You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
We are using the latest (4.5.1) falco helm chart to deploy falco to our clusters using ArgoCD
After a while (minute or so) we see a diff in the live falco configMap vs. desired configMap (rendered from the falco helm chart)
Mostly this is due to incorrect indentation but also due to different yaml scalars
How to reproduce it
Deploy falco using helm and then compare the falco configMap against the rendered falco configMap. Or deploy using ArgoCD
Expected behaviour
We expect the live and desired state to match after we deploy falco using helm and ArgoCD
Screenshots
Environment
Falco version:
falco --version
Tue Jun 25 14:00:56 2024: Using deprecated config key 'rules_file' (singular form). Please use new 'rules_files' config key (plural form).
Tue Jun 25 14:00:56 2024: Falco version: 0.38.1 (x86_64)
Tue Jun 25 14:00:56 2024: Falco initialized with configuration files:
Tue Jun 25 14:00:56 2024: /etc/falco/falco.yaml
Tue Jun 25 14:00:56 2024: System info: Linux version 5.10.218-208.862.amzn2.x86_64 (mockbuild@ip-10-0-42-214) (gcc10-gcc (GCC) 10.5.0 20230707 (Red Hat 10.5.0-1), GNU ld version 2.35.2-9.amzn2.0.1) #1 SMP Tue Jun 4 16:52:10 UTC 2024
{"default_driver_version":"7.2.0+driver","driver_api_version":"8.0.0","driver_schema_version":"2.0.0","engine_version":"40","engine_version_semver":"0.40.0","falco_version":"0.38.1","libs_version":"0.17.2","plugin_api_version":"3.6.0"}
System info:
falco --support | jq .system_info
Tue Jun 25 13:58:31 2024: Using deprecated config key 'rules_file' (singular form). Please use new 'rules_files' config key (plural form).
Tue Jun 25 13:58:31 2024: Falco version: 0.38.1 (x86_64)
Tue Jun 25 13:58:31 2024: Falco initialized with configuration files:
Tue Jun 25 13:58:31 2024: /etc/falco/falco.yaml
Tue Jun 25 13:58:31 2024: System info: Linux version 5.10.218-208.862.amzn2.x86_64 (mockbuild@ip-10-0-42-214) (gcc10-gcc (GCC) 10.5.0 20230707 (Red Hat 10.5.0-1), GNU ld version 2.35.2-9.amzn2.0.1) #1 SMP Tue Jun 4 16:52:10 UTC 2024
Tue Jun 25 13:58:31 2024: Loading rules from file /etc/falco/falco_rules.yaml
Tue Jun 25 13:58:31 2024: Loading rules from file /etc/falco/rules.d/datadog-agent-exclude.yaml
Tue Jun 25 13:58:32 2024: Loading rules from file /etc/falco/rules.d/k8s-api-namespace-exclude.yaml
Tue Jun 25 13:58:32 2024: Loading rules from file /etc/falco/rules.d/kong-spawn-processes-exclude.yaml
{
"machine": "x86_64",
"nodename": "falco-2b9cd",
"release": "5.10.218-208.862.amzn2.x86_64",
"sysname": "Linux",
"version": "#1 SMP Tue Jun 4 16:52:10 UTC 2024"
}
Cloud provider or hardware configuration:
OS: EKS - linux
Kernel: 5.10.218-208.862.amzn2.x86_64
Installation method:
Kubernetes using Helm and ArgoCD
Additional context
The text was updated successfully, but these errors were encountered:
Hi @flickers, when the driver.kind is set to auto, falcoctl will automatically select the optimal driver for Falco. This selection will be updated in the Falco configmap. If you do not want this behavior then set the driver.kind to the desired driver:
Describe the bug
We are using the latest (4.5.1) falco helm chart to deploy falco to our clusters using ArgoCD
After a while (minute or so) we see a diff in the live falco configMap vs. desired configMap (rendered from the falco helm chart)
Mostly this is due to incorrect indentation but also due to different yaml scalars
How to reproduce it
Deploy falco using helm and then compare the falco configMap against the rendered falco configMap. Or deploy using ArgoCD
Expected behaviour
We expect the live and desired state to match after we deploy falco using helm and ArgoCD
Screenshots
Environment
Kubernetes using Helm and ArgoCD
Additional context
The text was updated successfully, but these errors were encountered: