New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add http-headers as flag to docker-entrypoint.sh of driver-loader, legacy and falco #3070
Comments
@FedeDP |
Yes feel free to add the feat! We will release a new falcoctl (v0.7.2) soon that will be included in the upcoming Falco 0.37.1 patch release. |
/milestone 0.37.1 |
The repo flag is also not enabled yet in docker right @FedeDP ?
But it is not used anywhere in the script, so I guess that needs to be enabled as well right? |
I assume we cannot simply add it via --repos=$FALCOCTL_DRIVER_REPOS as it would be empty in the default case. I am wondering how this could be implemented. Is there a way to dynamically create the argument string and parse it to falcoctl driver in the end of the script? |
Nope because FALCOCTL_DRIVER_{REPOS/NAME} are env variable consumed by falcoctl, therefore there is no need to also add the flag (every falcoctl driver related flag is also bound to a FALCOCTL_DRIVER env variable!). |
Ah alright! Let me check |
@FedeDP I decided to close the pull request again because I was wondering if this should also be implemented as a global flag? Are there any usages of this outside falcoctl driver download? If repos is a global flag, shouldn't this then also be one? |
However, http-headers is only used in driver install rn, so I assume it does not have other usages. |
Yep it might be kept as env var only (and documented in the driver loader images helper message). My rule of thumb would be: was it exposed as a flag by old falco-driver-loader script? If it was, then we should expose it once again, otherwise keep it as env variable only ;) |
Old driver-loader did expose:
We are exposing the same except for:
|
(Some env variables were renamed but their functionality is still present) |
Yes I had been using DRIVER_CURL_OPTIONS like "-H..." before the update. I will do some additional tests locally and then reopen the pull request. Also, if there is anyhting else I can do please let me know, it has been a lot of fun working on this :) |
I think that for the patch release (0.37.1) we are good to go with your upcoming changes! You did a great job, thank you very much for your contribution! |
Feel free to close this one once you tested it :) |
Maybe I am missing something here but my tests were not successfull so far as the FALCOCTL_DRIVER_REPOS env variable in the container is not consumed by falcoctl. Is it possible that the binding (probably by viper.BindEnv) is missing for FALCOCTL_DRIVER_REPOS? @FedeDP |
Mmmh, i just tried:
It should work fine. We should not miss anything since the env variable gets automatically parsed by viper. How did you set the env variable in the container? |
Also:
|
Ahh yes it works. I am sorry, used |
Motivation
http-headers has been added to the falcoctl driver install command. Since this tool is used for the driver compile/download in the falco, driver-loader and legacy image, it should be added to the respective docker entrypoints scripts. Otherwise there would be no possibilty to use this from a containerised deployment.
Feature
Add http-headers as an additional flag of the docker-entrypoint script of driver-loader, legacy driver-loader and falco. It will be forwarded to the falcoctl driver install command in the end of the day
Alternatives
There is no alternative implementation about how http-headers could be enabled.
Additional context
http-headers has been recently added to falcoctl so it must be made sure that version is used in the driver-loader, legacy and falco images. If an old version is used, the command will of course fail.
The text was updated successfully, but these errors were encountered: