EKS issue with falcon_admission = true

billnbell3 commented 3 weeks ago

module "crowdstrike_falcon" {
  source = "CrowdStrike/falcon/kubectl"
  version = "0.4.0"

  cid              = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)["CID"]
  client_id        = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)["FALCON_CLIENT_ID"]
  client_secret    = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)["FALCON_CLIENT_SECRET"]
  cloud            = "us-2"
  cluster_name     = local.cluster_name
  docker_api_token = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)["DOCKER_TOKEN"]
  platform         = "kubernetes"
  operator_version = "v1.1.0"
  falcon_admission = false
}

When I use the 0.4.0 version on AWS I get errors concerning the pod for admission - how do we fix?

2024/08/20 15:21:35 http: TLS handshake error from 10.6.3.109:52682: remote error: tls: bad certificate 2024/08/20 15:21:35 http: TLS handshake error from 10.6.3.109:52692: remote error: tls: bad certificate 2024/08/20 15:21:39 http: TLS handshake error from 10.6.3.109:44544: remote error: tls: bad certificate 2024/08/20 15:21:39 http: TLS handshake error from 10.6.3.109:44554: remote error: tls: bad certificate 2024/08/20 15:21:39 http: TLS handshake error from 10.6.3.109:44562: remote error: tls: bad certificate 2024/08/20 15:21:39 http: TLS handshake error from 10.6.3.109:44570: remote error: tls: bad certificate 2024/08/20 15:21:46 http: TLS handshake error from 10.6.3.109:44574: remote error: tls: bad certificate 2024/08/20 15:21:46 http: TLS handshake error from 10.6.3.109:44580: remote error: tls: bad certificate 2024/08/20 15:21:46 http: TLS handshake error from 10.6.3.109:44592: remote error: tls: bad certificate

billnbell3 commented 3 weeks ago

any ideas? Do I need to install ca-certificates? How do I do that?

billnbell3 commented 3 days ago

OK I figured it out. A couple things.

Yeah you can install ca-certificates using the EKS example on AWS.

I cannot install

module "crowdstrike_falcon" {
  source  = "CrowdStrike/falcon/kubectl"
  version = "0.4.0"

  cid              = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)["CID"]
  client_id        = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)["FALCON_CLIENT_ID"]
  client_secret    = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)["FALCON_CLIENT_SECRET"]
  cloud            = "us-2"
  cluster_name     = local.cluster_name
  docker_api_token = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)["DOCKER_TOKEN"]
  platform         = "kubernetes"
  operator_version = "v1.2.0"
  falcon_admission = true
  # node_manifest_path = "default"
}

falcon_admission = true needs to be set to false, then run it thru terraform apply then set to true.

It is really not a good way.

I get this error:

╷
│ Error: falcon-operator/falcon-node-sensor failed to fetch resource from kubernetes: the server could not find the requested resource
│ 
│   with module.crowdstrike_falcon.module.falcon_operator[0].kubectl_manifest.falcon_node_sensor[0],
│   on .terraform/modules/crowdstrike_falcon/modules/operator/main.tf line 94, in resource "kubectl_manifest" "falcon_node_sensor":
│   94: resource "kubectl_manifest" "falcon_node_sensor" {
│ 
╵
╷
│ Error: falcon-admission failed to fetch resource from kubernetes: the server could not find the requested resource
│ 
│   with module.crowdstrike_falcon.module.falcon_operator[0].kubectl_manifest.falcon_admission_controller[0],
│   on .terraform/modules/crowdstrike_falcon/modules/operator/main.tf line 112, in resource "kubectl_manifest" "falcon_admission_controller":
│  112: resource "kubectl_manifest" "falcon_admission_controller" {
│ 
╵

billnbell3 commented 3 days ago

Also - is anyone monitoring this GitHub repo ?

CrowdStrike / terraform-kubectl-falcon

EKS issue with falcon_admission = true #50