nibalizer
commented
4 years ago I'm on IKS (IBM Kubernetes service) not EKS but I was able to change version to 0.19.0 in the values.yaml of the helm chart and successfully bring up falco.
Closed ahilmathew closed 4 years ago
nibalizer
commented
4 years ago I'm on IKS (IBM Kubernetes service) not EKS but I was able to change version to 0.19.0 in the values.yaml of the helm chart and successfully bring up falco.
fntlnz
commented
4 years ago @ahilmathew we have multiple fixes for the problems described here:
In the meanwhile can you please try to use the falcosecurity/falco:master image? It contains those fixes until we are not ready to release 0.21.0.
rabidsloth
commented
4 years ago I'm also on EKS and getting this same error. I've tried to use master and 0.19.0 as the tag and neither of these work.
log using the master image tag:
Loading...* Setting up /usr/src links from host
* Unloading falco-probe, if present
* Running dkms install for falco
Error! echo
Your kernel headers for kernel 4.14.165-133.209.amzn2.x86_64 cannot be found at
/lib/modules/4.14.165-133.209.amzn2.x86_64/build or /lib/modules/4.14.165-133.209.amzn2.x86_64/source.
* Running dkms build failed, couldn't find /var/lib/dkms/falco/0.20.0+e637b1e/build/make.log
* Trying to load a system falco-probe, if present
* Trying to find precompiled falco-probe for 4.14.165-133.209.amzn2.x86_64
Found kernel config at /host/boot/config-4.14.165-133.209.amzn2.x86_64
* Trying to download precompiled module from https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/falco-probe-0.20.0%2Be637b1e-x86_64-4.14.165-133.209.amzn2.x86_64-1ed15745c0421d7dcbcff00ebd616d81.ko
curl: (22) The requested URL returned error: 404 Not Found
Download failed, consider compiling your own falco-probe and loading it or getting in touch with the Falco community
Tue Mar 10 00:17:40 2020: Falco initialized with configuration file /etc/falco/falco.yaml
Tue Mar 10 00:17:40 2020: Loading rules from file /etc/falco/falco_rules.yaml:
Tue Mar 10 00:17:41 2020: Loading rules from file /etc/falco/falco_rules.local.yaml:
Tue Mar 10 00:17:42 2020: Unable to load the driver. Exiting.
Tue Mar 10 00:17:42 2020: Runtime error: error opening device /dev/falco0. Make sure you have root credentials and that the falco-probe module is loaded.. Exiting.
nikhilgorantla
commented
4 years ago Any update on this running into the same issue
ahilmathew
commented
4 years ago I ended up using helm install stable/falco --version 1.1.0 which has Falco version 0.18.0 which doesn't have this issue.
ahilmathew
commented
4 years ago @ahilmathew we have multiple fixes for the problems described here:
* #981 * #1050In the meanwhile can you please try to use the
falcosecurity/falco:masterimage? It contains those fixes until we are not ready to release0.21.0.
thank you. Will try using the image as well.
leodido
commented
4 years ago Any update from people using the latest falcosecurity/falco:master ?
nikhilgorantla
commented
4 years ago falcosecurity/falco:master falcosecurity/falco:latest falcosecurity/falco:0.21.0 falcosecurity/falco:0.18.0
none of them work on eks
djsly
commented
4 years ago same for AKS, we were running 0.19.0 and just bumped to 0.21.0, pods are not starting
* Setting up /usr/src links from host
* Unloading falco-probe, if present
* Running dkms install for falco
Error! Could not find module source directory.
Directory: /usr/src/falco-latest does not exist.
* Running dkms build failed, couldn't find /var/lib/dkms/falco/latest/build/make.log
* Trying to load a system falco-probe, if present
* Trying to find precompiled falco-probe for 4.15.0-1071-azure
Found kernel config at /host/boot/config-4.15.0-1071-azure
* Trying to download precompiled module from https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/falco-probe-latest-x86_64-4.15.0-1071-azure-ed0721c105202e27d58e45a336be8299.ko
curl: (22) The requested URL returned error: 404 Not Found
Download failed, consider compiling your own falco-probe and loading it or getting in touch with the Falco community
Fri Mar 27 16:06:20 2020: Falco initialized with configuration file /etc/falco/falco.yaml
Fri Mar 27 16:06:20 2020: Loading rules from file /etc/falco/falco_rules.yaml:
Fri Mar 27 16:06:21 2020: Loading rules from file /etc/falco/falco_rules.local.yaml:
Fri Mar 27 16:06:21 2020: Unable to load the driver. Exiting.
Fri Mar 27 16:06:21 2020: Runtime error: error opening device /dev/falco0. Make sure you have root credentials and that the falco-probe module is loaded.. Exiting.
jjo
commented
4 years ago Key in above error log is:
Directory: /usr/src/falco-latest does not exist.as I just reported at #1123.
blhagadorn
commented
4 years ago I can also confirm, on IBM Cloud Kubernetes Service (IKS), I also had the same original reported issue. helm install stable/falco --version 1.1.0. Seemed to work for me.
cw-sakamoto
commented
4 years ago 0.18.0(with stable/falco version 1.1.0) work on eks 1.14 but not work on 1.15.
0.21.0 doesn't work either.
rodricarvalho
commented
4 years ago 0.18.0 works for me on AWS EC2 without any issue. I hope to be able to use the 0.21.0 version soon. Just change the value of the tag to 0.18.0 in the values.yaml file to make works.
cw-sakamoto
commented
4 years ago 0.22.1(helm chart 1.1.1) doesn't work on eks 1.15
Your kernel headers for kernel 4.14.173-137.229.amzn2.x86_64 cannot be found at
/lib/modules/4.14.173-137.229.amzn2.x86_64/build or /lib/modules/4.14.173-137.229.amzn2.x86_64/source.
* Running dkms build failed, couldn't find /var/lib/dkms/falco/a259b4bf49c3330d9ad6c3eed9eb1a31954259a6/build/make.log
* Trying to load a system falco-probe, if present
* Trying to find precompiled falco-probe for 4.14.173-137.229.amzn2.x86_64
Found kernel config at /host/boot/config-4.14.173-137.229.amzn2.x86_64
* Trying to download precompiled module from https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/falco-probe-a259b4bf49c3330d9ad6c3eed9eb1a31954259a6-x86_64-4.14.173-137.229.amzn2.x86_64-f0c8ced41ae4d0e71aa715068964ce9f.ko
curl: (22) The requested URL returned error: 404 Not Found
Download failed, consider compiling your own falco-probe and loading it or getting in touch with the Falco community
Tue Apr 21 05:07:17 2020: Falco initialized with configuration file /etc/falco/falco.yaml
Tue Apr 21 05:07:17 2020: Loading rules from file /etc/falco/falco_rules.yaml:
Tue Apr 21 05:07:17 2020: Loading rules from file /etc/falco/falco_rules.local.yaml:
Tue Apr 21 05:07:17 2020: Unable to load the driver. Exiting.
Tue Apr 21 05:07:17 2020: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco-probe module is loaded.. Exiting.
loetn
commented
4 years ago Getting also 404 not found when deploying as a normal daemonset, or installing via the helm chart on a kubeadm cluster 1.18.2. Tried 0.22.0, 0.22.1, latest, master. Using 0.18.0 still works.
cw-sakamoto
commented
4 years ago 0.18.0 dose not work with eks 1.15 (eksctl 0.17.0).
$ kubectl logs falco-cdkjx
* Setting up /usr/src links from host
* Unloading falco-probe, if present
* Running dkms install for falco
Error! echo
Your kernel headers for kernel 4.14.173-137.229.amzn2.x86_64 cannot be found at
/lib/modules/4.14.173-137.229.amzn2.x86_64/build or /lib/modules/4.14.173-137.229.amzn2.x86_64/source.
* Running dkms build failed, couldn't find /var/lib/dkms/falco/0.18.0/build/make.log
* Trying to load a system falco-probe, if present
* Trying to find precompiled falco-probe for 4.14.173-137.229.amzn2.x86_64
Found kernel config at /host/boot/config-4.14.173-137.229.amzn2.x86_64
* Trying to download precompiled module from https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/falco-probe-0.18.0-x86_64-4.14.173-137.229.amzn2.x86_64-f0c8ced41ae4d0e71aa715068964ce9f.ko
curl: (22) The requested URL returned error: 404 Not Found
Download failed, consider compiling your own falco-probe and loading it or getting in touch with the sysdig community
Wed Apr 22 00:43:58 2020: Falco initialized with configuration file /etc/falco/falco.yaml
Wed Apr 22 00:43:58 2020: Loading rules from file /etc/falco/falco_rules.yaml:
Wed Apr 22 00:43:58 2020: Loading rules from file /etc/falco/falco_rules.local.yaml:
Wed Apr 22 00:43:58 2020: Unable to load the driver. Exiting.
