Skip to content

Commit

Permalink
use directory-mapping instead of simple containerd.socket-file-mapping
Browse files Browse the repository at this point in the history
to allow falco to reconnect if containerd got restarted on host

Fixes falcosecurity#632

Signed-off-by: Fabian Zimmermann <dev.faz@gmail.com>
  • Loading branch information
devfaz authored and poiana committed Jun 21, 2024
1 parent df1606c commit 7527d0f
Show file tree
Hide file tree
Showing 4 changed files with 18 additions and 10 deletions.
4 changes: 4 additions & 0 deletions charts/falco/CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,10 @@
This file documents all notable changes to Falco Helm Chart. The release
numbering uses [semantic versioning](http://semver.org).

## v4.5.1

* falco is now able to reconnect to containerd.socket

## v4.5.0

* bump Falco version to 0.38.1
Expand Down
2 changes: 1 addition & 1 deletion charts/falco/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v2
name: falco
version: 4.5.0
version: 4.5.1
appVersion: "0.38.1"
description: Falco
keywords:
Expand Down
2 changes: 1 addition & 1 deletion charts/falco/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -581,7 +581,7 @@ If you use a Proxy in your cluster, the requests between `Falco` and `Falcosidek

## Configuration

The following table lists the main configurable parameters of the falco chart v4.5.0 and their default values. See [values.yaml](./values.yaml) for full list.
The following table lists the main configurable parameters of the falco chart v4.5.1 and their default values. See [values.yaml](./values.yaml) for full list.

## Values

Expand Down
20 changes: 12 additions & 8 deletions charts/falco/templates/pod-template.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -63,13 +63,17 @@ spec:
{{- include "falco.configSyscallSource" . | indent 8 }}
{{- with .Values.collectors }}
{{- if .enabled }}
{{- if .docker.enabled }}
- --cri
- /var/run/{{ base .docker.socket }}
{{- end }}
{{- if .containerd.enabled }}
- --cri
- /run/containerd/containerd.sock
- /run/containerd/{{ base .containerd.socket }}
{{- end }}
{{- if .crio.enabled }}
- --cri
- /run/crio/crio.sock
- /run/crio/{{ base .crio.socket }}
{{- end }}
- -pk
{{- end }}
Expand Down Expand Up @@ -161,15 +165,15 @@ spec:
{{- with .Values.collectors }}
{{- if .enabled }}
{{- if .docker.enabled }}
- mountPath: /host/var/run/docker.sock
- mountPath: /host/var/run/
name: docker-socket
{{- end }}
{{- if .containerd.enabled }}
- mountPath: /host/run/containerd/containerd.sock
- mountPath: /host/run/containerd/
name: containerd-socket
{{- end }}
{{- if .crio.enabled }}
- mountPath: /host/run/crio/crio.sock
- mountPath: /host/run/crio/
name: crio-socket
{{- end }}
{{- end }}
Expand Down Expand Up @@ -263,17 +267,17 @@ spec:
{{- if .docker.enabled }}
- name: docker-socket
hostPath:
path: {{ .docker.socket }}
path: {{ dir .docker.socket }}
{{- end }}
{{- if .containerd.enabled }}
- name: containerd-socket
hostPath:
path: {{ .containerd.socket }}
path: {{ dir .containerd.socket }}
{{- end }}
{{- if .crio.enabled }}
- name: crio-socket
hostPath:
path: {{ .crio.socket }}
path: {{ dir .crio.socket }}
{{- end }}
{{- end }}
{{- end }}
Expand Down

0 comments on commit 7527d0f

Please sign in to comment.