From ff5d00073614a568f0efe1f8ed93e36a18df35be Mon Sep 17 00:00:00 2001 From: Leo Di Donato Date: Mon, 13 May 2019 21:45:49 +0200 Subject: [PATCH] CRI flag (#599) * update(integrations): CRI flag Co-authored-by: Lorenzo Fontana Signed-off-by: Leonardo Di Donato * fix(integrations): set the containerd socket Co-Authored-By: Lorenzo Fontana Signed-off-by: Leonardo Di Donato --- .../k8s-with-rbac/falco-daemonset-configmap.yaml | 7 ++++++- .../k8s-without-rbac/falco-daemonset.yaml | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml index 1f9cea50..3be4d07e 100644 --- a/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml +++ b/integrations/k8s-using-daemonset/k8s-with-rbac/falco-daemonset-configmap.yaml @@ -25,10 +25,12 @@ spec: # env: # - name: SYSDIG_BPF_PROBE # value: "" - args: [ "/usr/bin/falco", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://$(KUBERNETES_SERVICE_HOST)", "-pk"] + args: [ "/usr/bin/falco", "--cri", "/host/run/containerd/containerd.sock", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://$(KUBERNETES_SERVICE_HOST)", "-pk"] volumeMounts: - mountPath: /host/var/run/docker.sock name: docker-socket + - mountPath: /host/run/containerd/containerd.sock + name: containerd-socket - mountPath: /host/dev name: dev-fs - mountPath: /host/proc @@ -52,6 +54,9 @@ spec: - name: docker-socket hostPath: path: /var/run/docker.sock + - name: containerd-socket + hostPath: + path: /run/containerd/containerd.sock - name: dev-fs hostPath: path: /dev diff --git a/integrations/k8s-using-daemonset/k8s-without-rbac/falco-daemonset.yaml b/integrations/k8s-using-daemonset/k8s-without-rbac/falco-daemonset.yaml index 3b49d9ed..3b419aba 100644 --- a/integrations/k8s-using-daemonset/k8s-without-rbac/falco-daemonset.yaml +++ b/integrations/k8s-using-daemonset/k8s-without-rbac/falco-daemonset.yaml @@ -18,10 +18,12 @@ spec: image: falcosecurity/falco:latest securityContext: privileged: true - args: [ "/usr/bin/falco", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://kubernetes.default", "-pk", "-o", "json_output=true", "-o", "program_output.enabled=true", "-o", "program_output.program=jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/see_your_slack_team/apps_settings_for/a_webhook_url"] + args: [ "/usr/bin/falco", "--cri", "/host/run/containerd/containerd.sock", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://kubernetes.default", "-pk", "-o", "json_output=true", "-o", "program_output.enabled=true", "-o", "program_output.program=jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/see_your_slack_team/apps_settings_for/a_webhook_url"] volumeMounts: - mountPath: /host/var/run/docker.sock name: docker-socket + - mountPath: /host/run/containerd/containerd.sock + name: containerd-socket - mountPath: /host/dev name: dev-fs - mountPath: /host/proc @@ -40,6 +42,9 @@ spec: - name: docker-socket hostPath: path: /var/run/docker.sock + - name: containerd-socket + hostPath: + path: /run/containerd/containerd.sock - name: dev-fs hostPath: path: /dev