Open billnbell3 opened 3 weeks ago
any ideas? Do I need to install ca-certificates? How do I do that?
OK I figured it out. A couple things.
Yeah you can install ca-certificates using the EKS example on AWS.
I cannot install
module "crowdstrike_falcon" {
source = "CrowdStrike/falcon/kubectl"
version = "0.4.0"
cid = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)["CID"]
client_id = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)["FALCON_CLIENT_ID"]
client_secret = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)["FALCON_CLIENT_SECRET"]
cloud = "us-2"
cluster_name = local.cluster_name
docker_api_token = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)["DOCKER_TOKEN"]
platform = "kubernetes"
operator_version = "v1.2.0"
falcon_admission = true
# node_manifest_path = "default"
}
falcon_admission = true
needs to be set to false, then run it thru terraform apply
then set to true.
It is really not a good way.
I get this error:
╷
│ Error: falcon-operator/falcon-node-sensor failed to fetch resource from kubernetes: the server could not find the requested resource
│
│ with module.crowdstrike_falcon.module.falcon_operator[0].kubectl_manifest.falcon_node_sensor[0],
│ on .terraform/modules/crowdstrike_falcon/modules/operator/main.tf line 94, in resource "kubectl_manifest" "falcon_node_sensor":
│ 94: resource "kubectl_manifest" "falcon_node_sensor" {
│
╵
╷
│ Error: falcon-admission failed to fetch resource from kubernetes: the server could not find the requested resource
│
│ with module.crowdstrike_falcon.module.falcon_operator[0].kubectl_manifest.falcon_admission_controller[0],
│ on .terraform/modules/crowdstrike_falcon/modules/operator/main.tf line 112, in resource "kubectl_manifest" "falcon_admission_controller":
│ 112: resource "kubectl_manifest" "falcon_admission_controller" {
│
╵
Also - is anyone monitoring this GitHub repo ?
When I use the 0.4.0 version on AWS I get errors concerning the pod for admission - how do we fix?
2024/08/20 15:21:35 http: TLS handshake error from 10.6.3.109:52682: remote error: tls: bad certificate 2024/08/20 15:21:35 http: TLS handshake error from 10.6.3.109:52692: remote error: tls: bad certificate 2024/08/20 15:21:39 http: TLS handshake error from 10.6.3.109:44544: remote error: tls: bad certificate 2024/08/20 15:21:39 http: TLS handshake error from 10.6.3.109:44554: remote error: tls: bad certificate 2024/08/20 15:21:39 http: TLS handshake error from 10.6.3.109:44562: remote error: tls: bad certificate 2024/08/20 15:21:39 http: TLS handshake error from 10.6.3.109:44570: remote error: tls: bad certificate 2024/08/20 15:21:46 http: TLS handshake error from 10.6.3.109:44574: remote error: tls: bad certificate 2024/08/20 15:21:46 http: TLS handshake error from 10.6.3.109:44580: remote error: tls: bad certificate 2024/08/20 15:21:46 http: TLS handshake error from 10.6.3.109:44592: remote error: tls: bad certificate