Falco - Readiness probe failed: Get "http://10.62.94.129:8765/healthz": dial tcp 10.62.94.129:8765: connect: connection refused

Question

I have a falco image that is crashing because of readiness proble failed

I have this set

  Liveness:   http-get http://:8765/healthz delay=60s timeout=5s period=15s #success=1 #failure=3
    Readiness:  http-get http://:8765/healthz delay=30s timeout=5s period=15s #success=1 #failure=3

and this is the only pod that is having this error

Someone can help me?

Answer 1

This error may usually be caused by a faulty network setup, with firewalls or CNI misconfiguration. But, check the following to see if it's a CoreDNS config problem and also may be etcd is not ready.

Please check the below solutions :

1)Check CoreDNS Config : First please check if you can connect to CoreDNS pod address from k8s node. Then make sure coredns plugin health is listening on address 10.62.94.129:8765

• Check that CoreDNS has the health plugin enabled/listed in the Core File.
• Are you changing the CoreDNS Corefile after CoreDNS has started? CoreDNS will fallback to the previously loaded config if the new config is invalid - however some old versions of CoreDNS will fail to restart plugins that listen to ports (e.g. health, metrics, etc) when this occurs.

Apply simple markdown formatting to your issue description to make it human-readable. Please look at those changes so you can see how to make your issue descriptions more easily readable in the future.

2)Check Etcd is not ready: To avoid this problem create the corresponding PV for etcd. Please follow the below steps :

• Find pvc message with kubectl describe -n apisix etcd -> storageClassName is empty
• Create pv for pvc above with storageClassName not set.

Edit :

As the falco is DaemonSet, I found a similar issue from github

Falco failed to run in kind :[https://github.com/falcosecurity/falco/issues/964]

Related to falco itself with duplicate network resource definition like port : [https://github.com/kubernetes/kubernetes/issues/51785]