Closed m-muzammil786 closed 28 minutes ago
There is not a label identifying the kind of this issue.
Please specify it either using /kind <group>
or manually from the side menu.
ei! you could try to use the modern_ebpf
driver instead of the kmod
(https://github.com/falcosecurity/charts/blob/91bfff2bf1127c4687f9e4bc4eaab68f77e5b91e/charts/falco/values.yaml#L177)
The getting started guide for minikube was just updated by @alacuku : https://falco.org/docs/install-operate/third-party/learning/ . Would you mind following the instructions there?
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle rotten
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Provide feedback via https://github.com/falcosecurity/community. /close
@poiana: Closing this issue.
When I run falco in aws ubuntu machine using minikube cluster this show error, I am using helm chart, ubuntu@ip-172-31-42-24:~$ uname -r 6.5.0-1016-aws ubuntu@ip-172-31-42-24:~$ ubuntu@ip-172-31-42-24:~$ helm repo list NAME URL falcosecurity https://falcosecurity.github.io/charts ubuntu@ip-172-31-42-24:~$ helm install falco falcosecurity/falco NAME: falco LAST DEPLOYED: Fri Apr 5 11:31:13 2024 NAMESPACE: default STATUS: deployed REVISION: 1 TEST SUITE: None NOTES: Falco agents are spinning up on each node in your cluster. After a few seconds, they are going to start monitoring your containers looking for security issues.
No further action should be required.
Tip: You can easily forward Falco events to Slack, Kafka, AWS Lambda and more with falcosidekick. Full list of outputs: https://github.com/falcosecurity/charts/tree/master/charts/falcosidekick. You can enable its deployment with
Host Port:
State: Terminated
Reason: Completed
Exit Code: 0
Started: Fri, 05 Apr 2024 11:31:40 +0000
Finished: Fri, 05 Apr 2024 11:31:41 +0000
Ready: True
Restart Count: 0
Environment:
Mounts:
/host/boot from boot-fs (ro)
/host/etc from etc-fs (ro)
/host/lib/modules from lib-modules (rw)
/host/proc from proc-fs (ro)
/host/usr from usr-fs (ro)
/root/.falco from root-falco-fs (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-swsf8 (ro)
falcoctl-artifact-install:
Container ID: docker://98d61f4eaa4f6e8a9b838398436fbaca80f4032ed466bda301f19de5b404224c
Image: docker.io/falcosecurity/falcoctl:0.7.2
Image ID: docker-pullable://falcosecurity/falcoctl@sha256:6b4f448f82fc7e12d4ce27213cbcc8eaa47bef28f78817b77d027ef12801c984
Port:
Host Port:
Args:
artifact
install
--log-format=json
State: Terminated
Reason: Completed
Exit Code: 0
Started: Fri, 05 Apr 2024 11:31:44 +0000
Finished: Fri, 05 Apr 2024 11:31:45 +0000
Ready: True
Restart Count: 0
Environment:
Mounts:
/etc/falcoctl from falcoctl-config-volume (rw)
/plugins from plugins-install-dir (rw)
/rulesfiles from rulesfiles-install-dir (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-swsf8 (ro)
Containers:
falco:
Container ID: docker://e06ae29aa93e0fe5366657d8a43175c358a9bb08a1493b1ade8d8b8e6ee9b17c
Image: docker.io/falcosecurity/falco-no-driver:0.37.1
Image ID: docker-pullable://falcosecurity/falco-no-driver@sha256:391c4bfd42331d1f1909d19827dcf4aa7ba7bb7984066aefc1c14cc4f04c0775
Port:
Host Port:
Args:
/usr/bin/falco
--cri
/run/containerd/containerd.sock
--cri
/run/crio/crio.sock
-pk
State: Waiting
Reason: CrashLoopBackOff
Last State: Terminated
Reason: Error
Exit Code: 1
Started: Fri, 05 Apr 2024 11:32:14 +0000
Finished: Fri, 05 Apr 2024 11:32:14 +0000
Ready: False
Restart Count: 2
Limits:
cpu: 1
memory: 1Gi
Requests:
cpu: 100m
memory: 512Mi
Liveness: http-get http://:8765/healthz delay=60s timeout=5s period=15s #success=1 #failure=3
Readiness: http-get http://:8765/healthz delay=30s timeout=5s period=15s #success=1 #failure=3
Environment:
FALCO_K8S_NODE_NAME: (v1:spec.nodeName)
Mounts:
/etc/falco from rulesfiles-install-dir (rw)
/etc/falco/falco.yaml from falco-yaml (rw,path="falco.yaml")
/host/dev from dev-fs (ro)
/host/etc from etc-fs (ro)
