new: falcoctl driver loader

[FedeDP]

What type of PR is this?

/kind feature

Any specific area of the project related to this PR?

/area build

What this PR does / why we need it:

This PR drops old falco-driver-loader script in favor of new falcoctl driver command.

Which issue(s) this PR fixes:

Fixes #2675

Special notes for your reviewer:

This is wip because falcoctl's PR (falcosecurity/falcoctl#343) is still to be merged and this will need some more work.
I opened this one to give an idea of the final look.

Does this PR introduce a user-facing change?:

new!: dropped falco-driver-loader script in favor of new falcoctl driver command

[FedeDP]

Download zip from my own falcoctl PR.

[FedeDP]

This will need some more work, i am not sure what we want to do.

[FedeDP]

Same goes for other occurrences.

[Andreagit97]

This will need some more work, i am not sure what we want to do.

What do you mean? what do we miss here?

[FedeDP]

Oh the parameters being passed to falco-driver-loader were surely different from the one being passed to falcoctl driver; also config might be wrong there, since we may want to let users decide which subcmd to invoke.

[FedeDP]

We decided to reimplement a similar switch logic to the one supported by falco-driver-loader (https://github.com/falcosecurity/falco/blob/master/scripts/falco-driver-loader#L752) managing each flag.

[FedeDP]

We now configure the desired driver type, and then build/download the driver using falcoctl.

[FedeDP]

falcoctl config file must now be configured properly.

[leogr]

Nice!

Just did a first look and left a few comments.

[FedeDP]

Note: once #2413 gets merged, this should be at least ready for local testing with the CI produced packages.

[FedeDP]

build-packages is failing with:

CMake Error at /__w/falco/falco/build/cmake_install.cmake:294 (file):
  file INSTALL cannot find
  "/__w/falco/falco/build/falcoctl-prefix/src/falcoctl/falcoctl": No such
  file or directory.

that is because our falcoctl.cmake file expects falcoctl releases (and is not able to build falcoctl from sources since it would add the huge dep on go), but is now pointing to a falcoctl commit hash zip file.
I would love to fix the CI to be able to test; perhaps we will need to tag a falcoctl alpha release once falcosecurity/falcoctl#343 is merged.

[FedeDP]

TODO:

• once new: driver selection in falco.yaml #2413 is merged, update deb/rpm scripts using new chosen_driver names (ie: "kmod", "ebpf" and "modern-ebpf").
• also, are per-driver systemd units still needed? Btw they should enforce a driver.kind, like -o driver.kind=kmod
  -> we might want to deprecate current units and add a new falco@.service templated unit that enables the requested driver.

[FedeDP]

also, are per-driver systemd units still needed? Btw they should enforce a driver.kind, like -o driver.kind=kmod
-> we might want to deprecate current units and add a new falco@.service templated unit that enables the requested driver.

Done.
About the single unit (deprecating existing ones), i haven't got strong opinions.

[FedeDP]

We just need an alpha tag of falcoctl 0.7.0 to be tested within this PR.

[FedeDP]

Done: https://github.com/falcosecurity/falcoctl/releases/tag/v0.7.0-alpha1

[FedeDP]

falcosecurity/testing#34 + falcosecurity/testing#33 should allow test-dev-packages checks to pass fine.

[FedeDP]

The only failing test left is

TestFalcoLegacyBPF

that will be fixed by falcosecurity/testing#34

[FedeDP]

Will need to bump to beta1 once it is out.

[FedeDP]

Env var has always precedence.

[leogr]

I think this needs to be documented cc @falcosecurity/falco-website-maintainers

[FedeDP]

Bumped falcosecurity-testing to latest dev to (hopefully) fixup dev test-packages ci.

[FedeDP]

Ops, we need falcosecurity/testing#37 too ;)

[FedeDP]

Also need falcosecurity/falcoctl#369 because compiled eBPF probe is expected to be symlinked to /root/.falco/falco-bpf.o : https://github.com/falcosecurity/falco/blob/master/scripts/falco-driver-loader#L662 and https://github.com/falcosecurity/falco/blob/master/falco.yaml#L321

[FedeDP]

Tests are finally passing! 🚀

[leogr]

Just a couple of minor issues found (see comments below), which we can fix in a follow-up PR.
Thus, it's ok for me to merge this so we can start more accurate testing.

[leogr]

Suggested change

	echo " falco-driver-loader [driver] [options]"
	echo " falco-driver-loader [driver] [options]"

This is misleading since there's no falco-driver-loader executable anymore.

Still trying to figure out how to fix it. May we print the container image usage help message instead? 🤔

[FedeDP]

You are right! Will fix in a follow up PR

[leogr]

Same as above

[leogr]

same as above

[leogr]

I think this needs to be documented cc @falcosecurity/falco-website-maintainers

[Andreagit97]

/approve

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, FedeDP, leogr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Andreagit97,FedeDP,leogr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment