Remove repeated configurations and other stuff

As long as this PR merged, this is not needed: https://github.com/kubernetes/charts/pull/6600
2025-10-21 19:44:57 +00:00 · 2018-07-11 17:52:11 +02:00
parent 3afe04629a
commit bed360497e
7 changed files with 0 additions and 1790 deletions
--- a/integrations/kubernetes-response-engine/deployment/Makefile
+++ b/integrations/kubernetes-response-engine/deployment/Makefile
@@ -1,13 +1,9 @@
 deploy:
 	kubectl apply -f nats/
-	kubectl create configmap falco-config --from-file=falco-config/ || true
-	kubectl apply -f falco/
 	kubectl apply -f kubeless/
 	kubectl apply -f network-policy.yaml

 clean:
 	kubectl delete -f kubeless/
-	kubectl delete configmap falco-config
-	kubectl delete -f falco/
 	kubectl delete -f nats/
 	kubectl delete -f network-policy.yaml
--- a/integrations/kubernetes-response-engine/deployment/falco-config/falco.yaml
+++ b/integrations/kubernetes-response-engine/deployment/falco-config/falco.yaml
@@ -1,102 +0,0 @@
-# File(s) or Directories containing Falco rules, loaded at startup.
-# The name "rules_file" is only for backwards compatibility.
-# If the entry is a file, it will be read directly. If the entry is a directory,
-# every file in that directory will be read, in alphabetical order.
-#
-# falco_rules.yaml ships with the falco package and is overridden with
-# every new software version. falco_rules.local.yaml is only created
-# if it doesn't exist. If you want to customize the set of rules, add
-# your customizations to falco_rules.local.yaml.
-#
-# The files will be read in the order presented here, so make sure if
-# you have overrides they appear in later files.
-rules_file:
- - /etc/falco/falco_rules.yaml
- - /etc/falco/falco_rules.local.yaml
- - /etc/falco/rules.d
-
-# Whether to output events in json or text
-json_output: true
-
-# When using json output, whether or not to include the "output" property
-# itself (e.g. "File below a known binary directory opened for writing
-# (user=root ....") in the json output.
-json_include_output_property: true
-
-# Send information logs to stderr and/or syslog Note these are *not* security
-# notification logs! These are just Falco lifecycle (and possibly error) logs.
-log_stderr: true
-log_syslog: true
-
-# Minimum log level to include in logs. Note: these levels are
-# separate from the priority field of rules. This refers only to the
-# log level of falco's internal logging. Can be one of "emergency",
-# "alert", "critical", "error", "warning", "notice", "info", "debug".
-log_level: info
-
-# Minimum rule priority level to load and run. All rules having a
-# priority more severe than this level will be loaded/run.  Can be one
-# of "emergency", "alert", "critical", "error", "warning", "notice",
-# "info", "debug".
-priority: debug
-
-# Whether or not output to any of the output channels below is
-# buffered. Defaults to true
-buffered_outputs: true
-
-# A throttling mechanism implemented as a token bucket limits the
-# rate of falco notifications. This throttling is controlled by the following configuration
-# options:
-#  - rate: the number of tokens (i.e. right to send a notification)
-#    gained per second. Defaults to 1.
-#  - max_burst: the maximum number of tokens outstanding. Defaults to 1000.
-#
-# With these defaults, falco could send up to 1000 notifications after
-# an initial quiet period, and then up to 1 notification per second
-# afterward. It would gain the full burst back after 1000 seconds of
-# no activity.
-
-outputs:
-  rate: 1
-  max_burst: 1000
-
-# Where security notifications should go.
-# Multiple outputs can be enabled.
-
-syslog_output:
-  enabled: true
-
-# If keep_alive is set to true, the file will be opened once and
-# continuously written to, with each output message on its own
-# line. If keep_alive is set to false, the file will be re-opened
-# for each output message.
-#
-# Also, the file will be closed and reopened if falco is signaled with
-# SIGUSR1.
-
-file_output:
-  enabled: true
-  keep_alive: true
-  filename: /var/run/falco/nats
-
-stdout_output:
-  enabled: true
-
-# Possible additional things you might want to do with program output:
-#   - send to a slack webhook:
-#         program: "jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/XXX"
-#   - logging (alternate method than syslog):
-#         program: logger -t falco-test
-#   - send over a network connection:
-#         program: nc host.example.com 80
-
-# If keep_alive is set to true, the program will be started once and
-# continuously written to, with each output message on its own
-# line. If keep_alive is set to false, the program will be re-spawned
-# for each output message.
-#
-# Also, the program will be closed and reopened if falco is signaled with
-# SIGUSR1.
