configuration to deploy falco + k8smetacollector + plugin

Signed-off-by: Aldo Lacuku <aldo@lacuku.eu>
alacuku · Dec 5, 2023 · c9afdb2 · c9afdb2
1 parent 2a9dd9a
commit c9afdb2
Showing 1 changed file with 10 additions and 20 deletions.
diff --git a/charts/falco/values-syscall-k8saudit.yaml b/charts/falco/values-syscall-k8saudit.yaml
@@ -20,6 +20,7 @@ controller:
 
 falcoctl:
   artifact:
+
     install:
       # -- Enable the init container. We do not recommend installing plugins for security reasons since they are executable objects.
       # We install only "rulesfiles".
@@ -29,39 +30,28 @@ falcoctl:
       enabled: true
   config:
     artifact:
+      allowedTypes: ["rulesfile", "plugin"]
       install:
         # -- Do not resolve the depenencies for artifacts. By default is true, but for our use case we disable it.
         resolveDeps: false
         # -- List of artifacts to be installed by the falcoctl init container.
         # We do not recommend installing (or following) plugins for security reasons since they are executable objects.
-        refs: [falco-rules:2, k8saudit-rules:0.6]
+        refs: [falco-rules:2, ghcr.io/alacuku/plugins/plugin/k8smeta:latest]
       follow:
         # -- List of artifacts to be followed by the falcoctl sidecar container.
         # We do not recommend installing (or following) plugins for security reasons since they are executable objects.
-        refs: [falco-rules:2, k8saudit-rules:0.6]
-
-services:
-  - name: k8saudit-webhook
-    type: NodePort
-    ports:
-      - port: 9765 # See plugin open_params
-        nodePort: 30007
-        protocol: TCP
+        refs: [falco-rules:2]
 
 falco:
   rules_file:
     - /etc/falco/falco_rules.yaml
     - /etc/falco/k8s_audit_rules.yaml
     - /etc/falco/rules.d
   plugins:
-    - name: k8saudit
-      library_path: libk8saudit.so
+    - name: k8smeta
+      library_path: libk8smeta.so
       init_config:
-        ""
-        # maxEventBytes: 1048576
-        # sslCertificate: /etc/falco/falco.pem
-      open_params: "http://:9765/k8s-audit"
-    - name: json
-      library_path: libjson.so
-      init_config: ""
-  load_plugins: [k8saudit, json]
+        collectorPort: 45000
+        collectorHostname: meta-collector.meta-collector.svc
+        nodename: "worker-node-1"
+  load_plugins: [k8smeta]