Remove repeated configurations and other stuff

As long as this PR merged, this is not needed: https://github.com/kubernetes/charts/pull/6600
2025-10-22 20:29:39 +00:00 · 2018-07-11 17:52:11 +02:00
parent 3afe04629a
commit bed360497e
7 changed files with 0 additions and 1790 deletions
--- a/integrations/kubernetes-response-engine/deployment/Makefile
+++ b/integrations/kubernetes-response-engine/deployment/Makefile
@@ -1,13 +1,9 @@
 deploy:
 	kubectl apply -f nats/
 	kubectl create configmap falco-config --from-file=falco-config/ || true
 	kubectl apply -f falco/
 	kubectl apply -f kubeless/
 	kubectl apply -f network-policy.yaml
 clean:
 	kubectl delete -f kubeless/
 	kubectl delete configmap falco-config
 	kubectl delete -f falco/
 	kubectl delete -f nats/
 	kubectl delete -f network-policy.yaml
--- a/integrations/kubernetes-response-engine/deployment/falco-config/falco.yaml
+++ b/integrations/kubernetes-response-engine/deployment/falco-config/falco.yaml
@@ -1,102 +0,0 @@
 # File(s) or Directories containing Falco rules, loaded at startup.
 # The name "rules_file" is only for backwards compatibility.
 # If the entry is a file, it will be read directly. If the entry is a directory,
 # every file in that directory will be read, in alphabetical order.
 #
 # falco_rules.yaml ships with the falco package and is overridden with
 # every new software version. falco_rules.local.yaml is only created
 # if it doesn't exist. If you want to customize the set of rules, add
 # your customizations to falco_rules.local.yaml.
 #
 # The files will be read in the order presented here, so make sure if
 # you have overrides they appear in later files.
 rules_file:
 - /etc/falco/falco_rules.yaml
 - /etc/falco/falco_rules.local.yaml
 - /etc/falco/rules.d
 # Whether to output events in json or text
 json_output: true
 # When using json output, whether or not to include the "output" property
 # itself (e.g. "File below a known binary directory opened for writing
 # (user=root ....") in the json output.
 json_include_output_property: true
 # Send information logs to stderr and/or syslog Note these are *not* security
 # notification logs! These are just Falco lifecycle (and possibly error) logs.
 log_stderr: true
 log_syslog: true
 # Minimum log level to include in logs. Note: these levels are
 # separate from the priority field of rules. This refers only to the
 # log level of falco's internal logging. Can be one of "emergency",
 # "alert", "critical", "error", "warning", "notice", "info", "debug".
 log_level: info
 # Minimum rule priority level to load and run. All rules having a
 # priority more severe than this level will be loaded/run.  Can be one
 # of "emergency", "alert", "critical", "error", "warning", "notice",
 # "info", "debug".
 priority: debug
 # Whether or not output to any of the output channels below is
 # buffered. Defaults to true
 buffered_outputs: true
 # A throttling mechanism implemented as a token bucket limits the
 # rate of falco notifications. This throttling is controlled by the following configuration
 # options:
 #  - rate: the number of tokens (i.e. right to send a notification)
 #    gained per second. Defaults to 1.
 #  - max_burst: the maximum number of tokens outstanding. Defaults to 1000.
 #
 # With these defaults, falco could send up to 1000 notifications after
 # an initial quiet period, and then up to 1 notification per second
 # afterward. It would gain the full burst back after 1000 seconds of
 # no activity.
 outputs:
  rate: 1
  max_burst: 1000
 # Where security notifications should go.
 # Multiple outputs can be enabled.
 syslog_output:
  enabled: true
 # If keep_alive is set to true, the file will be opened once and
 # continuously written to, with each output message on its own
 # line. If keep_alive is set to false, the file will be re-opened
 # for each output message.
 #
 # Also, the file will be closed and reopened if falco is signaled with
 # SIGUSR1.
 file_output:
  enabled: true
  keep_alive: true
  filename: /var/run/falco/nats
 stdout_output:
