mcipamo closed 2 months ago

mcipamo commented 3 months ago

Hello everyone, I have a client with falcon-operator installed. I recommended removing and reinstalling it, but they are experiencing some problems with the operator.

https://github.com/CrowdStrike/falcon-operator/blob/main/docs/deployment/openshift/ 

 oc get falconnodesensor 
NAME                 OPERATOR VERSION   FALCON SENSOR
falcon-node-sensor   0.9.4-certified    6.53.0-15003.falcon-linux.x86_64.Release.US-1
$ oc describe falconnodesensor
Error from server (NotFound): [falconnodesensors.falcon.crowdstrike.com](http://falconnodesensors.falcon.crowdstrike.com/) "falcon-node-sensor" not found

Despite deleting the crd and all the resources, when the operator is installed again, there are a lot of issues, and stuck in the same state.

installing: waiting for deployment falcon-operator-controller-manager to become ready: deployment "falcon-operator-controller-manager" not available: Deployment does not have minimum availability.

The operator has been removed and reinstalled to attempt to resolve but always gets to this point.

I appreciate your help with information on how the customer can correctly remove and install the operator.

Environment: OpenShift 4.14.18 on AWS

redhatrises commented 3 months ago

It looks like the Falcon-node-sensor was not removed before the operator was uninstalled which is required. This resource also has a finalized attached to it. Please remove the Falcon-node-sensor before trying to uninstall the operator.

mcipamo commented 3 months ago

Hi, thank you for the information. I'll check with them.

davidramirez-rh commented 3 months ago

Dear team. I am working in the same case and team that my colleague @mcipamo is posting through this issue. Our customer deleted everything they could find - and re-installed Falcon from the Hub - clicking on 'Falcon Node Sensor' to install the sensors 'still' shows the sensor that was installed on 4/27/2023:

FalconNodeSensor
FNS
falcon-node-sensor
FalconNodeSensor
Conditions
:
ConfigMapReady, Success, DaemonSetReady
No labels
Apr 27, 2023, 6:48 AM

The 'hamburger' menu to the right of this item is greyed out and our Customer is unable to attempt to remove it.

If our Customer were to 'Create FalconNodeSEnsor' - it would just sit there after the 'Create' button was selected - pending, we are presuming, on the fact that the old sensor is still there.

Is there any recommendation for fully remove these components?

Thanks

redhatrises commented 3 months ago

Once again, the falcon-node-sensor needs to be removed BEFORE the operator is even attempted to be uninstalled. They should not uninstall the operator until the falcon-node-sensor no longer exists i.e. the CR called falcon-node-sensor should no longer exist. The FalconNodeSensor Kind has a cleanup job and finalizer associated with it that if the CRD is ripped out from underneath the cleanup and a new version of the operator installed, causes these problems. In addition, the sensor version is too old and unsupported. Finally, the customer should open a support ticket with CrowdStrike as github isn't the place for support.

redhatrises commented 2 months ago

Closing as there is no further movement on this.