jonny/charts
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
c0d65a0afb
charts/falco/values-gvisor-gke.yaml
Jonny Ervine b052831184 Add falco chart
2024-03-20 18:06:21 +08:00

64 lines
2.1 KiB
YAML
Raw Blame History

# Default values to deploy Falco on GKE with gVisor.
# Affinity constraint for pods' scheduling.
# Needed to deploy Falco on the gVisor enabled nodes.
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: sandbox.gke.io/runtime
operator: In
values:
- gvisor
# Tolerations to allow Falco to run on Kubernetes 1.6 masters.
# Adds the neccesssary tolerations to allow Falco pods to be scheduled on the gVisor enabled nodes.
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: sandbox.gke.io/runtime
operator: Equal
value: gvisor
# Enable gVisor and set the appropriate paths.
driver:
enabled: true
kind: gvisor
gvisor:
runsc:
path: /home/containerd/usr/local/sbin
root: /run/containerd/runsc
config: /run/containerd/runsc/config.toml
# Enable the containerd collector to enrich the syscall events with metadata.
collectors:
enabled: true
containerd:
enabled: true
socket: /run/containerd/containerd.sock
falcoctl:
artifact:
install:
# -- Enable the init container. We do not recommend installing plugins for security reasons since they are executable objects.
# We install only "rulesfiles".
enabled: true
follow:
# -- Enable the sidecar container. We do not support it yet for plugins. It is used only for rules feed such as k8saudit-rules rules.
enabled: true
config:
artifact:
install:
# -- List of artifacts to be installed by the falcoctl init container.
# We do not recommend installing (or following) plugins for security reasons since they are executable objects.
refs: [falco-rules:3]
follow:
# -- List of artifacts to be followed by the falcoctl sidecar container.
# We do not recommend installing (or following) plugins for security reasons since they are executable objects.
refs: [falco-rules:3]
# Set this to true to force Falco so output the logs as soon as they are emmitted.
tty: false
Reference in New Issue View Git Blame Copy Permalink