Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update(docs): add more details to kubernetes readme #96

Merged
merged 1 commit into from
Dec 19, 2023
Merged

update(docs): add more details to kubernetes readme #96

merged 1 commit into from
Dec 19, 2023

Conversation

incertum
Copy link
Contributor

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind update

/kind feature

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area manifests

/area documentation

What this PR does / why we need it:

Update docs for Kubernetes deployment to provide more details and add a note around what to keep in mind when testing this with minikube as I experienced some hiccups there.

@leogr @maxgio92

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

@poiana poiana added kind/documentation Improvements or additions to documentation dco-signoff: yes labels Dec 19, 2023
@poiana poiana added the size/S label Dec 19, 2023
@incertum incertum force-pushed the update-docs branch 2 times, most recently from a77c640 to d2b5cec Compare December 19, 2023 05:07
@poiana poiana added size/M and removed size/S labels Dec 19, 2023
@incertum
update(docs): add more details to kubernetes readme
b2336d0 
Signed-off-by: Melissa Kilby <melissa.kilby.oss@gmail.com>
leogr
leogr approved these changes Dec 19, 2023
View reviewed changes
Copy link
Member

@leogr leogr left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you!

LGTM and just left two comments (nothing blocking for now).

kubernetes/README.md

For additional guidance on using Falco in Kubernetes or benchmarking within a testbed, consider exploring the repository at https://github.com/falcosecurity/cncf-green-review-testing. Please note that the repository primarily focuses on testbed benchmarking, and as a result, the setup might not be best for real-world use.

__NOTE__: If you're working with [minikube](https://minikube.sigs.k8s.io/docs/start/) locally, bear in mind that specific mount setups might be necessary. For instance, running `minikube start --mount --mount-string="/usr/src:/usr/src" --driver=docker` ensures that the `driver-loader` can access `/usr/src/kernels/` if the kernel driver (`kmod` or `ebpf`) is built on-the-fly. Running Falco with `--modern-bpf` does not require building a driver because it is already bundled within the userspace binary. This capability is enabled by the newer CORE (Compile Once - Run Everywhere) BPF feature and works only on more recent kernels (>= 5.8).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This page https://falco.org/docs/install-operate/running/#docker may help users check which mounts are required, depending on the chosen setup.

kubernetes/README.md
Comment on lines +17 to +28
### What's Included in the `falco` Deployment?

**initContainers**
- `falco-driver-loader`: Downloads the kernel driver or attempts to build it on-the-fly.
- `falcoctl-artifact-install`: Downloads default rules and installs falcoctl along with other artifacts like plugins.


**containers**
- `falco`: Executes the Falco binary.
- `falcoctl-artifact-follow`: Utilizes falcoctl's functionality to watch for updated rules.

The template daemonset setup does not handle the method of extracting Falco logs from the container to their final destination (such as a data lake or SIEM). You can explore using tools like `falco-exporter`, `falcosidekick`, or create custom solutions.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note for the future: this may slightly change a bit in Falco 0.37 since the porting of the driver loader into falcoctl cc @alacuku @Andreagit97 @LucaGuerra

@poiana poiana added the lgtm label Dec 19, 2023
@poiana
Copy link
Contributor

poiana commented Dec 19, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: incertum, leogr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana
Copy link
Contributor

poiana commented Dec 19, 2023

LGTM label has been added.

Git tree hash: 36b07d78b0100797bf4da90152a939290dd784b7

@poiana poiana merged commit 9e06139 into falcosecurity:main Dec 19, 2023
2 checks passed
@incertum incertum deleted the update-docs branch December 19, 2023 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leogr leogr leogr approved these changes

@maxgio92 maxgio92 Awaiting requested review from maxgio92

Assignees

@leogr leogr

Labels
approved dco-signoff: yes kind/documentation Improvements or additions to documentation lgtm size/M
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@incertum @poiana @leogr