Thanks for sharing this. It might be worthwhile understanding the relationship between /check and the docker daemon not being reachable.
Perhaps due to compliance, this particular Falcon setting could get reapplied someday and reintroduce this particular failure. — Sriram On Mon, 23 Dec 2024 at 9:44 PM, 'Ashwanth Kumar' via go-cd < go-cd@googlegroups.com> wrote: > A quick update folks, We recently integrated Crowdstrike Falcon agents > into our EKS Cluster and noticed that Falcon has something called Drift > Detection where if any new executables were created and executed in the > container it would kill / block it. In our setup, there was an executable > called "/check" that was getting created and executed. This process was > killed by Falcon as part of a Drift Indicator called > "RecentlyModifiedFileExecutedInContainer". I had to disable the "Container > drift prevention" policy check to make sure gocd agents do not have this > issue. > > After disabling new pods (agents) that were getting assigned on the > underlying host started working just fine. > > Sharing it here hoping someone on the internet will find this useful and > don't want to spend 5+ hours of their life trying to figure out why DinD > setup is likely to fail in a Falcon protected environment. > > Thanks, > > -- > > Ashwanth Kumar / ashwanthkumar.in > > -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to go-cd+unsubscr...@googlegroups.com. > To view this discussion visit > https://groups.google.com/d/msgid/go-cd/CAD9m7CzpgDHd6mM-KQz%2BmW_UdKV1DmnBmwZMwBcCSVQuzLVx2w%40mail.gmail.com > <https://groups.google.com/d/msgid/go-cd/CAD9m7CzpgDHd6mM-KQz%2BmW_UdKV1DmnBmwZMwBcCSVQuzLVx2w%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/go-cd/CANiY96ZXQN-1fL%3D2_ScafhVGNb5v5dKgMGLc2xCpUT1VP3reQg%40mail.gmail.com.
