falcosecurity-retire / falco-operator Goto Github PK

This is my fault :D I will supply the patch tomorrow.

In this moment, the operator is deployed using the helm tiller plugin. Not all people has helm or neither the tiller plugin installed.

Is there another user experience deploying operators like:

• Etcd: $ kubectl create -f https://coreos.com/operators/etcd/latest/deployment.yaml
• Prometheus: $ kubectl create -f https://coreos.com/operators/prometheus/latest/prometheus-operator.yaml

The point is that the less external dependencies we have, the better for get more people involved using and contributing to Falco, so I think that using just kubectl like etcd or prometheus would be awesome.

Thanks!

Right now, the repository is hosted under falcosecurity organization and the Golang import statements refers to mumoshu.

This should be fixed for compiling the operator.

Thanks!

A new release of Falco happened a few days ago. The Helm chart will be bumped in a few days and then, we should use the latest version of Falco.

Thanks!

What to document
Some information in the README.md should be fixed:

• According to new branding guideline I believe "Sysdig" should not be used there
• It should be clear that this operator is not about Falco, but just about Falco rules (see also #18)

In daemonset.yaml line 155 configmap name falco-operator is used, but it may actually be created under different name so the correct here would be {{ template "falco.fullname" . }} just like it is used in configmap.yaml.

Hi @mumoshu,
thanks for contributing an operator for falco!

During our first test we discovered some issues i would like to share.
To get falco-operator running we had to:

• remove the ‘v’ from image version v0.12.1 => to look like: 0.12.1 in these files (related: #2):
  • charts/falco-operator/values.yaml
  • deploy/operator.yaml
• Fix deploy/operator.yaml to use operator generated resource name for configMap:
  • change:

        - name: falco-operator-rules
          configMap:
            name: falco-operator  

  • to:

         - name: falco-operator-rules
            configMap:
              name: {{ template "falco.fullname" . }}
  

• manually install the CRD files - as operator does not deploy these two (requires cluster Admin rights)
  The readme.md unfortunatly does not highlight this issue.

  k apply --namespace falco -f deploy/crd.yaml
  k apply --namespace falco -f deploy/cr.yaml

walk through

Our complete walk through (which may be helpful for others to get started) including requirements, encountered errors and fixes for them:
falco-operator-install-walkthrough.md

Motivation

Feature

Can we please rename this project to falco-rules-operator so that we can use this name for an officially supported install operator?

Alternatives

Keep this name the same for backward compatibility reasons, and find a new name for the new operator.

Additional context

Motivation

Current API Version is mumoshu.github.io/v1alpha1, but this doesn't represent the current state of the project well.

Feature

Change the API Group to something like falco.security.cncf.io or whatever would be consistent with other CNCF projects. The sooner thing gets in the smoother the future updates will be.

In DockerHub, there is a falco-operator image which has the 0.12.1 tag. But in the Makefile and in the deployment manifests the tag value is v0.12.1.

AFAIK, the convention followed for Falco is to use vX.XX.X for git tag name and use just X.XX.X for images uploaded to DockerHub.

So I think, this should be fixed because otherwise an ErrImagePull is received.

Thanks!

Falco now accepts SIGHUP that triggers a restart. Use it so that falco-operator takes less time to restart falco, and therefore less chances to miss events.

falcosecurity/falco#457