mirror of
https://github.com/falcosecurity/falco.git
synced 2025-10-21 19:44:57 +00:00
76 lines
2.1 KiB
YAML
76 lines
2.1 KiB
YAML
apiVersion: extensions/v1beta1
|
|
kind: DaemonSet
|
|
metadata:
|
|
name: falco-daemonset
|
|
labels:
|
|
app: falco-example
|
|
role: security
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: falco-example
|
|
role: security
|
|
spec:
|
|
serviceAccount: falco-account
|
|
containers:
|
|
- name: falco
|
|
image: falcosecurity/falco:latest
|
|
securityContext:
|
|
privileged: true
|
|
# Uncomment the 3 lines below to enable eBPF support for Falco.
|
|
# This allows Falco to run on Google COS.
|
|
# Leave blank for the default probe location, or set to the path
|
|
# of a precompiled probe.
|
|
# env:
|
|
# - name: SYSDIG_BPF_PROBE
|
|
# value: ""
|
|
args: [ "/usr/bin/falco", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://kubernetes.default", "-pk"]
|
|
volumeMounts:
|
|
- mountPath: /host/var/run/docker.sock
|
|
name: docker-socket
|
|
- mountPath: /host/dev
|
|
name: dev-fs
|
|
- mountPath: /host/proc
|
|
name: proc-fs
|
|
readOnly: true
|
|
- mountPath: /host/boot
|
|
name: boot-fs
|
|
readOnly: true
|
|
- mountPath: /host/lib/modules
|
|
name: lib-modules
|
|
readOnly: true
|
|
- mountPath: /host/usr
|
|
name: usr-fs
|
|
readOnly: true
|
|
- mountPath: /host/etc/
|
|
name: etc-fs
|
|
readOnly: true
|
|
- mountPath: /etc/falco
|
|
name: falco-config
|
|
volumes:
|
|
- name: docker-socket
|
|
hostPath:
|
|
path: /var/run/docker.sock
|
|
- name: dev-fs
|
|
hostPath:
|
|
path: /dev
|
|
- name: proc-fs
|
|
hostPath:
|
|
path: /proc
|
|
- name: boot-fs
|
|
hostPath:
|
|
path: /boot
|
|
- name: lib-modules
|
|
hostPath:
|
|
path: /lib/modules
|
|
- name: usr-fs
|
|
hostPath:
|
|
path: /usr
|
|
- name: etc-fs
|
|
hostPath:
|
|
path: /etc
|
|
- name: falco-config
|
|
configMap:
|
|
name: falco-config
|