falco: Crashloopback on falco containers using using-falcosecuritydriver-loader-image

Describe the bug

The container falco fails to start without any clear message on the logs when I use falcosecuritydriver-loader-image

How to reproduce it

I deployed falco chart version 1.7.7 without ebpf using this documentation link

Expected behaviour

I expected to be up and running.

Screenshots

+ kubectl logs -f falco-6hbcr
Fri Mar  5 12:17:59 2021: Falco version 0.27.0 (driver version 5c0b863ddade7a45568c0ac97d037422c9efb750)
Fri Mar  5 12:17:59 2021: Falco initialized with configuration file /etc/falco/falco.yaml
Fri Mar  5 12:17:59 2021: Loading rules from file /etc/falco/falco_rules.yaml:
Fri Mar  5 12:18:00 2021: Loading rules from file /etc/falco/falco_rules.local.yaml:
Fri Mar  5 12:18:01 2021: Loading rules from file /etc/falco/k8s_audit_rules.yaml:
Fri Mar  5 12:18:02 2021: Starting internal webserver, listening on port 8765
{"output":"12:18:02.604161000: Notice Privileged container started (user=<NA> user_loginuid=0 command=container:30c0f74777de k8s.ns=kube-system k8s.pod=kube-proxy-hjc95 container=30c0f74777de image=602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/kube-proxy:v1.18.8-eksbuild.1) k8s.ns=kube-system k8s.pod=kube-proxy-hjc95 container=30c0f74777de k8s.ns=kube-system k8s.pod=kube-proxy-hjc95 container=30c0f74777de","priority":"Notice","rule":"Launch Privileged Container","time":"2021-03-05T12:18:02.604161000Z", "output_fields": {"container.id":"30c0f74777de","container.image.repository":"602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/kube-proxy","container.image.tag":"v1.18.8-eksbuild.1","evt.time":1614946682604161000,"k8s.ns.name":"kube-system","k8s.pod.name":"kube-proxy-hjc95","proc.cmdline":"container:30c0f74777de","user.loginuid":0,"user.name":null}}

Environment

  • Falco version: Falco version: 0.27.0 Driver version: 5c0b863ddade7a45568c0ac97d037422c9efb750

  • System info: { “machine”: “x86_64”, “nodename”: “ip-192-168-3-163.eu-west-1.compute.internal”, “release”: “4.14.219-161.340.amzn2.x86_64”, “sysname”: “Linux”, “version”: “#1 SMP Thu Feb 4 05:54:19 UTC 2021” }

  • Cloud provider or hardware configuration:

  • OS: cat /etc/os-release NAME=“Amazon Linux” VERSION=“2” ID=“amzn” ID_LIKE=“centos rhel fedora” VERSION_ID=“2” PRETTY_NAME=“Amazon Linux 2” ANSI_COLOR=“0;33” CPE_NAME=“cpe:2.3⭕amazon:amazon_linux:2” HOME_URL=“https://amazonlinux.com/

  • Kernel: Linux ip-192-168-3-163.eu-west-1.compute.internal 4.14.219-161.340.amzn2.x86_64 #1 SMP Thu Feb 4 05:54:19 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux- Installation method:

I deployed the falco chart version 1.7.7

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Reactions: 1
  • Comments: 18 (4 by maintainers)

Most upvoted comments

Same issue.

+1
nicksdockeracct on Mar 11, 2022
Read more comments on GitHub
← falco: Crash with Invalid JSON error while parsing container info
falco: Debian pre-built modules failing →