Skip to content

Commit

Permalink
feat: add cluster visibility to FalconAdmission
Browse files Browse the repository at this point in the history
  • Loading branch information
@gpontejos
gpontejos committed Oct 1, 2024
1 parent 22d8b5b commit 5623c3e
Show file tree
Hide file tree
Showing 2 changed files with 32 additions and 10 deletions.
21 changes: 16 additions & 5 deletions docs/deployment/openshift/resources/admission/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,12 @@ spec:
### FalconAdmission Reference Manual
#### Falcon Operator Support for Falcon Admission Controller
| Falcon Operator Version | Falcon Admission Controller Version |
|:-----------------------------|:------------------------------------------|
| `<= 1.2.x` | `< 7.20.x` |
| `>= 1.3.x` | `>= 7.20.x` |

#### Falcon API Settings
| Spec | Description |
| :------------------------- | :------------------------------------------------------------------------------------------------------- |
Expand All @@ -53,17 +59,22 @@ spec:
| registry.tls.caCertificateConfigMap | (optional) The name of a ConfigMap containing CA Certificate Authority Chains under keys ending in ".tls" for self-signed TLS Registry Certificates (ignored when registry.tls.caCertificate is set) |
| registry.acr_name | (optional) Name of ACR for the Falcon Admission push. Only applicable to Azure cloud. (`registry.type="acr"`) |
| resourcequota.pods | (optional) Configure the maximum number of pods that can be created in the falcon-kac namespace |
| admissionConfig.serviceAccount.annotations| (optional) Configure annotations for the falcon-kac service account (e.g. for IAM role association) |
| admissionConfig.serviceAccount.annotations| (optional) Configure annotations for the falcon-kac service account (e.g. for IAM role association) |
| admissionConfig.servicePort | (optional) Configure the port the Falcon Admission Controller Service listens on |
| admissionConfig.containerPort | (optional) Configure the port the Falcon Admission Controller container listens on |
| admissionConfig.tls.validity | (optional) Configure the validity of the TLS certificate used by the Falcon Admission Controller |
| admissionConfig.failurePolicy | (optional) Configure the failure policy of the Falcon Admission Controller |
| admissionConfig.containerPort | (optional) Configure the port the Falcon Admission Controller container listens on |
| admissionConfig.tls.validity | (optional) Configure the validity of the TLS certificate used by the Falcon Admission Controller |
| admissionConfig.failurePolicy | (optional) Configure the failure policy of the Falcon Admission Controller |
| admissionConfig.disabledNamespaces.namespaces | (optional) Configure the list of namespaces the Falcon Admission Controller validating webhook should ignore |
| admissionConfig.deployWatcher | (optional) Determines if the falcon-watcher container is added to the Falcon Admission Controller Pod |
| admissionConfig.snapshotsEnabled | (optional) Determines if snapshots of Kubernetes resources are periodically taken for cluster visibility. |
| admissionConfig.snapshotsInterval | (optional) Time interval between two snapshots of Kubernetes resources in the cluster |
| admissionConfig.watcherEnabled | (optional) Determines if Kubernetes resources are watched for cluster visibility |
| admissionConfig.replicas | (optional) Currently ignored and internally set to 1 |
| admissionConfig.imagePullPolicy | (optional) Configure the image pull policy of the Falcon Admission Controller |
| admissionConfig.imagePullSecrets | (optional) Configure the image pull secrets of the Falcon Admission Controller |
| admissionConfig.resourcesClient | (optional) Configure the resources client of the Falcon Admission Controller |
| admissionConfig.resources | (optional) Configure the resources of the Falcon Admission Controller |
| admissionConfig.resourcesWatcher | (optional) Configure the resources watcher of the Falcon Admission Controller |
| admissionConfig.resources | (optional) Configure the resources of the Falcon Admission Controller |
| admissionConfig.updateStrategy | (optional) Configure the deployment update strategy of the Falcon Admission Controller |


Expand Down
21 changes: 16 additions & 5 deletions docs/resources/admission/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,12 @@ spec:
### FalconAdmission Reference Manual
#### Falcon Operator Support for Falcon Admission Controller
| Falcon Operator Version | Falcon Admission Controller Version |
|:-----------------------------|:------------------------------------------|
| `<= 1.2.x` | `< 7.20.x` |
| `>= 1.3.x` | `>= 7.20.x` |

#### Falcon API Settings
| Spec | Description |
| :------------------------- | :------------------------------------------------------------------------------------------------------- |
Expand All @@ -53,17 +59,22 @@ spec:
| registry.tls.caCertificateConfigMap | (optional) The name of a ConfigMap containing CA Certificate Authority Chains under keys ending in ".tls" for self-signed TLS Registry Certificates (ignored when registry.tls.caCertificate is set) |
| registry.acr_name | (optional) Name of ACR for the Falcon Admission push. Only applicable to Azure cloud. (`registry.type="acr"`) |
| resourcequota.pods | (optional) Configure the maximum number of pods that can be created in the falcon-kac namespace |
| admissionConfig.serviceAccount.annotations| (optional) Configure annotations for the falcon-kac service account (e.g. for IAM role association) |
| admissionConfig.serviceAccount.annotations| (optional) Configure annotations for the falcon-kac service account (e.g. for IAM role association) |
| admissionConfig.servicePort | (optional) Configure the port the Falcon Admission Controller Service listens on |
| admissionConfig.containerPort | (optional) Configure the port the Falcon Admission Controller container listens on |
| admissionConfig.tls.validity | (optional) Configure the validity of the TLS certificate used by the Falcon Admission Controller |
| admissionConfig.failurePolicy | (optional) Configure the failure policy of the Falcon Admission Controller |
| admissionConfig.containerPort | (optional) Configure the port the Falcon Admission Controller container listens on |
| admissionConfig.tls.validity | (optional) Configure the validity of the TLS certificate used by the Falcon Admission Controller |
| admissionConfig.failurePolicy | (optional) Configure the failure policy of the Falcon Admission Controller |
| admissionConfig.disabledNamespaces.namespaces | (optional) Configure the list of namespaces the Falcon Admission Controller validating webhook should ignore |
| admissionConfig.deployWatcher | (optional) Determines if the falcon-watcher container is added to the Falcon Admission Controller Pod |
| admissionConfig.snapshotsEnabled | (optional) Determines if snapshots of Kubernetes resources are periodically taken for cluster visibility. |
| admissionConfig.snapshotsInterval | (optional) Time interval between two snapshots of Kubernetes resources in the cluster |
| admissionConfig.watcherEnabled | (optional) Determines if Kubernetes resources are watched for cluster visibility |
| admissionConfig.replicas | (optional) Currently ignored and internally set to 1 |
| admissionConfig.imagePullPolicy | (optional) Configure the image pull policy of the Falcon Admission Controller |
| admissionConfig.imagePullSecrets | (optional) Configure the image pull secrets of the Falcon Admission Controller |
| admissionConfig.resourcesClient | (optional) Configure the resources client of the Falcon Admission Controller |
| admissionConfig.resources | (optional) Configure the resources of the Falcon Admission Controller |
| admissionConfig.resourcesWatcher | (optional) Configure the resources watcher of the Falcon Admission Controller |
| admissionConfig.resources | (optional) Configure the resources of the Falcon Admission Controller |
| admissionConfig.updateStrategy | (optional) Configure the deployment update strategy of the Falcon Admission Controller |


Expand Down

0 comments on commit 5623c3e

Please sign in to comment.