fix(userspace/libsinsp): avoid exception failure on unknown k8s node name

[jasondellaluce]

What type of PR is this?

/kind bug

Any specific area of the project related to this PR?

/area libsinsp

Does this PR require a change in the driver versions?

What this PR does / why we need it:

When a node name is passed to the k8s client filtering, we throw an exception in case the node name is not found in the reconstructed k8s cluster state. However, this does not distinguish bad node names from unexpected/unpredictable parsing errors during the k8s cluster stare reconstruction. Since an exception can be blocking and cause consumers like Falco to terminate, the best option we have from a security/availability perspective is to log with error level instead of throwing an exception.

Of course, this is a workaround and not a concrete long-term solution. Here, we are giving priority to security and availability of the libs consumer over ease of troubleshooting in case k8s metadata ends up being not available. Since we now have libs logging in Falco (which we didn't have when first introducing this check), I think this is an acceptable tradeoff.

Which issue(s) this PR fixes:

Fixes falcosecurity/falco#2358

Special notes for your reviewer:

Open to discussion for better workarounds.

Does this PR introduce a user-facing change?:

NONE

[FedeDP]

/milestone 0.10.1

Thank you Jason, makes sense to me.

[Andreagit97]

/approve

[poiana]

LGTM label has been added.

Git tree hash: a846956eff79fdc40517ddbd52e1114ee3803e49

[FedeDP]

/approve

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Andreagit97, FedeDP, jasondellaluce

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [Andreagit97,FedeDP]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment