我目前正在试验 Falco(容器的运行时监控解决方案)。我在 Mac(Catalina v10.15.3)上本地工作,安装了 Helm(v3.1.2),Docker(版本 2.2.0.5(43884))和 K8s 运行(v1.15.5)。
我尝试按照他们的安装页面中的建议使用 helm 部署 Falco ,但我最终陷入了 pod 的崩溃循环。这是我得到的日志:
$ kubectl logs falco-xxxxx
* Setting up /usr/src links from host
ln: failed to create symbolic link '/usr/src//host/usr/src/*': No such file or directory
* Unloading falco-probe, if present
* Running dkms install for falco
Error! echo
Your kernel headers for kernel 4.19.76-linuxkit cannot be found at
/lib/modules/4.19.76-linuxkit/build or /lib/modules/4.19.76-linuxkit/source.
* Running dkms build failed, couldn't find /var/lib/dkms/falco/0.20.0+d77080a/build/make.log
* Trying to load a system falco-probe, if present
* Trying to find precompiled falco-probe for 4.19.76-linuxkit
Found kernel config at /proc/config.gz
* Trying to download precompiled module from https://s3.amazonaws.com/download.draios.com/stable/sysdig-probe-binaries/falco-probe-0.20.0%2Bd77080a-x86_64-4.19.76-linuxkit-f9de4c19ddd4080798f0e14972190e35.ko
curl: (22) The requested URL returned error: 404 Not Found
Download failed, consider compiling your own falco-probe and loading it or getting in touch with the Falco community
Thu Apr 2 15:39:47 2020: Falco initialized with configuration file /etc/falco/falco.yaml
Thu Apr 2 15:39:47 2020: Loading rules from file /etc/falco/falco_rules.yaml:
Thu Apr 2 15:39:48 2020: Loading rules from file /etc/falco/falco_rules.local.yaml:
Thu Apr 2 15:39:49 2020: Unable to load the driver. Exiting.
Thu Apr 2 15:39:49 2020: Runtime error: error opening device /dev/falco0. Make sure you have root credentials and that the falco-probe module is loaded.. Exiting.
我环顾四周并没有找到任何线索,所以我冒昧地直接在这里询问,然后再尝试自己编译探针。
你知道如何解决这个问题吗?