Wed Apr 22 00:43:58 2020: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco-probe module is loaded.. Exiting.@cw-sakamoto we now have a new set of prebuilt modules at https://dl.bintray.com/falcosecurity/driver/a259b4bf49c3330d9ad6c3eed9eb1a31954259a6/
For example, the module for amzn2 4.14.173 you are looking for is here.
leodido
commented
4 years ago @djsly we do not ship (neither support) drivers for AKS at the moment.
I opened an issue as reference/request here. It sounds like a good first contribution to do!
leodido
commented
4 years ago @rabidsloth the Falco driver your environment is looking for is now at https://dl.bintray.com/falcosecurity/driver/a259b4bf49c3330d9ad6c3eed9eb1a31954259a6/:falco_amazonlinux2_4.14.165-133.209.amzn2.x86_64_1.ko
leodido
commented
4 years ago Using the latest falcosecurity/falco:master image, which contains the new falco-driver-loader script (#1160), should solve the majority of the 404 here reported.
For this reason, I'm closing this issue. But feel free to open new ones and continue the discussion in case new errors of this kind happen.
/close
poiana
commented
4 years ago @leodido: Closing this issue.
djsly
commented
4 years ago @djsly we do not ship (neither support) drivers for AKS at the moment.
I opened an issue as reference/request here. It sounds like a good first contribution to do!
@leodido thanks, while there might not be any official support for AKS yet, Falco was usable and runnable. Are we saying that the support for AKS is no longer possible until a new driver kit gets created ?
leodido
commented
4 years ago No @djsly, I was saying that we do not support prebuilt drivers for AKS.
Clearly the postinst scripts of the packages (same does the falco-driver-loader script) will always try to build the driver after the Falco installation. And that can succeed :)
jessebye
commented
4 years ago @leodido I'm running falcosecurity/falco:master but still receiving an error about unsupported driver. This is on EKS 1.15.
* Setting up /usr/src links from host
* Unloading falco module, if present
* Running dkms build failed, couldn't find /var/lib/dkms/falco/47374b2b73734d509f3c99890c80be5242021c3d/build/make.log
* Trying to load a system falco driver, if present
* Trying to find a prebuilt falco module for kernel 4.14.165-133.209.amzn2.x86_64
Detected an unsupported target system, please get in touch with the Falco communityIs there a way to point the falco-driver-loader script at the right URL? How can I tell what URL it is trying to use? It doesn't echo it in the logs...
fntlnz
commented
4 years ago @jessebye I know what's happening here. The master image is being used but we (on Thursday) changed the driver version in master without instructing test-infra to build for that version.
Infact we do have the module version for dev for your kernel here https://dl.bintray.com/falcosecurity/driver/dev/:falco_amazonlinux2_4.14.165-133.209.amzn2.x86_64_1.ko
As a workardound, you can open the falco-driver-loader script and change the DRIVER_VERSION variable value to dev.
I'm opening an issue to fix this for when people use the master image.
leodido
commented
4 years ago Imho the error @jessebye is encountering does not depend on the driver version.
I mean, the root cause is not the driver version. The root cause is the fact that falco-driver-loader is not able to build the driver locally on the EKS 1.15 of @jessebye.
The lookup on prebuilt drivers index is just a fallback.
Anyway, the workaround @fntlnz proposed should work without troubles.
fntlnz
commented
4 years ago I think that it might be due to errors while doing the symlinks. @jessebye are you running the latest Falco 0.22.0 ? And if so, is this an upgrade from an older version or a fresh new installation?
We still need to fix the pre-built stuff.
jessebye
commented
4 years ago We are running Falco 0.22.0. Fresh new installation. On May 2, 2020, 7:17 AM -0700, Lorenzo Fontana notifications@github.com, wrote:
I think that it might be due to errors while doing the symlinks. @jessebye are you running the latest Falco 0.22.0 ? And if so, is this an upgrade from an older version or a fresh new installation? We still need to fix the pre-built stuff. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub, or unsubscribe.
jessebye
commented
4 years ago @leodido from what I can see, there is a prebuilt driver for my Amazon Linux kernel, but it still fails to use it. So not only does it fail to build the driver (root cause) but then it fails to find the prebuilt image that it should be able to find. Does that make sense?