-
-
-
--- a/integrations/kubernetes-response-engine/deployment/falco-config/falco_rules.local.yaml
+++ b/integrations/kubernetes-response-engine/deployment/falco-config/falco_rules.local.yaml
@@ -1,13 +0,0 @@
-####################
-# Your custom rules!
-####################
-
-# Add new rules, like this one
-# - rule: The program "sudo" is run in a container
-#   desc: An event will trigger every time you run sudo in a container
-#   condition: evt.type = execve and evt.dir=< and container.id != host and proc.name = sudo
-#   output: "Sudo run in container (user=%user.name %container.info parent=%proc.pname cmdline=%proc.cmdline)"
-#   priority: ERROR
-#   tags: [users, container]
-
-# Or override/append to any rule, macro, or list from the Default Rules
--- a/integrations/kubernetes-response-engine/deployment/falco-config/falco_rules.yaml
+++ b/integrations/kubernetes-response-engine/deployment/falco-config/falco_rules.yaml
--- a/integrations/kubernetes-response-engine/deployment/falco/falco-account.yaml
+++ b/integrations/kubernetes-response-engine/deployment/falco/falco-account.yaml
@@ -1,29 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: falco-account
---
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: falco-cluster-role
-rules:
-  - apiGroups: ["extensions",""]
-    resources: ["nodes","namespaces","pods","replicationcontrollers","services","events","configmaps"]
-    verbs: ["get","list","watch"]
-  - nonResourceURLs: ["/healthz", "/healthz/*"]
-    verbs: ["get"]
---
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: falco-cluster-role-binding
-  namespace: default
-subjects:
-  - kind: ServiceAccount
-    name: falco-account
-    namespace: default
-roleRef:
-  kind: ClusterRole
-  name: falco-cluster-role
-  apiGroup: rbac.authorization.k8s.io
--- a/integrations/kubernetes-response-engine/deployment/falco/falco-daemonset.yaml
+++ b/integrations/kubernetes-response-engine/deployment/falco/falco-daemonset.yaml
@@ -1,84 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: DaemonSet
-metadata:
-  name: falco
-  labels:
-    name: falco-daemonset
-    app: demo
-spec:
-  template:
-    metadata:
-      labels:
-        name: falco
-        app: demo
-        role: security
-    spec:
-      serviceAccount: falco-account
-      containers:
-        - name: falco-nats
-          image: sysdig/falco-nats:latest
-          imagePullPolicy: Always
-          volumeMounts:
-            - mountPath: /var/run/falco/
-              name: shared-pipe
-        - name: falco
-          image: sysdig/falco:latest
-          securityContext:
-            privileged: true
-          args: [ "/usr/bin/falco", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://kubernetes", "-pk", "-U"]
-          volumeMounts:
-            - mountPath: /var/run/falco/
-              name: shared-pipe
-              readOnly: false
-            - mountPath: /host/var/run/docker.sock
-              name: docker-socket
-              readOnly: true
-            - mountPath: /host/dev
-              name: dev-fs
-              readOnly: true
-            - mountPath: /host/proc
-              name: proc-fs
-              readOnly: true
-            - mountPath: /host/boot
-              name: boot-fs
-              readOnly: true
-            - mountPath: /host/lib/modules
-              name: lib-modules
-              readOnly: true
-            - mountPath: /host/usr
-              name: usr-fs
-              readOnly: true
-            - mountPath: /etc/falco
-              name: falco-config
-      initContainers:
-          - name: init-pipe
-            image: busybox
-            command: ['mkfifo','/var/run/falco/nats']
-            volumeMounts:
-            - mountPath: /var/run/falco/
-              name: shared-pipe
-              readOnly: false
-      volumes:
-        - name: shared-pipe
-          emptyDir: {}
-        - name: docker-socket
-          hostPath:
-            path: /var/run/docker.sock
-        - name: dev-fs
-          hostPath:
-            path: /dev
-        - name: proc-fs
-          hostPath:
-            path: /proc
-        - name: boot-fs
-          hostPath:
-            path: /boot
-        - name: lib-modules
-          hostPath:
-            path: /lib/modules
-        - name: usr-fs
-          hostPath:
-            path: /usr
-        - name: falco-config
-          configMap:
-            name: falco-config
--- a/integrations/kubernetes-response-engine/deployment/falco/falco-event-generator.yaml
+++ b/integrations/kubernetes-response-engine/deployment/falco/falco-event-generator.yaml
@@ -1,18 +0,0 @@
-apiVersion: extensions/v1beta1
-kind: Deployment
-metadata:
-  name: falco-event-generator
-  labels:
-    name: falco-event-generator
-    app: demo
-spec:
-  replicas: 1
-  template:
-    metadata:
-      labels:
-        name: falco-event-generator
-        app: demo
-    spec:
-      containers:
-      - name: falco-event-generator
-        image: sysdig/falco-event-generator:latest