correct k8s audit endpoint

[leogr]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

Any specific area of the project related to this PR?

/area engine

What this PR does / why we need it:

This PR changes the value of webserver.k8s_audit_endpoint from /k8s_audit to /k8s-audit, because a path that contains an underscore (_) won't work when the audit sink webhook is configured with a service reference (instead of an URL).

To reproduce the issue just kubectl apply the following example:

apiVersion: auditregistration.k8s.io/v1alpha1
kind: AuditSink
metadata:
  name: falco-audit-sink
spec:
  policy:
    level: RequestResponse
    stages:
      - ResponseComplete
      - ResponseStarted
  webhook:
    throttle:
      qps: 10
      burst: 15
    clientConfig:
      service:
        namespace: default
        name: falco-service
        path: /k8s_audit
        port: 8765

Then you get the following error:

The AuditSink "falco-audit-sink" is invalid: spec.webhook.clientConfig.service.path: Invalid value: "/k8s_audit": segment[0]: a DNS-1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

• The helm chart has been using the correct endpoint (ie. /k8s-audit) since the initial k8s audit support (11 months ago, see here) and the latest version still has the correct endpoint
• This problem has already been fixed by fix: k8s audit only evolution#26 with this commit in the k8s-audit-only example resources.

Does this PR introduce a user-facing change?:

update(falco.yaml): `webserver.k8s_audit_endpoint` default value changed from `/k8s_audit` to `/k8s-audit`

[leogr]

cc @maxgio92 @nibalizer FYI

[Kaizhe]

/lgtm

[Kaizhe]

looks like we will need to fix this file as well: https://github.com/falcosecurity/evolution/blob/abcf585fd7c9976a95d90dbd9ffcfdb9324f4855/examples/k8s_audit_config/webhook-config.yaml.in#L6

[poiana]

LGTM label has been added.

Git tree hash: 351960acce30df3bcd417c6e3f7be7cf273332ed

[poiana]

LGTM label has been added.

Git tree hash: 351960acce30df3bcd417c6e3f7be7cf273332ed

[leodido]

Thanks!

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Kaizhe, leodido

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [leodido]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[fntlnz]

I just noticed that this is not complete. I'm folllowing up with a PR.