-
Notifications
You must be signed in to change notification settings - Fork 912
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scraping prometheus metrics endpoint crashes falco process #3229
Comments
I confirm the situation:
Each call to the /metrics endpoint crashes the falco container in the pod. |
Have you tried with a plugin and a driver? 🤔 I want to restrict the possible root cause to the plugin only. |
Opened the PR with the fix ☝️ |
@sboschman thanks a bunch for testing it so promptly. We still have no good metrics support when running Falco with a plugin only. We should perhaps add a note to the website about that as well. For example CPU usage calculation still won't work for plugin only given a regression here: #2821 |
Also the Falco number of events won't be available atm in Prometheus as it would have required a major refactor and we ran out of time. Please follow this issue for things we spotted that we still need to address: #3194 |
I see @incertum , didn't realise running with plugin only has limited prometheus metrics support atm. Was indeed looking for cpu + memory metrics, and Rules Counters Fields (hoping to do something with total events processed and total rules matched, as to determine how much unnecessary events we sent to falco or missing rules we have) |
I know yes it's annoying, we will work on that for Falco 0.39.0 plus we will offer custom plugin metrics system where you can emit custom plugin metrics when you write your own plugin. I'll CC you on that other issue so you stay in the loop. |
on a side note @incertum , I also noticed that it is mandatory to enable the output rule (or output file I suppose) when using prometheus metrics output, which is not mentioned in the docs as requirement. This config
results in falco failing to start with:
Is this already a known limitation or do you want me to open a separate issue for it? |
uhhh no we messed up for sure on that. It should also work with you have prometheus enabled and no other output. Thanks a bunch for your help Sverre on spotting these things! |
/milestone 0.38.1 |
Describe the bug
Followed the prometheus support section in the docs to enable the /metrics endpoint. A soon as you make a request to this endpoint the falco process crashes without any indication on stdout/stderr what went wrong.
How to reproduce it
Enabled debug logging as well:
This doesn't give any output when requesting the /metrics endpoint. So, it is not helping narrowing down what it happening just before it crashes.
This is what happens with a port forward to the falco pod:
After the
/metrics
request has been done, Kubernetes shows pod termination:Expected behaviour
Expected to see some metrics, or at least not to crash the entire falco process.
Screenshots
Environment
Additional context
This is a dedicated github plugin instance of falco (running as a k8s pod), i.e. not using syscall at all (
--disable-source syscall
).No clue if this has anything to do with the crash though.
The text was updated successfully, but these errors were encountered: