From de9c8720c01b5a6ab9e2953d87e7c0edcb6a0bb8 Mon Sep 17 00:00:00 2001
From: Mark Stemm <mark.stemm@gmail.com>
Date: Thu, 27 Aug 2020 17:51:38 -0700
Subject: [PATCH] rule(Launch Privileged Container) add images

Most of these are seen in GKE and are uses for core routing/metrics
collection.

Signed-off-by: Mark Stemm <mark.stemm@gmail.com>
---
 rules/falco_rules.yaml | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index fa1f1094..fcb642da 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -1874,7 +1874,15 @@
     docker.io/sysdig/sysdig,
     falcosecurity/falco,
     gcr.io/google_containers/kube-proxy,
+    gcr.io/google-containers/startup-script,
+    gcr.io/projectcalico-org/node,
+    gke.gcr.io/kube-proxy,
+    gke.gcr.io/gke-metadata-server,
+    gke.gcr.io/netd-amd64,
+    gcr.io/google-containers/prometheus-to-sd,
+    k8s.gcr.io/ip-masq-agent-amd64,
     k8s.gcr.io/kube-proxy,
+    k8s.gcr.io/prometheus-to-sd,
     quay.io/calico/node,
     sysdig/falco,
     sysdig/sysdig,