falco does not boot with fedora 41 as the node image
cluster creation with register as failed in the current setup; upgrading to latest should (and seems to) resolve
upstream issue: https://github.com/falcosecurity/falco/issues/3323
logs:
$ k get po -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-7d9db4ccfd-58xcg 1/1 Running 0 102s
kube-system calico-node-7hkdx 1/1 Running 0 101s
kube-system cern-magnum-ceph-csi-cephfs-nodeplugin-xgcb6 2/2 Running 0 100s
kube-system cern-magnum-ceph-csi-cephfs-provisioner-7cf69447d8-hj6kl 4/4 Running 0 100s
kube-system cern-magnum-containerd-setup-default-9gnnm 1/1 Running 0 104s
kube-system cern-magnum-coredns-5cc98db774-8bnv8 1/1 Running 0 100s
kube-system cern-magnum-coredns-autoscaler-6589977b54-h6zp8 0/1 Pending 0 100s
kube-system cern-magnum-cvmfs-csi-controllerplugin-844b6c4b8c-wbx4w 2/2 Running 0 100s
kube-system cern-magnum-cvmfs-csi-nodeplugin-t552f 5/5 Running 0 100s
kube-system cern-magnum-eosxd-csi-controllerplugin-75ccb49d7f-p8rgp 0/2 Pending 0 100s
kube-system cern-magnum-falco-krv4w 0/1 CrashLoopBackOff 1 (7s ago) 94s
kube-system cern-magnum-kubernetes-dashboard-7689849db9-x9zkt 0/2 Pending 0 100s
kube-system cern-magnum-metrics-server-854965bdb8-q2n7g 0/1 Pending 0 99s
kube-system cern-magnum-node-feature-discovery-gc-69b7558bc-xl6v9 0/1 Pending 0 100s
kube-system cern-magnum-node-feature-discovery-master-6c58787d9-fs7rz 1/1 Running 0 100s
kube-system cern-magnum-node-problem-detector-5kx4n 1/1 Running 0 100s
kube-system cern-magnum-openstack-manila-csi-controllerplugin-0 4/4 Running 0 100s
kube-system cern-magnum-openstack-manila-csi-nodeplugin-mrvqc 2/2 Running 0 100s
kube-system cern-magnum-snapshot-controller-79dd654444-spv9f 0/1 Pending 0 100s
kube-system openstack-cloud-controller-manager-f8h6m 1/1 Running 0 103s
magnum-tiller install-cern-magnum-job-qncqg 1/1 Running 0 2m14s
magnum-tiller tiller-deploy-f67d99cf7-4fd7d 1/1 Running 0 2m17s
[jmunday@lxplus928 ~] (Kubernetes Developers:magnum_t) $ k logs -n kube-system cern-magnum-falco-krv4w
Defaulted container "falco" out of: falco, create-rules-dir (init), falcoctl-artifact-install (init)
Mon Feb 24 09:33:55 2025: Falco version: 0.37.1 (x86_64)
Mon Feb 24 09:33:55 2025: Falco initialized with configuration file: /etc/falco/falco.yaml
Mon Feb 24 09:33:55 2025: System info: Linux version 6.12.9-200.fc41.x86_64 (mockbuild@ff27ee54c23b4f1ab915082a1b1c8b7e) (gcc (GCC) 14.2.1 20240912 (Red Hat 14.2.1-3), GNU ld version 2.43.1-5.fc41) #1 SMP PREEMPT_DYNAMIC Thu Jan 9 16:05:40 UTC 2025
Mon Feb 24 09:33:55 2025: Loading plugin 'k8saudit' from file /usr/share/falco/plugins/libk8saudit.so
Mon Feb 24 09:33:55 2025: Loading plugin 'json' from file /usr/share/falco/plugins/libjson.so
Mon Feb 24 09:33:55 2025: Loading rules from file /etc/falco/falco_rules.yaml
Mon Feb 24 09:33:55 2025: Hostname value has been overridden via environment variable to: k8s-132-6jxylnd4thjl-master-0
Mon Feb 24 09:33:55 2025: The chosen syscall buffer dimension is: 8388608 bytes (8 MBs)
Mon Feb 24 09:33:55 2025: Starting health webserver with threadiness 2, listening on 0.0.0.0:8765
Mon Feb 24 09:33:55 2025: Loaded event sources: syscall, k8s_audit
Mon Feb 24 09:33:55 2025: Enabled event sources: k8s_audit, syscall
Mon Feb 24 09:33:55 2025: Opening 'k8s_audit' source with plugin 'k8saudit'
Mon Feb 24 09:33:55 2025: Opening 'syscall' source with modern BPF probe.
Mon Feb 24 09:33:55 2025: One ring buffer every '2' CPUs.
Mon Feb 24 09:33:56 2025: An error occurred in an event source, forcing termination...
Events detected: 0
Rule counts by severity:
Triggered rules by rule name:
Error: Initialization issues during scap_init