From 702d989cd0b50f200ff75761aadb62c647ea8d9a Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@gmail.com>
Date: Thu, 27 Aug 2020 17:58:15 -0700
Subject: [PATCH] rule(Create HostNetwork Pod): add images

Add a set of images known to run in the host network. Mostly related to
GKE, sometimes plus metrics collection.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
---
 rules/falco_rules.yaml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index fcb642da..085c766b 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -1933,7 +1933,16 @@
 
 # These container images are allowed to run with hostnetwork=true
 - list: falco_hostnetwork_images
-  items: []
+  items: [
+    gcr.io/google-containers/prometheus-to-sd,
+    gcr.io/projectcalico-org/typha,
+    gcr.io/projectcalico-org/node,
+    gke.gcr.io/gke-metadata-server,
+    gke.gcr.io/kube-proxy,
+    gke.gcr.io/netd-amd64,
+    k8s.gcr.io/ip-masq-agent-amd64
+    k8s.gcr.io/prometheus-to-sd,
+    ]
 
 # Add conditions to this macro (probably in a separate file,
 # overwriting this macro) to specify additional containers that are