KERNEL_MODULE collectors crashing on EKS environment with an error - Permission denied

Solution Verified - Updated -

Issue

  • Collector pods configured with KERNEL_MODULE as a collection method are failing on EKS environment with below error:
Collector Version: 
OS: Amazon Linux 2
Kernel Version: 5.4.209-116.363.amzn2.x86_64
Starting StackRox Collector...
[I 20220830 131451 HostInfo.cpp:126] Hostname: '<hostname>'
[I 20220830 131451 CollectorConfig.cpp:147] User configured collection-method=kernel_module
[I 20220830 131451 CollectorConfig.cpp:200] Afterglow is enabled
[I 20220830 131451 collector.cpp:293] Module version: 1.0.0
[I 20220830 131451 collector.cpp:320] Attempting to download kernel module - Candidate kernel versions: 
[I 20220830 131451 collector.cpp:322] 5.4.209-116.363.amzn2.x86_64
[I 20220830 131451 GetKernelObject.cpp:180] Local storage does not contain collector-5.4.209-116.363.amzn2.x86_64.ko
[I 20220830 131452 GetKernelObject.cpp:194] Successfully downloaded and decompressed /module/collector.ko
[I 20220830 131452 collector.cpp:246] 
[I 20220830 131452 collector.cpp:247] This product uses kernel module and ebpf subcomponents licensed under the GNU
[I 20220830 131452 collector.cpp:248] GENERAL PURPOSE LICENSE Version 2 outlined in the /kernel-modules/LICENSE file.
[I 20220830 131452 collector.cpp:249] Source code for the kernel module and ebpf subcomponents is available upon
[I 20220830 131452 collector.cpp:250] request by contacting support@stackrox.com.
[I 20220830 131452 collector.cpp:251] 
[I 20220830 131452 collector.cpp:162] Inserting kernel module /module/collector.ko with indefinite removal and retry if required.
[F 20220830 131452 collector.cpp:176] Error inserting kernel module: /module/collector.ko: Permission denied. Aborting...

Environment

  • Red Hat Advanced Cluster Security for Kubernetes:
    • 3.69.1
  • Amazon Elastic Kubernetes Service
    • v1.21.13-eks-84b4fe6

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content