Also, not sure how to use that workaround... I guess we'd have to fork the repo and build our own custom docker image? I've been really trying to avoid that.
ianhundere
commented
4 years ago same issue here, but this was after updating to EKS 1.16 from EKS 1.15.
we were using 0.19.0 before this without issue.
using the latest falcosecurity/falco:master image did not resolve the issue.
Your kernel headers for kernel 4.14.173-137.229.amzn2.x86_64 cannot be found at
/lib/modules/4.14.173-137.229.amzn2.x86_64/build or /lib/modules/4.14.173-137.229.amzn2.x86_64/source.
* Running dkms build failed, couldn't find /var/lib/dkms/falco/a259b4bf49c3330d9ad6c3eed9eb1a31954259a6/build/make.log
* Trying to load a system falco-probe, if present
* Trying to find precompiled falco-probe for 4.14.173-137.229.amzn2.x86_64
Found kernel config at /host/boot/config-4.14.173-137.229.amzn2.x86_64
* Trying to download precompiled module from https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/falco-probe-a259b4bf49c3330d9ad6c3eed9eb1a31954259a6-x86_64-4.14.173-137.229.amzn2.x86_64-f0c8ced41ae4d0e71aa715068964ce9f.ko
curl: (22) The requested URL returned error: 404 Not Found
Download failed, consider compiling your own falco-probe and loading it or getting in touch with the Falco community
Tue May 5 14:08:36 2020: Falco initialized with configuration file /etc/falco/falco.yaml
Tue May 5 14:08:36 2020: Loading rules from file /etc/falco/falco_rules.yaml:
Tue May 5 14:08:37 2020: Loading rules from file /etc/falco/falco_rules.local.yaml:
Tue May 5 14:08:38 2020: Unable to load the driver. Exiting.
Tue May 5 14:08:38 2020: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco-probe module is loaded.. Exiting.
victorrodriguez1984
commented
4 years ago Hello Team, same erro on version 0.21.0 at IKS
image: registry: docker.io repository: falcosecurity/falco tag: 0.21.0 pullPolicy: IfNotPresent
Download failed, consider compiling your own falco-probe and loading it or getting in touch with the Falco community
Sun Jun 7 17:28:33 2020: Falco initialized with configuration file /etc/falco/falco.yaml
Sun Jun 7 17:28:33 2020: Loading rules from file /etc/falco/falco_rules.yaml:
Sun Jun 7 17:28:33 2020: Loading rules from file /etc/falco/falco_rules.local.yaml:
Sun Jun 7 17:28:34 2020: Loading rules from file /etc/falco/k8s_audit_rules.yaml:
Sun Jun 7 17:28:35 2020: Unable to load the driver. Exiting.
Sun Jun 7 17:28:35 2020: Runtime error: error opening device /dev/falco0. Make sure you have root credentials and that the falco-probe module is loaded.. Exiting.
fbongiovanni29
commented
4 years ago Same error on GKE (ebpf enabled) version 0.23.0.
Note: It worked for me once, but I uninstalled/re-installed it to debug some issues and now I'm getting this:
* Setting up /usr/src links from host
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Trying to dkms install falco module
* Running dkms build failed, couldn't find /var/lib/dkms/falco/96bd9bc560f67742738eb7255aeb4d03046b8045/build/make.log
* Trying to load a system falco driver, if present
* Trying to find locally a prebuilt falco module for kernel 4.14.138+, if present
* Trying to download prebuilt module from https://dl.bintray.com/falcosecurity/driver/96bd9bc560f67742738eb7255aeb4d03046b8045/falco_cos_4.14.138%2B_1.ko
curl: (22) The requested URL returned error: 404 Not Found
Download failed, consider compiling your own falco module and loading it or getting in touch with the Falco community
Mon Jun 22 19:25:50 2020: Falco initialized with configuration file /etc/falco/falco.yaml
Mon Jun 22 19:25:50 2020: Loading rules from file /etc/falco/falco_rules.yaml:
Mon Jun 22 19:25:50 2020: Loading rules from file /etc/falco/falco_rules.local.yaml:
Mon Jun 22 19:25:51 2020: Unable to load the driver. Exiting.
Mon Jun 22 19:25:51 2020: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.
rubensayshi
commented
4 years ago we were running 0.23.0 on GKE without issues as well, but I just did a reinstall (and we bumped GKE to latest; 1.16.10-gke.8) and now we get more or less the same;
* Setting up /usr/src links from host
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Trying to dkms install falco module
* Running dkms build failed, couldn't find /var/lib/dkms/falco/96bd9bc560f67742738eb7255aeb4d03046b8045/build/make.log
* Trying to load a system falco driver, if present
* Trying to find locally a prebuilt falco module for kernel 4.19.112+, if present
* Trying to download prebuilt module from https://dl.bintray.com/falcosecurity/driver/96bd9bc560f67742738eb7255aeb4d03046b8045/falco_cos_4.19.112%2B_1.ko
curl: (22) The requested URL returned error: 404 Not Found
Download failed, consider compiling your own falco module and loading it or getting in touch with the Falco community
Thu Jul 2 13:32:23 2020: Falco initialized with configuration file /etc/falco/falco.yaml
Thu Jul 2 13:32:23 2020: Loading rules from file /etc/falco/falco_rules.yaml:
Thu Jul 2 13:32:24 2020: Loading rules from file /etc/falco/falco_rules.local.yaml:
Thu Jul 2 13:32:24 2020: Unable to load the driver. Exiting.
Thu Jul 2 13:32:24 2020: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.
dinvlad
commented
4 years ago We hit the same issue on COS-81 (unable to download falco_cos_4.19.112%2B_1.ko). It only works when run in privileged mode with ePBF enabled (https://github.com/falcosecurity/falco/issues/1299)
nitzango
commented
3 years ago Same here. EKS version 1.20.4-eks-6b7464 Latest chart version: 0.28.1
* Setting up /usr/src links from host
* Running falco-driver-loader for: falco version=0.28.1, driver version=5c0b863ddade7a45568c0ac97d037422c9efb750
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Trying to load a system falco module, if present
* Looking for a falco module locally (kernel 5.4.117-58.216.amzn2.x86_64)
* Trying to download a prebuilt falco module from https://download.falco.org/driver/5c0b863ddade7a45568c0ac97d037422c9efb750/falco_am
azonlinux2_5.4.117-58.216.amzn2.x86_64_1.ko
curl: (22) The requested URL returned error: 404
Unable to find a prebuilt falco module
* Trying to dkms install falco module with GCC /usr/bin/gcc
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr
/bin/gcc)
* Trying to dkms install falco module with GCC /usr/bin/gcc-8
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr
/bin/gcc-8)
* Trying to dkms install falco module with GCC /usr/bin/gcc-6
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr
/bin/gcc-6)
* Trying to dkms install falco module with GCC /usr/bin/gcc-5
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/5c0b863ddade7a45568c0ac97d037422c9efb750/build/make.log (with GCC /usr
/bin/gcc-5)
Consider compiling your own falco driver and loading it or getting in touch with the Falco community
Thu May 27 08:26:28 2021: Falco version 0.28.1 (driver version 5c0b863ddade7a45568c0ac97d037422c9efb750)
Thu May 27 08:26:28 2021: Falco initialized with configuration file /etc/falco/falco.yaml
Thu May 27 08:26:28 2021: Loading rules from file /etc/falco/falco_rules.yaml:
Thu May 27 08:26:28 2021: Loading rules from file /etc/falco/falco_rules.local.yaml:
Thu May 27 08:26:29 2021: Unable to load the driver.
Thu May 27 08:26:29 2021: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.
rubenpetrosyan1
commented
2 years ago has the same issue with Azure Kubernetes Service (v1.22.4 control plane and with 1.21.7 nodpool version) Tried 0.18.0, 0.23.0 and 0.31.0 image versions
mihawk47
commented
2 years ago I am facing the same issue with EKS. tried master and 0.31.0 image versions. is there a way to successfully run this. I have made changes to falco/template/deployment.yaml and changed the securityContext: privileged: true. but this is all in my cloned repository. when I am trying to deploy form local repo I am getting an error
Error: INSTALLATION FAILED: An error occurred while checking for chart dependencies. You may need to run helm dependency build to fetch missing dependencies: found in Chart.yaml, but missing in charts/ directory: falcosidekick
FYI I am not an expert on helm.
SznDevOps
commented
2 years ago The same problem with eks control plane and nodes versions - v1.22.6-eks. Tryed to reinstall falco with latest version, but it not help.
