Skip to content

Commit

Permalink
feat: add cluster visibility to FalconAdmission
Browse files Browse the repository at this point in the history
  • Loading branch information
@gpontejos
gpontejos committed Oct 1, 2024
1 parent f9fb80d commit 22d8b5b
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 20 deletions.
5 changes: 0 additions & 5 deletions docs/deployment/openshift/resources/admission/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,15 +59,10 @@ spec:
| admissionConfig.tls.validity | (optional) Configure the validity of the TLS certificate used by the Falcon Admission Controller |
| admissionConfig.failurePolicy | (optional) Configure the failure policy of the Falcon Admission Controller |
| admissionConfig.disabledNamespaces.namespaces | (optional) Configure the list of namespaces the Falcon Admission Controller validating webhook should ignore |
| admissionConfig.deployWatcher | (optional) Determines if falcon-watcher container is added to the Falcon Admission Controller Pod |
| admissionConfig.snapshotsEnabled | (optional) Determines if snapshots of Kubernetes resources are periodically taken for cluster visibility. |
| admissionConfig.snapshotsInterval | (optional) Time interval between two snapshots of Kubernetes resources in the cluster |
| admissionConfig.watcherEnabled | (optional) Determines if Kubernetes resources are watched for cluster visibility |
| admissionConfig.replicas | (optional) Currently ignored and internally set to 1 |
| admissionConfig.imagePullPolicy | (optional) Configure the image pull policy of the Falcon Admission Controller |
| admissionConfig.imagePullSecrets | (optional) Configure the image pull secrets of the Falcon Admission Controller |
| admissionConfig.resourcesClient | (optional) Configure the resources client of the Falcon Admission Controller |
| admissionConfig.resourcesWatcher | (optional) Configure the resources watcher of the Falcon Admission Controller |
| admissionConfig.resources | (optional) Configure the resources of the Falcon Admission Controller |
| admissionConfig.updateStrategy | (optional) Configure the deployment update strategy of the Falcon Admission Controller |

Expand Down
5 changes: 1 addition & 4 deletions docs/deployment/openshift/resources/container/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -95,10 +95,7 @@ See `docs/ADVANCED.md` for more details.
| Spec | Default Value | Description |
| :- | :- | :- |
| advanced.autoUpdate | `off` | Automatically updates a deployed Falcon sensor as new versions are released. This has no effect if a specific image or version has been requested. Valid settings are:<ul><li>`force` -- Reconciles the resource after every check for a new version</li><li>`normal` -- Reconciles the resource whenever a new version is detected</li><li>`off` -- No automatic updates</li></ul>
| advanced.updatePolicy | _none_ | If set, applies the named Linux sensor update policy, configured in Falcon UI, to select which version of Falcon sensor to install. The policy must be enabled and must match the CPU architecture of the cluster (AMD64 or ARM64). |

> [!NOTE]
> To use the `Default (Linux)` Sensor Update Policy, assign `advanced.updatePolicy` to `platform_default`.
| advanced.updatePolicy | _none_ | If set, applies the named Linux sensor update policy, configured in Falcon UI, to select which version of Falcon sensor to install. The policy must be enabled and must match the CPU architecture of the cluster (AMD64 or ARM64). |

##### Automatic Update Frequency
The operator checks for new releases of Falcon sensor once every 24 hours by default. This can be adjusted by setting the `--sensor-auto-update-interval` command-line flag to any value acceptable by [Golang's ParseDuration](https://pkg.go.dev/time#ParseDuration) function. However, it is strongly recommended that this be left at the default, as each cycle involves queries to the Falcon API and too many could result in throttling.
Expand Down
11 changes: 0 additions & 11 deletions docs/resources/admission/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,6 @@ spec:
```
### FalconAdmission Reference Manual
#### Falcon Operator Support for Falcon Admission Controller
| Falcon Operator Version | Falcon Admission Controller Version |
|:-----------------------------|:------------------------------------------|
| `<= 1.2.x` | `< 7.20.x` |
| `>= 1.3.x` | `>= 7.20.x` |
#### Falcon API Settings
| Spec | Description |
Expand Down Expand Up @@ -65,15 +59,10 @@ spec:
| admissionConfig.tls.validity | (optional) Configure the validity of the TLS certificate used by the Falcon Admission Controller |
| admissionConfig.failurePolicy | (optional) Configure the failure policy of the Falcon Admission Controller |
| admissionConfig.disabledNamespaces.namespaces | (optional) Configure the list of namespaces the Falcon Admission Controller validating webhook should ignore |
| admissionConfig.deployWatcher | (optional) Determines if the falcon-watcher container is added to the Falcon Admission Controller Pod |
| admissionConfig.snapshotsEnabled | (optional) Determines if snapshots of Kubernetes resources are periodically taken for cluster visibility in. Requires falcon-watcher container. |
| admissionConfig.snapshotsInterval | (optional) Time interval between two snapshots of Kubernetes resources in the cluster. Requires falcon-watcher container. |
| admissionConfig.watcherEnabled | (optional) Determines if Kubernetes resources are watched for cluster visibility. Requires falcon-watcher container. |
| admissionConfig.replicas | (optional) Currently ignored and internally set to 1 |
| admissionConfig.imagePullPolicy | (optional) Configure the image pull policy of the Falcon Admission Controller |
| admissionConfig.imagePullSecrets | (optional) Configure the image pull secrets of the Falcon Admission Controller |
| admissionConfig.resourcesClient | (optional) Configure the resources client of the Falcon Admission Controller |
| admissionConfig.resourcesWatcher | (optional) Configure the resources watcher of the Falcon Admission Controller |
| admissionConfig.resources | (optional) Configure the resources of the Falcon Admission Controller |
| admissionConfig.updateStrategy | (optional) Configure the deployment update strategy of the Falcon Admission Controller |

Expand Down
7 changes: 7 additions & 0 deletions docs/src/resources/admission.md.tmpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,12 @@ spec:

### FalconAdmission Reference Manual

#### Falcon Operator Support for Falcon Admission Controller
| Falcon Operator Version | Falcon Admission Controller Version |
|:-----------------------------|:------------------------------------------|
| `<= 1.2.x` | `< 7.20.x` |
| `>= 1.3.x` | `>= 7.20.x` |

#### Falcon API Settings
| Spec | Description |
| :------------------------- | :------------------------------------------------------------------------------------------------------- |
Expand All @@ -59,6 +65,7 @@ spec:
| admissionConfig.tls.validity | (optional) Configure the validity of the TLS certificate used by the Falcon Admission Controller |
| admissionConfig.failurePolicy | (optional) Configure the failure policy of the Falcon Admission Controller |
| admissionConfig.disabledNamespaces.namespaces | (optional) Configure the list of namespaces the Falcon Admission Controller validating webhook should ignore |
| admissionConfig.deployWatcher | (optional) Determines if the falcon-watcher container is added to the Falcon Admission Controller Pod |
| admissionConfig.snapshotsEnabled | (optional) Determines if snapshots of Kubernetes resources are periodically taken for cluster visibility. |
| admissionConfig.snapshotsInterval | (optional) Time interval between two snapshots of Kubernetes resources in the cluster |
| admissionConfig.watcherEnabled | (optional) Determines if Kubernetes resources are watched for cluster visibility |
Expand Down

0 comments on commit 22d8b5b

Please sign in to comment.