  enabled: true
 # Possible additional things you might want to do with program output:
 #   - send to a slack webhook:
 #         program: "jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/XXX"
 #   - logging (alternate method than syslog):
 #         program: logger -t falco-test
 #   - send over a network connection:
 #         program: nc host.example.com 80
 # If keep_alive is set to true, the program will be started once and
 # continuously written to, with each output message on its own
 # line. If keep_alive is set to false, the program will be re-spawned
 # for each output message.
 #
 # Also, the program will be closed and reopened if falco is signaled with
 # SIGUSR1.
--- a/integrations/kubernetes-response-engine/deployment/falco-config/falco_rules.local.yaml
+++ b/integrations/kubernetes-response-engine/deployment/falco-config/falco_rules.local.yaml
@@ -1,13 +0,0 @@
 ####################
 # Your custom rules!
 ####################
 # Add new rules, like this one
 # - rule: The program "sudo" is run in a container
 #   desc: An event will trigger every time you run sudo in a container
 #   condition: evt.type = execve and evt.dir=< and container.id != host and proc.name = sudo
 #   output: "Sudo run in container (user=%user.name %container.info parent=%proc.pname cmdline=%proc.cmdline)"
 #   priority: ERROR
 #   tags: [users, container]
 # Or override/append to any rule, macro, or list from the Default Rules
--- a/integrations/kubernetes-response-engine/deployment/falco-config/falco_rules.yaml
+++ b/integrations/kubernetes-response-engine/deployment/falco-config/falco_rules.yaml
--- a/integrations/kubernetes-response-engine/deployment/falco/falco-account.yaml
+++ b/integrations/kubernetes-response-engine/deployment/falco/falco-account.yaml
@@ -1,29 +0,0 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: falco-account
 ---
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
  name: falco-cluster-role
 rules:
  - apiGroups: ["extensions",""]
    resources: ["nodes","namespaces","pods","replicationcontrollers","services","events","configmaps"]
    verbs: ["get","list","watch"]
  - nonResourceURLs: ["/healthz", "/healthz/*"]
    verbs: ["get"]
 ---
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1beta1
 metadata:
  name: falco-cluster-role-binding
  namespace: default
 subjects:
  - kind: ServiceAccount
    name: falco-account
    namespace: default
 roleRef:
  kind: ClusterRole
  name: falco-cluster-role
  apiGroup: rbac.authorization.k8s.io
--- a/integrations/kubernetes-response-engine/deployment/falco/falco-daemonset.yaml
+++ b/integrations/kubernetes-response-engine/deployment/falco/falco-daemonset.yaml
@@ -1,84 +0,0 @@
 apiVersion: extensions/v1beta1
 kind: DaemonSet
 metadata:
  name: falco
  labels:
    name: falco-daemonset
    app: demo
 spec:
  template:
    metadata:
      labels:
        name: falco
        app: demo
        role: security
    spec:
      serviceAccount: falco-account
      containers:
        - name: falco-nats
          image: sysdig/falco-nats:latest
          imagePullPolicy: Always
          volumeMounts:
            - mountPath: /var/run/falco/
              name: shared-pipe
        - name: falco
          image: sysdig/falco:latest
          securityContext:
            privileged: true
          args: [ "/usr/bin/falco", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://kubernetes", "-pk", "-U"]
          volumeMounts:
            - mountPath: /var/run/falco/
              name: shared-pipe
              readOnly: false
            - mountPath: /host/var/run/docker.sock
              name: docker-socket
              readOnly: true
            - mountPath: /host/dev
              name: dev-fs
              readOnly: true
            - mountPath: /host/proc
              name: proc-fs
              readOnly: true
            - mountPath: /host/boot
              name: boot-fs
              readOnly: true
            - mountPath: /host/lib/modules
              name: lib-modules
              readOnly: true
            - mountPath: /host/usr
              name: usr-fs
              readOnly: true
            - mountPath: /etc/falco
              name: falco-config
      initContainers:
          - name: init-pipe
            image: busybox
            command: ['mkfifo','/var/run/falco/nats']
            volumeMounts:
            - mountPath: /var/run/falco/
              name: shared-pipe
              readOnly: false
      volumes:
        - name: shared-pipe
          emptyDir: {}
        - name: docker-socket
          hostPath:
            path: /var/run/docker.sock
        - name: dev-fs
          hostPath:
            path: /dev
        - name: proc-fs
          hostPath:
            path: /proc
        - name: boot-fs
          hostPath:
            path: /boot
        - name: lib-modules
          hostPath:
            path: /lib/modules
        - name: usr-fs
          hostPath:
            path: /usr
        - name: falco-config
          configMap:
            name: falco-config
--- a/integrations/kubernetes-response-engine/deployment/falco/falco-event-generator.yaml
+++ b/integrations/kubernetes-response-engine/deployment/falco/falco-event-generator.yaml
@@ -1,18 +0,0 @@
 apiVersion: extensions/v1beta1
 kind: Deployment
 metadata:
  name: falco-event-generator
  labels:
    name: falco-event-generator
    app: demo
 spec:
  replicas: 1
  template:
    metadata:
      labels:
        name: falco-event-generator
        app: demo
    spec:
      containers:
      - name: falco-event-generator
        image: sysdig/falco-event-generator:latest