/host/proc from proc-fs (rw)
/host/run/containerd/containerd.sock from containerd-socket (rw)
/host/run/crio/crio.sock from crio-socket (rw)
/host/var/run/docker.sock from docker-socket (rw)
/root/.falco from root-falco-fs (rw)
/sys/module/falco from sys-fs (rw)
/usr/share/falco/plugins from plugins-install-dir (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-swsf8 (ro)
falcoctl-artifact-follow:
Container ID: docker://0b6d180db2b18b67b5fc8cd0621af776ff8d82c11c66e24980d97e88071f8eed
Image: docker.io/falcosecurity/falcoctl:0.7.2
Image ID: docker-pullable://falcosecurity/falcoctl@sha256:6b4f448f82fc7e12d4ce27213cbcc8eaa47bef28f78817b77d027ef12801c984
Port:
Host Port:
Args:
artifact
follow
--log-format=json
State: Running
Started: Fri, 05 Apr 2024 11:31:53 +0000
Ready: True
Restart Count: 0
Environment:
Mounts:
/etc/falcoctl from falcoctl-config-volume (rw)
/plugins from plugins-install-dir (rw)
/rulesfiles from rulesfiles-install-dir (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-swsf8 (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
plugins-install-dir:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit:
rulesfiles-install-dir:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit:
root-falco-fs:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit:
boot-fs:
Type: HostPath (bare host directory volume)
Path: /boot
HostPathType:
lib-modules:
Type: HostPath (bare host directory volume)
Path: /lib/modules
HostPathType:
usr-fs:
Type: HostPath (bare host directory volume)
Path: /usr
HostPathType:
etc-fs:
Type: HostPath (bare host directory volume)
Path: /etc
HostPathType:
dev-fs:
Type: HostPath (bare host directory volume)
Path: /dev
HostPathType:
sys-fs:
Type: HostPath (bare host directory volume)
Path: /sys/module/falco
HostPathType:
docker-socket:
Type: HostPath (bare host directory volume)
Path: /var/run/docker.sock
HostPathType:
containerd-socket:
Type: HostPath (bare host directory volume)
Path: /run/containerd/containerd.sock
HostPathType:
crio-socket:
Type: HostPath (bare host directory volume)
Path: /run/crio/crio.sock
HostPathType:
proc-fs:
Type: HostPath (bare host directory volume)
Path: /proc
HostPathType:
falcoctl-config-volume:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: falco-falcoctl
Optional: false
falco-yaml:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: falco
Optional: false
kube-api-access-swsf8:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional:
DownwardAPI: true
QoS Class: Burstable
Node-Selectors:
Tolerations: node-role.kubernetes.io/control-plane:NoSchedule
node-role.kubernetes.io/master:NoSchedule
node.kubernetes.io/disk-pressure:NoSchedule op=Exists
node.kubernetes.io/memory-pressure:NoSchedule op=Exists
node.kubernetes.io/not-ready:NoExecute op=Exists
node.kubernetes.io/pid-pressure:NoSchedule op=Exists
node.kubernetes.io/unreachable:NoExecute op=Exists
node.kubernetes.io/unschedulable:NoSchedule op=Exists
Events:
Type Reason Age From Message
--set falcosidekick.enabled=true
or in your values.yaml. See: https://github.com/falcosecurity/charts/blob/master/charts/falcosidekick/values.yaml for configuration values. ubuntu@ip-172-31-42-24:~$ kubectl get pods -w NAME READY STATUS RESTARTS AGE falco-s6wg8 0/2 Init:0/2 0 15s falco-s6wg8 0/2 Init:0/2 0 28s falco-s6wg8 0/2 Init:1/2 0 29s falco-s6wg8 0/2 Init:1/2 0 32s falco-s6wg8 0/2 PodInitializing 0 33s falco-s6wg8 1/2 Error 0 40s falco-s6wg8 1/2 Error 1 (1s ago) 41s falco-s6wg8 1/2 CrashLoopBackOff 1 (1s ago) 42s falco-s6wg8 1/2 Error 2 (20s ago) 61s ^Cubuntu@ip-172-31-42-24:~$ kd falco-s6wg8 error: the server doesn't have a resource type "falco-s6wg8" ubuntu@ip-172-31-42-24:~$ kd pods falco-s6wg8 Name: falco-s6wg8 Namespace: default Priority: 0 Service Account: default Node: minikube/192.168.49.2 Start Time: Fri, 05 Apr 2024 11:31:13 +0000 Labels: app.kubernetes.io/instance=falco app.kubernetes.io/name=falco controller-revision-hash=9fd8499fd pod-template-generation=1 Annotations: checksum/certs: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 checksum/config: c7580c3802ee5537b2aa31e3e4dde1d9afecb4ea70f9c86c3952a7d44cd59cf0 checksum/rules: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Status: Running IP: 10.244.0.6 IPs: IP: 10.244.0.6 Controlled By: DaemonSet/falco Init Containers: falco-driver-loader: Container ID: docker://a7c23f98b4a05428e2267819b6141738198ffffcc44a0464b90943935243b8c1 Image: docker.io/falcosecurity/falco-driver-loader:0.37.1 Image ID: docker-pullable://falcosecurity/falco-driver-loader@sha256:e1389978dbee6c55c4f712f9f43d875e761578cb828965f33402c4fe14351df1 Port:Normal Scheduled 88s default-scheduler Successfully assigned default/falco-s6wg8 to minikube Normal Pulling 87s kubelet Pulling image "docker.io/falcosecurity/falco-driver-loader:0.37.1" Normal Pulled 61s kubelet Successfully pulled image "docker.io/falcosecurity/falco-driver-loader:0.37.1" in 25.822s (25.822s including waiting) Normal Created 61s kubelet Created container falco-driver-loader Normal Started 61s kubelet Started container falco-driver-loader Normal Pulling 59s kubelet Pulling image "docker.io/falcosecurity/falcoctl:0.7.2" Normal Started 57s kubelet Started container falcoctl-artifact-install Normal Created 57s kubelet Created container falcoctl-artifact-install Normal Pulled 57s kubelet Successfully pulled image "docker.io/falcosecurity/falcoctl:0.7.2" in 2.082s (2.082s including waiting) Normal Pulling 55s kubelet Pulling image "docker.io/falcosecurity/falco-no-driver:0.37.1" Normal Pulled 49s kubelet Successfully pulled image "docker.io/falcosecurity/falco-no-driver:0.37.1" in 5.647s (5.647s including waiting) Normal Pulled 49s kubelet Container image "docker.io/falcosecurity/falcoctl:0.7.2" already present on machine Normal Created 49s kubelet Created container falcoctl-artifact-follow Normal Started 48s kubelet Started container falcoctl-artifact-follow Normal Created 27s (x3 over 49s) kubelet Created container falco Normal Started 27s (x3 over 49s) kubelet Started container falco Normal Pulled 27s (x2 over 48s) kubelet Container image "docker.io/falcosecurity/falco-no-driver:0.37.1" already present on machine Warning BackOff 27s (x4 over 47s) kubelet Back-off restarting failed container falco in pod falco-s6wg8_default(4ca8a433-3707-49f4-b998-3fd6ed65c87c) ubuntu@ip-172-31-42-24:~$ kl falco-s6wg8 Defaulted container "falco" out of: falco, falcoctl-artifact-follow, falco-driver-loader (init), falcoctl-artifact-install (init) Fri Apr 5 11:32:43 2024: Falco version: 0.37.1 (x86_64) Fri Apr 5 11:32:43 2024: Falco initialized with configuration file: /etc/falco/falco.yaml Fri Apr 5 11:32:43 2024: System info: Linux version 6.5.0-1016-aws (buildd@lcy02-amd64-078) (x86_64-linux-gnu-gcc-11 (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0, GNU ld (GNU Binutils for Ubuntu) 2.38) #16~22.04.1-Ubuntu SMP Wed Mar 13 18:54:49 UTC 2024 Fri Apr 5 11:32:43 2024: Loading rules from file /etc/falco/falco_rules.yaml Fri Apr 5 11:32:43 2024: The chosen syscall buffer dimension is: 8388608 bytes (8 MBs) Fri Apr 5 11:32:43 2024: Starting health webserver with threadiness 2, listening on 0.0.0.0:8765 Fri Apr 5 11:32:43 2024: Loaded event sources: syscall Fri Apr 5 11:32:43 2024: Enabled event sources: syscall Fri Apr 5 11:32:43 2024: Opening 'syscall' source with Kernel module Fri Apr 5 11:32:43 2024: Trying to inject the Kernel module and opening the capture again... Fri Apr 5 11:32:43 2024: Unable to load the driver Fri Apr 5 11:32:43 2024: An error occurred in an event source, forcing termination... Events detected: 0 Rule counts by severity: Triggered rules by rule name: Error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded: No such file or directory ubuntu@ip-172-31-42-24:~$
plz tell me how to solve this error?