`$ k logs falco-z47ls -n falco
* Setting up /usr/src links from host
* Running falco-driver-loader for: falco version=0.31.1, driver version=b7eb0dd65226a8dc254d228c8d950d07bf3521d2
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Looking for a falco module locally (kernel 5.4.190-107.353.amzn2.x86_64)
* Trying to download a prebuilt falco module from https://download.falco.org/driver/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/falco_amazonlinux2_5.4.190-107.353.amzn2.x86_64_1.ko
curl: (22) The requested URL returned error: 404
Unable to find a prebuilt falco module
* Trying to dkms install falco module with GCC /usr/bin/gcc
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/make.log (with GCC /usr/bin/gcc)
* Trying to dkms install falco module with GCC /usr/bin/gcc-8
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/make.log (with GCC /usr/bin/gcc-8)
* Trying to dkms install falco module with GCC /usr/bin/gcc-6
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/make.log (with GCC /usr/bin/gcc-6)
* Trying to dkms install falco module with GCC /usr/bin/gcc-5
DIRECTIVE: MAKE="'/tmp/falco-dkms-make'"
* Running dkms build failed, couldn't find /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/make.log (with GCC /usr/bin/gcc-5)
* Trying to load a system falco module, if present
Consider compiling your own falco driver and loading it or getting in touch with the Falco community
Fri May 27 13:27:56 2022: Falco version 0.31.1 (driver version b7eb0dd65226a8dc254d228c8d950d07bf3521d2)
Fri May 27 13:27:56 2022: Falco initialized with configuration file /etc/falco/falco.yaml
Fri May 27 13:27:56 2022: Loading rules from file /etc/falco/falco_rules.yaml:
Fri May 27 13:27:57 2022: Loading rules from file /etc/falco/falco_rules.local.yaml:
Fri May 27 13:27:57 2022: Unable to load the driver.
Fri May 27 13:27:57 2022: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting
kotalakshman
commented
2 years ago run this cmd helm upgrade --install falco falcosecurity/falco --set ebpf.enabled=true --reuse-values
The same problem with eks control plane and nodes versions - v1.22.6-eks. Tryed to reinstall falco with latest version, but it not help.
`$ k logs falco-z47ls -n falco * Setting up /usr/src links from host * Running falco-driver-loader for: falco version=0.31.1, driver version=b7eb0dd65226a8dc254d228c8d950d07bf3521d2 * Running falco-driver-loader with: driver=module, compile=yes, download=yes * Unloading falco module, if present * Looking for a falco module locally (kernel 5.4.190-107.353.amzn2.x86_64) * Trying to download a prebuilt falco module from https://download.falco.org/driver/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/falco_amazonlinux2_5.4.190-107.353.amzn2.x86_64_1.ko curl: (22) The requested URL returned error: 404 Unable to find a prebuilt falco module * Trying to dkms install falco module with GCC /usr/bin/gcc DIRECTIVE: MAKE="'/tmp/falco-dkms-make'" * Running dkms build failed, couldn't find /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/make.log (with GCC /usr/bin/gcc) * Trying to dkms install falco module with GCC /usr/bin/gcc-8 DIRECTIVE: MAKE="'/tmp/falco-dkms-make'" * Running dkms build failed, couldn't find /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/make.log (with GCC /usr/bin/gcc-8) * Trying to dkms install falco module with GCC /usr/bin/gcc-6 DIRECTIVE: MAKE="'/tmp/falco-dkms-make'" * Running dkms build failed, couldn't find /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/make.log (with GCC /usr/bin/gcc-6) * Trying to dkms install falco module with GCC /usr/bin/gcc-5 DIRECTIVE: MAKE="'/tmp/falco-dkms-make'" * Running dkms build failed, couldn't find /var/lib/dkms/falco/b7eb0dd65226a8dc254d228c8d950d07bf3521d2/build/make.log (with GCC /usr/bin/gcc-5) * Trying to load a system falco module, if present Consider compiling your own falco driver and loading it or getting in touch with the Falco community Fri May 27 13:27:56 2022: Falco version 0.31.1 (driver version b7eb0dd65226a8dc254d228c8d950d07bf3521d2) Fri May 27 13:27:56 2022: Falco initialized with configuration file /etc/falco/falco.yaml Fri May 27 13:27:56 2022: Loading rules from file /etc/falco/falco_rules.yaml: Fri May 27 13:27:57 2022: Loading rules from file /etc/falco/falco_rules.local.yaml: Fri May 27 13:27:57 2022: Unable to load the driver. Fri May 27 13:27:57 2022: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting
run this cmd helm upgrade --install falco falcosecurity/falco --set ebpf.enabled=true --reuse-values
Describe the bug
How to reproduce it
helm install falcohelm stable/falco --set ebpf.enabled=true
Expected behaviour
Falco pods should have been running without errors.
Environment EKS cluster
OS: Amazon Linux 2
Installation method: Helm Install