Description
Describe the bug
Followed the prometheus support section in the docs to enable the /metrics endpoint. A soon as you make a request to this endpoint the falco process crashes without any indication on stdout/stderr what went wrong.
How to reproduce it
engine:
kind: nodriver
metrics:
enabled: true
interval: 1h (also tried with 1m and waiting ~ 5 mins before /metrics request)
output_rule: true
rules_counters_enabled: false (tried with only this one enabled)
resource_utilization_enabled: false (tried with only this one enabled)
state_counters_enabled: false
kernel_event_counters_enabled: false
libbpf_stats_enabled: false
convert_memory_to_mb: true
include_empty_values: false
webserver:
enabled: true
k8s_healthz_endpoint: /healthz
listen_port: 8765
prometheus_metrics_enabled: true
Enabled debug logging as well:
libs_logger:
enabled: true
severity: debug
log_level: debug
This doesn't give any output when requesting the /metrics endpoint. So, it is not helping narrowing down what it happening just before it crashes.
This is what happens with a port forward to the falco pod:
% curl localhost:8765/healthz
{"status": "ok"}
% curl localhost:8765/metrics
curl: (52) Empty reply from server
After the /metrics request has been done, Kubernetes shows pod termination:
lastState:
terminated:
exitCode: 139
reason: Error
Expected behaviour
Expected to see some metrics, or at least not to crash the entire falco process.
Screenshots
Environment
- Falco version: 0.38.0 (x86_64)
- System info:
- Cloud provider or hardware configuration:
- OS:
- Kernel:
- Installation method: Kubernetes (docker.io/falcosecurity/falco-no-driver image)
Additional context
This is a dedicated github plugin instance of falco (running as a k8s pod), i.e. not using syscall at all (--disable-source syscall).
2024-05-31T09:43:33+0000: Loaded event sources: syscall, github
2024-05-31T09:43:33+0000: Enabled event sources: github
2024-05-31T09:43:33+0000: Opening event source 'github'
No clue if this has anything to do with the crash though.
Activity