Kubernetes example needs the Sysdig ClusterRole

[agilgur5]

It requires the required-access-sysdig ClusterRole to work properly. Perhaps by default the example should also contain a ServiceAccount attached to the DaemonSet and a ClusterRoleBinding to that ServiceAccount

[JPLachance]

I got the same issue! I'll drop my fix here for others that may be looking for the answer:

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: falco-cluster-role
rules:
  - apiGroups:
      - extensions
      - ''
    resources:
      - nodes
      - namespaces
      - pods
      - replicationcontrollers
      - services
      - events
    verbs:
      - get
      - list
      - watch
  - nonResourceURLs:
      - /healthz
      - /healthz/*
    verbs:
      - get
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: falco-service-account-roles
subjects:
  - kind: ServiceAccount
    namespace: falco-ns
    name: falco-service-account
roleRef:
  kind: ClusterRole
  name: falco-cluster-role
  apiGroup: rbac.authorization.k8s.io
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: falco-service-account
  namespace: falco-ns

Simply replace falco-ns by the name of the namespace you deployed Falco into and add serviceAccount: falco-service-account under spec.template.spec in your Falco Deployment/DaemonSet YAML.

I took the role definition from https://support.sysdig.com/hc/en-us/articles/206770633-Sysdig-Install-Kubernetes-. It may give more rights than needed for Falco. I'll let that as a TODO!

[mstemm]

In #309 we updated our example to include a rbac-based variant, so this should be fixed now.