OlehR
Reputation: 11
Falco k8s, when add an exception, some fields become null
If I add an exception to the rule 'The docker client is executed in a container' like:
exceptions:
- name: kube_mon
fields: [container.image.repository, k8s.ns.name, k8s.pod.name]
comps: [=, =, startswith]
values:
- [repo/myimg, myns, my-pod-]
I start receiving Warnings where the mentioned fields are null (instead of not receiving them at all) : screen: [1]: https://i.sstatic.net/1RTiJ.png
Same exceptions added to the rule 'Contact K8S API Server From Container' works ok and my pods are filtered out from logging.
How can I solve it?
Thanks.
Falco 0.31.1
Chart falco-1.17.4
Upvotes: 1
Views: 299
Answers (0)
Related Questions
- How to debug Unknown field error in Kubernetes?
- Exception handling in Micronaut
- Kibana scripted field error tells me I dont have any values in field while they do show up in discovery
- Kubernetes unknown field "behavior"
- How do I collect Java exceptions from Kubernetes pods?
- How to capture the exception and message key when using ErrorHandlingDeserializer2 to handle exceptions during deserialization
- Helm debug unknown field
- How to serialize Exception object using Kyro?
- throwing new exception doesn't show anything in post man response
- Handling null and exception from Java API call in Scala