Donate alacuku/k8s-metacollector to falcosecurity #335
Comments
|
Thank you for the amazing job! 🚀 +1 from me 👍 count me in if you need help maintaining the project! |
|
Big +1 from me! 🥳 |
|
+1 🎉 🚀 |
|
Big +1 from me!! 🚀 |
|
PS count me as maintainer if you need help |
|
+1 from me as well! |
|
+1 for this! |
|
Do you think we could extend this to more than just Kubernetes? I mean, collecting metadata for EC2, etc? Huge +1 anyway 😉 |
|
I guess we can proceed :) @alacuku I will help with the process. Anyone other than @Andreagit97 and me is willing to maintain this project? 🤔 If so, please ping us. Thank you. |
|
Count on me if others agree, I know go and k8s api. |
It could be extended for other use-cases, but currently, we are focused on replacing the old k8s metadata fetcher in Falco. |
|
I guess this is done 🥳 https://github.com/alacuku/k8s-metacollector |
Repository: https://github.com/alacuku/k8s-metacollector
Motivation
Falco has a built-in functionality called Kubernetes Metadata Enrichment. It provides k8s metadata, fetched from the k8s api-server, used by Falco to enrich the system-call events. Furthermore, these metadata are available to users as events fields to be used in the
conditionsand 'outputs' of Falco rules.The current k8s client has a number of issues described in this issue falcosecurity/falco#2973.
The new component addresses those issues and scales in large environments with thousands of nodes. It is a standalone component deployed alongside Falco in a Kubernetes cluster. It connects to the Kubernetes API server and dispatches the metadata to the Falco instances. For more info on the implementation details please refer to:
Please note that, the repository is still a work in progress since we are working on a new Falco
pluginthat will be paired with themetacollectorand provide Falco with the k8s metadata.The text was updated successfully, but these errors were encountered: