Open YAYAXZM opened 2 months ago
Hi!
Yes we don't support tencentos
prebuilt drivers. What is super weird here is that falcoctl is not able to fetch the kernel release you are running on. I don't know how is tencentos
built, but we are just calling unix.Uname(&u)
: https://github.com/falcosecurity/falcoctl/blob/main/pkg/driver/kernel/kernel_linux.go#L37C13-L37C27 and it should work just fine.
Can you share an uname -a
from the node?
Hi! Yes we don't support
tencentos
prebuilt drivers. What is super weird here is that falcoctl is not able to fetch the kernel release you are running on. I don't know how istencentos
built, but we are just callingunix.Uname(&u)
: https://github.com/falcosecurity/falcoctl/blob/main/pkg/driver/kernel/kernel_linux.go#L37C13-L37C27 and it should work just fine. Can you share anuname -a
from the node?
Linux VM-129-234-tencentos 5.4.119-19.0009.28 #1 SMP Thu May 18 10:37:10 CST 2023 x86_64 x86_64 x86_64 GNU/Linux
Thanks!
So it seems like FromString
is not correctly parsing the 5.4.119-19.0009.28
(and that is somewhat expected because it does not match our kernelVersionPattern
regex.
I will open a PR against driverkit to update the regex to accept these kind of kernelreleases.
In the meantime, care to try using modern-ebpf
driver? (see https://github.com/falcosecurity/charts/tree/master/charts/falco#deploying-falco-in-kubernetes modern eBPF probe section)
Thanks!
HI, I tried the new method you mentioned, but encountered new problems. My installation environment may be offline and I cannot access the external network. Can I download the index.yaml file and mount it in the directory?
{"level":"ERROR","msg":"unable to fetch index \"falcosecurity\" with URL \"https://falcosecurity.github.io/falcoctl/index.yaml\": unable to fetch index: cannot fetch index: Get \"https://falcosecurity.github.io/falcoctl/index.yaml\": proxyconnect tcp: net/http: TLS handshake timeout","timestamp":"2024-04-23 09:24:37"}
Can I download the index.yaml file and mount it in the directory?
No, that's an internal index used internally by falcoctl. Invoking @alacuku to answer your question (ie: how to run falco chart without involving any external artifact installation)
Can this be solved by setting up a proxy?
ei @YAYAXZM have you tried this?
In the meantime, care to try using modern-ebpf driver? (see https://github.com/falcosecurity/charts/tree/master/charts/falco#deploying-falco-in-kubernetes modern eBPF probe section)
If yes, can you report the error? This probe is bundled inside Falco so if it works you have to download nothing
Describe the bug
When I used helm to deploy in the k8s cluster, I found this error and the falco-driver-loader container kept restarting.
kubectl logs falco-7bgdd -nfalco -c falco-driver-loader