image-analyzer: Missing "get nodes" permission in ClusterRole

[ChristianCiach]

The image analyzer (image falcon-imageanalyzer:1.0.16) logs this:

time=2024-11-25T17:21:10.015Z level=WARN msg="unable to get node some-node.local, using default architecture = amd64" mode=watcher thread=event_watcher event_type=MODIFIED namespace=ten name=dashboard-76f77d9fc9-8fc5f resource_version=139986134 created_at=2024-11-22T12:52:01.000Z namespace=ten name=dashboard-76f77d9fc9-8fc5f resource_version=139986134 owner_name=dashboard-76f77d9fc9 owner_kind=ReplicaSet error="nodes \"some-node.local\" is forbidden: User \"system:serviceaccount:falcon-iar:falcon-operator-image-analyzer\" cannot get resource \"nodes\" in API group \"\" at the cluster scope" 

This was fixed in the helm chart a while ago:

• CrowdStrike/falcon-helm@7570e71

Should we better use the helm chart going forward?

[evanstoner]

I've confirmed this is being tracked internally, and also confirmed with IAR engineering that this is just a warning - IAR will default to the architecture of the image (amd64 in your case) if it can't get the architecture from the nodes API.