New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Does Falco support running via K3S on CM4? Pods error out. #3027
Comments
ei @MikeCockrem have you tried the The command is the same you posted but you need to replace helm upgrade falco -n falco --set tty=true falcosecurity/falco --set falcosidekick.enabled=true --set falcosidekick.config.slack.minimumpriority=notice --set falcosidekick.config.slack.webhookurl=$(base64 --decode <<< "webhook-goes-here") --set falcosidekick.config.customfields="user:redacted" --set driver.kind=modern-bpf |
Thanks, I've tried that out, however I get the following error:
I would guess that means support for modern-bpf is not compiled into the kernel for pi? |
uhm got it, yes the modern bpf is not supported since your kernel misses some key features needed to run it. Not sure what is causing your issue, @FedeDP any idea? |
Note that it complains about the |
Thanks for the pointer, I messed around trying to install the kernel sources and have now come up against this error:
I'll try and have another look at it tomorrow. |
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
Stale issues rot after 30d of inactivity. Mark the issue as fresh with Rotten issues close after an additional 30d of inactivity. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle rotten |
Falco installed from Helm fails to come to the ready state on K3S running on Raspberry Pi 4 (CM4)
It seems the ebfp module can't be built, I'm hoping someone can advise me on a way forward - from the logs it seems perhaps it may not be able to find the raspbian specific kernel headers?
Following the guide here I ran:
helm upgrade falco -n falco --set tty=true falcosecurity/falco --set falcosidekick.enabled=true --set falcosidekick.config.slack.minimumpriority=notice --set falcosidekick.config.slack.webhookurl=$(base64 --decode <<< "webhook-goes-here") --set falcosidekick.config.customfields="user:redacted" --set driver.kind=ebpf
After some time this is the output:
log files are thus:
Expected behaviour
Pods to come to the running state
Screenshots
Environment
0.36.2
Raspbian GNU/Linux 11 (bullseye)"
Linux 6.1.32-v8+ Falco pods crashing with "free(): corrupted unsorted chunks" #1656 SMP PREEMPT Wed Jun 7 11:37:17 BST 2023 aarch64 GNU/Linux
Helm, chart version: falco-3.8.7
Additional context
I've tried adding the kernel headers and build environment.
The folder the error complains about does exist:
Very cool project I'd like to start learning so I'd appreciate any pointers.
Cheers.
The text was updated successfully, but these errors were encountered: