-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
add falco-0.9.1-00a8080766b9edd978987110b70ae3f63cb4952b.tgz
falco-0.9.1-00a8080766b9edd978987110b70ae3f63cb4952b.tgz-meta/README.md falco-0.9.1-00a8080766b9edd978987110b70ae3f63cb4952b.tgz-meta/main.yaml falco-0.9.1-00a8080766b9edd978987110b70ae3f63cb4952b.tgz-meta/values.schema.json
- Loading branch information
1 parent
9d1a5d6
commit 073bc2b
Showing
5 changed files
with
470 additions
and
1 deletion.
There are no files selected for viewing
Binary file not shown.
95 changes: 95 additions & 0 deletions
95
falco-0.9.1-00a8080766b9edd978987110b70ae3f63cb4952b.tgz-meta/README.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,95 @@ | ||
| [](https://circleci.com/gh/giantswarm/falco-app) | ||
|
|
||
| # falco chart | ||
|
|
||
| Giant Swarm offers a [falco](https://falco.org/) App which can be installed in workload clusters. | ||
| Here we define the falco chart with its templates and default configuration. | ||
|
|
||
| Falco is a host-based intrusion detection system which watches and checks Linux syscalls against a predefined list of rules. Anomalous activity (as defined by the rules) triggers a Falco event, which can be used to alert responders or take automated remediation actions. | ||
|
|
||
| ## Installing | ||
|
|
||
| There are several ways to install this app onto a workload cluster. | ||
|
|
||
| - [Using our web interface][app-ui] | ||
| - By creating an [App resource][app-crd] in the management cluster as explained in [Getting started with App Platform][app-getting-started]. | ||
|
|
||
| ## Configuring | ||
|
|
||
| **Note: There are currently known compatibility issues when using the Falco kernel module with Flatcar kernel version 5.10.77-flatcar and later. The ebpf driver must be used instead (see the sample `user-values-configmap.yaml` below).** | ||
|
|
||
| ### values.yaml | ||
|
|
||
| **This is an example of a values file you could upload using our web interface.** | ||
|
|
||
| ```yaml | ||
| # values.yaml | ||
|
|
||
| global: | ||
| registry: quay.io | ||
|
|
||
| falco: | ||
| podSecurityPolicy: | ||
| create: true | ||
| falco: | ||
| grpc: | ||
| enabled: true | ||
| grpcOutput: | ||
| enabled: true | ||
| customRules: | ||
| {} | ||
| # Example: | ||
| # | ||
| # rules-traefik.yaml: |- | ||
| # [ rule body ] | ||
|
|
||
|
|
||
| falco-exporter: | ||
| podSecurityPolicy: | ||
| create: true | ||
|
|
||
| falcosidekick: | ||
|
|
||
| ``` | ||
| #### Falco Configurations | ||
| Please see the below page for configurable values. | ||
| [Falco Configuration](helm/falco-app/charts/falco#configuration) | ||
| #### Falco Exporter Configurations | ||
| Please see the below page for configurable values. | ||
| [Falco Exporter Configuration](helm/falco-app/charts/falco-exporter#configuration) | ||
| #### Falco sidekick Configurations | ||
| Please see the below page for configurable values. | ||
| [Falco sidekick Configuration](helm/falco-app/charts/falcosidekick#configuration) | ||
| ### Sample App CR and ConfigMap for the management cluster | ||
| If you have access to the Kubernetes API on the management cluster, you could create | ||
| the App CR and ConfigMap directly. | ||
| You can provide additional configuration via a ConfigMap or the web interface. | ||
| ```yaml | ||
| # user-values-configmap.yaml | ||
| # To use the ebpf driver instead of the Falco kernel module: | ||
| falco: | ||
| ebpf: | ||
| enabled: "true" | ||
|
|
||
| ``` | ||
|
|
||
| See our [full reference page on how to configure applications][app-config] for more details. | ||
|
|
||
| ## Credit | ||
|
|
||
| * https://github.com/falcosecurity/charts | ||
|
|
||
| [app-config]: https://docs.giantswarm.io/app-platform/app-configuration/ | ||
| [app-crd]: https://docs.giantswarm.io/ui-api/management-api/crd/apps.application.giantswarm.io/ | ||
| [app-getting-started]: https://docs.giantswarm.io/app-platform/getting-started/ | ||
| [app-ui]: https://docs.giantswarm.io/ui-api/web/app-platform/#installing-an-app |
13 changes: 13 additions & 0 deletions
13
falco-0.9.1-00a8080766b9edd978987110b70ae3f63cb4952b.tgz-meta/main.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| annotations: | ||
| application.giantswarm.io/metadata: https://giantswarm.github.io/giantswarm-test-catalog/falco-0.9.1-00a8080766b9edd978987110b70ae3f63cb4952b.tgz-meta/main.yaml | ||
| application.giantswarm.io/readme: https://giantswarm.github.io/giantswarm-test-catalog/falco-0.9.1-00a8080766b9edd978987110b70ae3f63cb4952b.tgz-meta/README.md | ||
| application.giantswarm.io/team: shield | ||
| application.giantswarm.io/values-schema: https://giantswarm.github.io/giantswarm-test-catalog/falco-0.9.1-00a8080766b9edd978987110b70ae3f63cb4952b.tgz-meta/values.schema.json | ||
| config.giantswarm.io/version: 1.x.x | ||
| ui.giantswarm.io/logo: https://s.giantswarm.io/app-icons/falco/2/logo_dark.svg | ||
| chartApiVersion: v2 | ||
| chartFile: falco-0.9.1-00a8080766b9edd978987110b70ae3f63cb4952b.tgz | ||
| dateCreated: '2024-12-19T17:54:47.360154Z' | ||
| digest: 734b999af61c03e21d21b9381fd657f4b6bf2b4a4b0f9aa8f5ad8e15541a4d7a | ||
| home: https://github.com/giantswarm/falco-app | ||
| icon: https://s.giantswarm.io/app-icons/falco/2/icon_dark.svg |
Oops, something went wrong.