github/falco
1
0
Fork 0
mirror of https://github.com/falcosecurity/falco.git synced 2025-06-30 08:32:12 +00:00
Code Issues Projects Releases Wiki Activity

Add KUBERNETES_SERVICE_HOST (#562)

Browse Source 
When using host network, the containers can't resolve kubernetes.default, thus not getting the metadata like pod name, namespace, etc. Using the environment variable KUBERNETES_SERVICE_HOST, which points to the current cluster API server, will allow that.
This commit is contained in:
prsimoes 2019-03-13 17:40:41 -07:00 committed by Mark Stemm
parent 28622e6fdc
commit 3d96ca5157
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml
View File

@ -25,7 +25,7 @@ spec:
# env: # env:
# - name: SYSDIG_BPF_PROBE # - name: SYSDIG_BPF_PROBE
# value: "" # value: ""
args: [ "/usr/bin/falco", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://kubernetes.default", "-pk"] args: [ "/usr/bin/falco", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://$(KUBERNETES_SERVICE_HOST)", "-pk"]
volumeMounts: volumeMounts:
- mountPath: /host/var/run/docker.sock - mountPath: /host/var/run/docker.sock
name: docker-socket name: docker-socket