A quick update folks, We recently integrated Crowdstrike Falcon agents into our EKS Cluster and noticed that Falcon has something called Drift Detection where if any new executables were created and executed in the container it would kill / block it. In our setup, there was an executable called "/check" that was getting created and executed. This process was killed by Falcon as part of a Drift Indicator called "RecentlyModifiedFileExecutedInContainer". I had to disable the "Container drift prevention" policy check to make sure gocd agents do not have this issue.
After disabling new pods (agents) that were getting assigned on the underlying host started working just fine. Sharing it here hoping someone on the internet will find this useful and don't want to spend 5+ hours of their life trying to figure out why DinD setup is likely to fail in a Falcon protected environment. Thanks, -- Ashwanth Kumar / ashwanthkumar.in -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/d/msgid/go-cd/CAD9m7CzpgDHd6mM-KQz%2BmW_UdKV1DmnBmwZMwBcCSVQuzLVx2w%40mail.gmail.com.
