After AMI update in EKS to 1.17.9-20200723 Falco stuck in CrashLoopBackOff

[ianhundere]

Describe the bug
Falco stuck in CrashLoopBackOff after updating AMI in EKS to 1.17.9-20200723. When you grab logs from a Falco pod you get something similar to what caused an earlier issue similar to this (falcosecurity/charts#9).

* Setting up /usr/src links from host
* Running falco-driver-loader with: driver=module, compile=yes, download=yes
* Unloading falco module, if present
* Trying to dkms install falco module
* Running dkms build failed, couldn't find /var/lib/dkms/falco/85c88952b018fdbce2464222c3303229f5bfcfad/build/make.log
* Trying to load a system falco driver, if present
* Trying to find locally a prebuilt falco module for kernel 4.14.186-146.268.amzn2.x86_64, if present
* Trying to download prebuilt module from https://dl.bintray.com/falcosecurity/driver/85c88952b018fdbce2464222c3303229f5bfcfad/falco_amazonlinux2_4.14.186-146.268.amzn2.x86_64_1.ko
curl: (22) The requested URL returned error: 404 Not Found
Download failed, consider compiling your own falco module and loading it or getting in touch with the Falco community
Thu Jul 30 18:54:22 2020: Falco initialized with configuration file /etc/falco/falco.yaml
Thu Jul 30 18:54:22 2020: Loading rules from file /etc/falco/falco_rules.yaml:
Thu Jul 30 18:54:23 2020: Loading rules from file /etc/falco/falco_rules.local.yaml:
Thu Jul 30 18:54:24 2020: Unable to load the driver. Exiting.
Thu Jul 30 18:54:24 2020: Runtime error: error opening device /host/dev/falco0. Make sure you have root credentials and that the falco module is loaded.. Exiting.

How to reproduce it

1. Update AMI in EKS to 1.17.9-20200723 and install Falco
2. Watch it fail with kubectl get pods

Expected behaviour

Falco should be in Running status, but instead it gets stuck in a CrashLoopBackOff

Environment

• Falco version:
  chart version - 1.1.8
• Cloud provider or hardware configuration:
  EKS cluster (1.17)
• OS:
  Amazon Linux 2
• Installation method:
  Helm Install

[fntlnz]

Thanks for reporting @ianhundere

Closing since this was added on August 11th here https://github.com/falcosecurity/test-infra/blob/master/driverkit/config/85c88952b018fdbce2464222c3303229f5bfcfad/amazonlinux2_4.14.186-146.268.amzn2.x86_64_1.yaml

The driver at: https://dl.bintray.com/falcosecurity/driver/85c88952b018fdbce2464222c3303229f5bfcfad/falco_amazonlinux2_4.14.186-146.268.amzn2.x86_64_1.ko is in fact now available

Feel free to continue the discussion if needed.

/close

[poiana]

@fntlnz: Closing this issue.

In response to this:

Thanks for reporting @ianhundere

Closing since this was added on August 11th here https://github.com/falcosecurity/test-infra/blob/master/driverkit/config/85c88952b018fdbce2464222c3303229f5bfcfad/amazonlinux2_4.14.186-146.268.amzn2.x86_64_1.yaml

The driver at: https://dl.bintray.com/falcosecurity/driver/85c88952b018fdbce2464222c3303229f5bfcfad/falco_amazonlinux2_4.14.186-146.268.amzn2.x86_64_1.ko is in fact now available

Feel free to continue the discussion if needed.

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.