-
Notifications
You must be signed in to change notification settings - Fork 223
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Indicate the modern ebpf probe as the preferred deployment method for Falco #1229
Comments
+1 Taking it one step further, make I think by now for the most part folks getting started with Falco are likely to try Falco on newer kernels. Folks who still need to support older kernels are probably more familiar with kernel dev etc and should be able to understand a clear error message stating that you need to use either the ebpf or kmod driver. More thoughts? We can move this to a dedicated discussion. |
Also @Andreagit97 in fact we need more dedicated "debugging" guides:
How would you all like such an outline? |
it makes sense to me! it would be great to have some stats on how many users are using the modern ebpf probe today, just to have an idea of the possible impact, but I'm not sure how to obtain this information, maybe we can try with a poll on the Falco channel...WDYT?
I Like it very much!! Fully on board! |
Awesome, yes a poll in the channel would be great! Perhaps at first we can keep Another possibility could be to fallback to |
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
/remove-lifecycle stale |
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
The first point should be in place! /remove-lifecycle stale |
wohoo given it is a tremendous overhead for all maintainers. |
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
/remove-lifecycle stale |
/area documentation
What would you like to be added:
I'm noticing that the modern ebpf probe is still not widely known among users. There are cases in which using the modern probe could solve issues without any burden, but it seems users are not aware of its existence (e.g. #1135 (comment)). So I propose to put the modern ebpf engine as the preferred installation method all around the documentation so:
helm chart
,docker
,deb/rmp
,tag.gz
.Always in this direction, it could be useful to have a step-by-step tutorial on how to react to a Falco failure and change the running driver setting the
modern bpf
. This could be a simple example:This sort of tutorial could help in cases like this: falcosecurity/falco#2982
More in general having a dedicated page in the doc where we explain what to do when users face certain errors would be amazing, for example it could avoid issues like this: falcosecurity/falco#2989
TL:DR;
The text was updated successfully, but these errors were encountered: