Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Falco helm chart to 1.3.0 #909

Merged
merged 1 commit into from Sep 14, 2020
Merged

Update Falco helm chart to 1.3.0 #909

merged 1 commit into from Sep 14, 2020

Conversation

pmalek-sumo
Copy link
Contributor

Description

Fixes #811
Closes #904

Testing performed

Tested with EKS

  • k8s v1.16
  • AMI ami-016ce7a1ae8ecbc95
  • Sumo Logic chart version 1.2.2 (ee84b78)

Got a successful falco launch:

* Setting up /usr/src links from host
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Trying to dkms install falco module
* Running dkms build failed, couldn't find /var/lib/dkms/falco/ae104eb20ff0198a5dcb0c91cc36c86e7c3f25c7/build/make.log
* Trying to load a system falco driver, if present
* Trying to find locally a prebuilt falco module for kernel 4.14.193-149.317.amzn2.x86_64, if present
* Trying to download prebuilt module from https://dl.bintray.com/falcosecurity/driver/ae104eb20ff0198a5dcb0c91cc36c86e7c3f25c7/falco_amazonlinux2_4.14.193-149.317.amzn2.x86_64_1.ko
* Download succeeded
* Success: falco module loaded
Mon Sep 14 13:00:21 2020: Falco version 0.25.0 (driver version ae104eb20ff0198a5dcb0c91cc36c86e7c3f25c7)
Mon Sep 14 13:00:21 2020: Falco initialized with configuration file /etc/falco/falco.yaml
Mon Sep 14 13:00:21 2020: Loading rules from file /etc/falco/falco_rules.yaml:
Mon Sep 14 13:00:22 2020: Loading rules from file /etc/falco/falco_rules.local.yaml:
Mon Sep 14 13:00:23 2020: Starting internal webserver, listening on port 8765
{"output":"13:00:23.204844000: Notice Privileged container started (user=root command=container:ce4d54ef213c k8s.ns=kube-system k8s.pod=kube-proxy-wjbnk container=ce4d54ef213c image=602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/kube-proxy:v1.16.13-eksbuild.1) k8s.ns=kube-system k8
s.pod=kube-proxy-wjbnk container=ce4d54ef213c","priority":"Notice","rule":"Launch Privileged Container","time":"2020-09-14T13:00:23.204844000Z", "output_fields": {"container.id":"ce4d54ef213c","container.image.repository":"602401143452.dkr.ecr.eu-west-1.amazonaws.com/eks/kube-proxy",
"container.image.tag":"v1.16.13-eksbuild.1","evt.time":1600088423204844000,"k8s.ns.name"
...
...

@pmalek-sumo pmalek-sumo self-assigned this Sep 14, 2020
sumo-drosiek
sumo-drosiek approved these changes Sep 14, 2020
View reviewed changes
Copy link
Contributor

@sumo-drosiek sumo-drosiek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

verified that 1.1.8 Falco doesn't work with same AMI
LGTM

perk
perk approved these changes Sep 14, 2020
View reviewed changes
Copy link
Contributor

@perk perk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@perk-sumo perk-sumo added this to the v1.3 milestone Sep 14, 2020
@pmalek-sumo pmalek-sumo merged commit 248511d into master Sep 14, 2020
@pmalek-sumo pmalek-sumo deleted the update-falco-to-1.3.0 branch September 14, 2020 16:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@perk perk perk approved these changes

@sumo-drosiek sumo-drosiek sumo-drosiek approved these changes

@perk-sumo perk-sumo perk-sumo approved these changes

@frankreno frankreno Awaiting requested review from frankreno

Assignees

@pmalek-sumo pmalek-sumo

Labels
None yet
Projects
None yet
Milestone
v1.3
Development

Successfully merging this pull request may close these issues.

Upgrade Falco to latest version. After AMI update in EKS to 1.17.9-20200723 Falco stuck in CrashLoopBackOff
5 participants
@pmalek-sumo @perk @sumo-drosiek @perk-sumo @pmalek