mirror of
https://github.com/falcosecurity/falco.git
synced 2026-04-03 18:42:13 +00:00
4fcd44e73a
* Allow SSL for k8s audit endpoint Allow enabling SSL for the Kubernetes audit log web server. This required adding two new configuration options: webserver.ssl_enabled and webserver.ssl_certificate. To enable SSL add the below to the webserver section of the falco.yaml config: webserver: enabled: true listen_port: 8765s k8s_audit_endpoint: /k8s_audit ssl_enabled: true ssl_certificate: /etc/falco/falco.pem Note that the port number has an s appended to indicate SSL for the port which is how civetweb expects SSL ports be denoted. We could change this to dynamically add the s if ssl_enabled: true. The ssl_certificate is a combination SSL Certificate and corresponding key contained in a single file. You can generate a key/cert as follows: $ openssl req -newkey rsa:2048 -nodes -keyout key.pem -x509 -days 365 -out certificate.pem $ cat certificate.pem key.pem > falco.pem $ sudo cp falco.pem /etc/falco/falco.pem fix ssl option handling * Add notes on how to create ssl certificate Add notes on how to create the ssl certificate to the config comments.
21 lines
386 B
Plaintext
21 lines
386 B
Plaintext
/build*
|
|
*~
|
|
*.pyc
|
|
|
|
test/falco_tests.yaml
|
|
test/traces-negative
|
|
test/traces-positive
|
|
test/traces-info
|
|
test/job-results
|
|
test/.phoronix-test-suite
|
|
test/results*.json.*
|
|
|
|
userspace/falco/lua/re.lua
|
|
userspace/falco/lua/lpeg.so
|
|
|
|
docker/event-generator/event_generator
|
|
docker/event-generator/mysqld
|
|
docker/event-generator/httpd
|
|
docker/event-generator/sha1sum
|
|
docker/event-generator/vipw
|
|
.vscode/* |