Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-69392

After installing the CrowdStrike Falcon Operator and the Node Sensor, the cluster is experiencing inconsistent behavior.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • 4.14
    • OLM
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • Rejected
    • None
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      Before installing the Falcon Operator and Node Sensor

      • The OpenShift cluster was stable.  
      • No KubeApiDown or MachineWithoutValidNode alerts were triggered.  
      • Prometheus operated normally without any storage or chunk-related issues.

      After installing the Falcon Operator and Node Sensor

      • The cluster started showing inconsistent behavior, including:
        • Prometheus alerts (KubeApiDown, MachineWithoutValidNode)
        • Intermittent loss of access to cluster resources
        • From the OpenShift console, all projects intermittently disappear for approximately 2 minutes, then reappear again (screenshot attached)
      • This behavior impacts core cluster visibility and is not limited to Prometheus metrics only.

      After uninstalling the Falcon Operator and Node Sensor

      • The alerts stopped occurring.
      • The cluster returned to a stable state.
      • The OpenShift console no longer shows intermittent project disappearance.

       

      Version-Release number of selected component (if applicable):

      How reproducible:

      No

      Actual results:

      The cluster is not functioning as expected after installing the flacon and node sensor operator in cluster.

      Expected results:

      The cluster should be consistent even after installing the flacon and node sensor operator in cluster.   

      Additional info:

      We would appreciate your assistance in helping us understand why the Falcon Node Sensor is able to trigger Prometheus storage issues and broader OpenShift cluster instability in our environment.

      In particular, we would appreciate your guidance on:

      1. Confirming whether there are any known limitations, incompatibilities, or documented behaviors when running Falcon Node Sensor in OpenShift Cluster
      2. Explaining how a node-level security agent such as Falcon Node Sensor could:
        • Affect the node filesystem or disk I/O in the cluster
        • Interfere with kernel-level operations and API server availability

      We are also engaging CrowdStrike Support on this matter, but your guidance is essential to determine the root cause from the OpenShift perspective.

      The operator is third party certified operator not managed by Red Hat.

              rh-ee-cchantse Catherine Chan-Tse
              rhn-support-hthakare Harshal Thakare
              None
              None
              Jian Zhang Jian Zhang
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: