From 6c0e5297fa6f49eb0327a79b34be1bc0c90c8b0b Mon Sep 17 00:00:00 2001 From: Leonardo Di Donato Date: Fri, 10 Apr 2020 15:29:54 +0000 Subject: [PATCH] fix(integrations/k8s-using-daemonset): --cri flag correct socket path The libsinsp cri interface prepends (at runtime) the `HOST_ROOT` prefix. Thus, even if the CRI socket has been mounted on `/host/var/run/containerd/containerd.sock`, the correct `--cri` flag value is `/var/run/containerd/containerd.sock`. Co-authored-by: Lorenzo Fontana Signed-off-by: Leonardo Di Donato --- .../k8s-with-rbac/falco-daemonset-configmap-slim.yaml | 2 +- .../k8s-with-rbac/falco-daemonset-configmap.yaml | 2 +- .../k8s-using-daemonset/k8s-without-rbac/falco-daemonset.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap-slim.yaml b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap-slim.yaml index 6baccb2a..6f0b5689 100644 --- a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap-slim.yaml +++ b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap-slim.yaml @@ -41,7 +41,7 @@ spec: # env: # - name: FALCO_BPF_PROBE # value: "" - args: [ "/usr/bin/falco", "--cri", "/host/run/containerd/containerd.sock", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://$(KUBERNETES_SERVICE_HOST)", "-pk"] + args: [ "/usr/bin/falco", "--cri", "/run/containerd/containerd.sock", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://$(KUBERNETES_SERVICE_HOST)", "-pk"] volumeMounts: - mountPath: /host/var/run/docker.sock name: docker-socket diff --git a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml index 680c2a77..e7f8fbc3 100644 --- a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml +++ b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml @@ -25,7 +25,7 @@ spec: # env: # - name: FALCO_BPF_PROBE # value: "" - args: [ "/usr/bin/falco", "--cri", "/host/run/containerd/containerd.sock", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://$(KUBERNETES_SERVICE_HOST)", "-pk"] + args: [ "/usr/bin/falco", "--cri", "/run/containerd/containerd.sock", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://$(KUBERNETES_SERVICE_HOST)", "-pk"] volumeMounts: - mountPath: /host/var/run/docker.sock name: docker-socket diff --git a/integrations/k8s-using-daemonset/k8s-without-rbac/falco-daemonset.yaml b/integrations/k8s-using-daemonset/k8s-without-rbac/falco-daemonset.yaml index 45614d24..a5d0358b 100644 --- a/integrations/k8s-using-daemonset/k8s-without-rbac/falco-daemonset.yaml +++ b/integrations/k8s-using-daemonset/k8s-without-rbac/falco-daemonset.yaml @@ -18,7 +18,7 @@ spec: image: falcosecurity/falco:latest securityContext: privileged: true - args: [ "/usr/bin/falco", "--cri", "/host/run/containerd/containerd.sock", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://kubernetes.default", "-pk", "-o", "json_output=true", "-o", "program_output.enabled=true", "-o", "program_output.program=jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/see_your_slack_team/apps_settings_for/a_webhook_url"] + args: [ "/usr/bin/falco", "--cri", "/run/containerd/containerd.sock", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://kubernetes.default", "-pk", "-o", "json_output=true", "-o", "program_output.enabled=true", "-o", "program_output.program=jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/see_your_slack_team/apps_settings_for/a_webhook_url"] volumeMounts: - mountPath: /host/var/run/docker.sock name: docker-socket