[Missing Driver]: falco_amazonlinux2_5.4.238-148.346.amzn2.x86_64_1.ko #1093
Comments
|
uhm thank you for reporting this, probably the kernel crawler still searching for this kernel @FedeDP |
|
Hi! |
|
The EKS latest AMI release has pinned
|
|
Hi! It seems like we fail to crawl the kernel; i will look into this asap :) |
|
Thank you @FedeDP 🙇 |
|
Mmh my guess is that the |
|
I got this URL from the instance with the specific kernel version |
|
Yes i have seen that running kernel-crawler myself. Is it possible to build with that URL I shared? Thank you in advance! |
|
The quickest fix, since you have the full URL, is to add a new config on test-infra for it by eg: copy/pasting the If you open a PR (please add it for all 3 supported driver versions!) i will be happy to accept it :) |
|
Brilliant, on it.. Thanks @FedeDP |
|
In the meantime, i am trying to figure out what are we missing :) |
|
Wait! i just notice: you are sharing the kernel URL, not the |
|
oh right, checking |
|
You are right, there seems to be none for 346 😞 |
|
So, did they push an updated kernel without pushing updated headers? That would be really weird... |
|
I am checking with AWS directly, yes if that is the case it is truly absurd. |
|
I still don't get where does this kernel version come from; doing a yelds a mirror.list file with as a content. That is what kernel-crawler is discovering too. |
|
We also suffer from this problem. It's happened before, about two years ago I think. I've already asked AWS Support to fix this. Indeed, there are no entries for the newest AMI in their package list. We build the falco module via the driverkit, but it fails as there are no package entries for this new AMI kernel version: Step by step; when you retrieve this: http://amazonlinux.eu-central-1.amazonaws.com/2/extras/kernel-5.4/latest/x86_64/mirror.list ..it returns this URL: http://amazonlinux.eu-central-1.amazonaws.com/2/extras/kernel-5.4/stable/x86_64/437c15a145ce03d3a48b7fd7559df3851f3b58fd9d7a78960f44d029f145bd61 When retrieving this as an sqlite database: ...we get a database that holds no info for the latest AMI version, but several entries for the ones before: % gunzip primary.sqlite.gz ; sqlite3 primary.sqlite My AWS support person has not yet understood this is the problem, or cannot find the people involved for this sqlite database. My guess is not the latter, unfortunately. Cheers, |
|
Yep, our kernel-crawler does exactly the same thing; and indeed it cannot find this specific kernel. |
|
My AWS case is already escalated to the internal ec2 team. Will keep you posted! |
|
Sure thing.
@FedeDP we are using the latest available AWS verified AMI for 1.23
(ami-0559f43d314aa2e7e), and as others have mentioned upgrading K8s to 1.24
will require more planning. At this point I am most likely going to try
downgrading to an earlier AMI since this version was missed due to pipeline
configuration.
…On Wed, Apr 12, 2023 at 3:57 AM Andrea Terzolo ***@***.***> wrote:
uhm thank you for reporting this, probably the kernel crawler still
searching for this kernel @FedeDP <https://github.com/FedeDP>
—
Reply to this email directly, view it on GitHub
<#1093 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AQ3DKIWEKCDMUVPY6FB3EQDXA2DCJANCNFSM6AAAAAAW2YSN7Y>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
We are also facing similar issue with latest AWS EKS AMI for 1.23. We have tried to downgrade the ami and it seems to be working. @renilthomas Thanks for working with the ec2 team. Please share if you hear any updates. |
|
@renilthomas AWS has updated the AMIs and the updated AMI uses kernel version |
|
Release details are here: https://github.com/awslabs/amazon-eks-ami/releases |
|
That is correct, they responded to my issue awslabs/amazon-eks-ami#1266 (comment) |
|
So, this was an issue on the AWS side right? |
|
Hi All, Just wanted to update that we have tested falco versions 2.0.18,2.5.5,3.0.0 and 3.1.3 with k8s version 1.22 to 1.26. And the falco daemonset is working as expected with ebpf probe getting loaded and we are getting threats data as well |
|
I am going to pin this issue since it caused multiple headaches :D |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
|
/close
…On Tue, Jul 25, 2023 at 6:32 AM poiana ***@***.***> wrote:
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually
close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/falcosecurity/community.
/lifecycle stale
—
Reply to this email directly, view it on GitHub
<#1093 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AQ3DKIUV6MJNDUEE7QBVTHLXR7DG7ANCNFSM6AAAAAAW2YSN7Y>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
@tigardis: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
Describe the bug
How to reproduce it
Expected behaviour
Startup succeeds after locating driver
Screenshots
Environment
Below is from our Prod cluster - Falco doesn't start in our test cluster. I have tried deploying falco v3.1.3 but it does not solve the problem.
AWS EKS - Kubernetes v1.23.17 (Helm chart 3.0.0 or 3.1.3)
Additional context
The text was updated successfully, but these errors were encountered: