Duplicate mount point

[fjudith]

Describe the bug

Since v1.2.x, Falco pods are Crashlooping due to duplicate mountpoint error related to /var/run/falco

kubectl -n falco -l app=falco describe pods

Events:
  Type     Reason     Age                      From               Message
  ----     ------     ----                     ----               -------
  Normal   Scheduled  <unknown>                default-scheduler  Successfully assigned falco/falco-zwbxh to master02
  Normal   Pulling    71s                      kubelet, master02  Pulling image "busybox"
  Normal   Pulled     69s                      kubelet, master02  Successfully pulled image "busybox"
  Normal   Created    69s                      kubelet, master02  Created container init-pipe
  Normal   Started    69s                      kubelet, master02  Started container init-pipe
  Normal   Pulling    68s                      kubelet, master02  Pulling image "sysdig/falco-nats:latest"
  Normal   Pulled     67s                      kubelet, master02  Successfully pulled image "sysdig/falco-nats:latest"
  Normal   Created    67s                      kubelet, master02  Created container falco-nats
  Normal   Started    66s                      kubelet, master02  Started container falco-nats
  Warning  Failed     2s (x8 over 68s)         kubelet, master02  Error: Error response from daemon: Duplicate mount point: /var/run/falco
  Normal   Pulled     <invalid> (x9 over 68s)  kubelet, master02  Container image "docker.io/falcosecurity/falco:0.24.0" already present on machine

How to reproduce it

Run the following command to install Falco with grpc enabled:

helm repo add falcosecurity https://falcosecurity.github.io/charts
helm repo update
helm install --namespace falco falco --set falco.grpc.enabled=true falcosecurity/falco

Expected behaviour

v1.1.10 is working fine.
shared-pipe and grpc-socket-dir are both pointing to the /var/run/falco directory.

spec:
  volumes:
    - name: shared-pipe
      emptyDir: {}
    - name: grpc-socket-dir
      hostPath:
        path: /var/run/falco
        type: ''
...
  containers:
      volumeMounts:
        - name: shared-pipe
          mountPath: /var/run/falco/
        - name: grpc-socket-dir
          mountPath: /var/run/falco

Environment

Kubernetes v1.18.4

• Falco version:
  v0.24.0
• System info:

• Cloud provider or hardware configuration: Hetzner Cloud
• OS: Ubuntu 20.04 Focal Fossa

• Kernel: Linux edge01 5.4.0-28-generic Skipping any CircleCI activity on gh-pages #32-Ubuntu SMP Wed Apr 22 17:40:10 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

• Installation method: Kubernetes

[leogr]

/assign

[fjudith]

I found a temporary workaround by disabling the Unix socket and switching back to the old TLS connection.

Notice that i'm enabling GRPC in order to use the falco-exporter.

falco values.yaml

falco:
  grpc:
  enabled: true
  threadiness: 0

  # gRPC unix socket with no authentication
  unixSocketPath: ""
  # unixSocketPath: "unix:///var/run/falco/falco.sock"

falco-exporter values.yaml

falco:
  # grpcUnixSocketPath: "unix:///var/run/falco/falco.sock"
  grpcUnixSocketPath: ""
  grpcHostname: "falco-grpc.falco.svc.cluster.local"
  grpcPort: 5060

[leogr]

Hey @fjudith

Thank you for reporting this problem.

I will work on this shortly.

[leogr]

Hey @fjudith

Could you try my PR #55 please?

It should fix this problem, let me know!

Thanks in advance