Closed ronniee007 closed 1 year ago
Hi! Thanks for opening this issue!
Tried the driverkit repo build as well but still failing with below error:
Yep, driverkit does not support cos
target.
But falco-driver-loader
does not use driverkit; it just builds our bpf probe using clang
.
It seems like it is dying somewhere between:
I suspect the curl
to be failing: https://github.com/falcosecurity/falco/blob/master/scripts/falco-driver-loader#L515.
But i am able to fully download the kernel headers from the printed log (https://storage.googleapis.com/cos-tools/16623.227.33/kernel-headers.tgz), therefore i don't quite get why it is failing.
Perhaps mkdir /tmp/kernel
is failing instead? https://github.com/falcosecurity/falco/blob/master/scripts/falco-driver-loader#L512
Btw we might try to add cos
support in both https://github.com/falcosecurity/kernel-crawler and https://github.com/falcosecurity/driverkit, to start shipping prebuilt drivers for it!
Thanks @FedeDP at this point is there any reference how I can create my own builds without the helper tools sysdig has today?
Mmmh is /tmp
folder writable?
Basically, the issue is somewhere here:
echo "* Downloading ${BPF_KERNEL_SOURCES_URL}"
mkdir -p /tmp/kernel
cd /tmp/kernel || exit
cd "$(mktemp -d -p /tmp/kernel)" || exit
if ! curl -L -o kernel-sources.tgz --create-dirs "${FALCO_DRIVER_CURL_OPTIONS}" "${BPF_KERNEL_SOURCES_URL}"; then
>&2 echo "Unable to download the kernel sources"
return
fi
echo "* Extracting kernel sources"
Since i was able to download the sources (https://storage.googleapis.com/cos-tools/16623.227.33/kernel-headers.tgz) with curl, i think that is not an issue, but you can easily check that out manually by issuing https://storage.googleapis.com/cos-tools/16623.227.33/kernel-headers.tgz
from a node.
Thanks @FedeDP at this point is there any reference how I can create my own builds without the helper tools sysdig has today?
To create your own build you should build the driver on a node (ie: clone libs repo, checkout 3.0.0+driver
tag, and follow https://github.com/falcosecurity/libs#build-ebpf-probe); note that you still need kernel-headers to be installed.
cc @alacuku
No progress yet the COS restrictions are pretty daunting. Just curious whether the missing file from upstream was fixed?
Hi @ronniee007, i tried to reproduce your issue by deploying a GKE cluster using the same OS version COS 97 LTS
. The kernel version is 5.10.147+
and I'm not having issues.
In my test I used v1.22.16-gke.1300
with image-type=cos_containerd
that uses OS version COS 97 LTS
with kernel version 5.10.147+
.
As far as I know there is no way to use a specific image version in the node pools for a GKE cluster so I'm not able to use your same kernel version. Could you provide the k8s version?
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
Hey @ronniee007
Is this still an issue?
It is for us unfortunately, using the current falco and charts
Hi @eljefedelrodeodeljefe, could you share the falco-driver-loader
init container's logs?
@leogr I can actually close it unless @eljefedelrodeodeljefe wants it to still keep it open.
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Provide feedback via https://github.com/falcosecurity/community. /close
@poiana: Closing this issue.
@hendraput: You can't reopen an issue/PR unless you authored it or you are a collaborator.
Describe the bug
Helm chart installation fails for container optimized OS for GKE kernel 5.10.133+
How to reproduce it
Pod deployment is still unstable after doing a shell to one of the pods below is the error I am seeing. After hitting the driver url https://download.falco.org/driver/3.0.1%2Bdriver/x86_64/falco_cos_5.10.133%2B_1.o I see the file is missing.
Screenshots
Environment
falco version=0.33.0, driver version=3.0.1+driver, arch=x86_64, kernel release=5.10.133+, kernel version=1
Additional context
Tried the driverkit repo build as well but still failing with below error: