Closed incertum closed 7 months ago
There is not a label identifying the kind of this issue.
Please specify it either using /kind <group>
or manually from the side menu.
@incertum Thanks for writing this up and I agree this is where we need to align.
For both bpf and kmod, additional host mounts are required, such as /usr/src/kernels/ and /lib/modules. Please refer to the respective daemonset configuration for more details.
k3s comes with a local-path-provisioner that supports hostPath. So you should be able to add these mounts. If that doesn't work we can investigate alternatives.
We anticipate containerd to be the container runtime socket located at /run/containerd/containerd.sock.
Yes, the knodes will all have containerd (default for k3s)
cncf-project: "falco" cncf-project-sub: "falco-driver-modern-ebpf"
I like the project label and the sub label adds flexibility. We might need more labels later but this is a great starting point IMO.
For the kernel version requirements Equinix Metal has a pretty wide selection of supported OSes
We're using ubuntu 22.04 but we can easily specify an alternative OS in the tofu automation. Does that provide you enough control for the kernel version?
k get no wg-green-reviews-worker-a-fhnpf -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
wg-green-reviews-worker-a-fhnpf Ready <none> 79d v1.28.2 10.78.49.131 147.28.134.57 Ubuntu 22.04.3 LTS 5.15.0-84-generic containerd://1.6.24
Lastly I have a concern on how much Equinix resources we will need. Can we start with knode A
with modern-bpf
while we develop the pipeline?
We can then add more knodes but I think we should consider provisioning knodes on demand for the duration of the test. So we consume less resources and the approach is more scalable as we onboard more projects.
@nikimanoledaki @AntonioDiTuri Please also chime in with your thoughts on this.
Can we start with knode A with modern-bpf while we develop the pipeline?
We would love this approach, also easier for us.
[By the way I forgot to add "Kernel headers installed" as requirement for the other drivers. We will update our docs shortly. And I noticed still some minor naming hiccups it should now be consistently modern-ebpf
, my bad]
ubuntu 22.04
Perfect works for us!
Yes, the knodes will all have containerd (default for k3s)
@rossf7 mind double-checking the exact path of the socket? Would appreciate it a lot, is it (1) /run/containerd/containerd.sock
or (2) /run/k3s/containerd/containerd.sock
? Thanks in advance!
I like the project label and the sub label adds flexibility. We might need more labels later but this is a great starting point IMO.
Great, yes I think we can very easily change or add new labels!
@incertum That's great, thank you.
The socket path is /run/k3s/containerd/containerd.sock
Thanks! I'll update the docs once we tag the next release containers and state /run/k3s/containerd/containerd.sock
instead.
What is left for this issue? :)
Now that I have access to the falco
pods, plz allow me to check a few things.
In addition, do we want to mark this as complete and open a new issue once we tackle the other 2 drivers Falco has? Ok for us.
Had a chance to inspect a few things, LGTM. We can refer to this issue in the future when we test the remaining 2 drivers.
See https://github.com/falcosecurity/cncf-green-review-testing?tab=readme-ov-file#summary-cncf-green-reviews-cluster-requirements
Notes:
kernel.bpf_stats_enabled
by default.ebpf
andkmod
, additional host mounts are required, such as/usr/src/kernels/
and/lib/modules
. Please refer to the respective daemonset configuration for more details.containerd
to be the container runtime socket located at/run/k3s/containerd/containerd.sock
.Clarify each item with the CNCF Green Reviews Working Group, especially the
nodeSelector
.CC @nikimanoledaki