CrowdStrike / terraform-kubectl-falcon

Module to manage CrowdStrike Falcon Sensor and the Kubernetes Protection Agent on a Kubernetes cluster.
https://registry.terraform.io/modules/CrowdStrike/falcon/kubectl/latest
The Unlicense
7 stars 14 forks source link

CrowdStrike FalconPy

Twitter URL

CrowdStrike Falcon

This repository contains modules that can be used to automate the deployment of the CrowdStrike Falcon Sensor, Falcon Admission Controller (KAC) and the Kubernetes Protection Agent (KPA) on a Kubernetes cluster.

Learn more about each module:

Module Description
operator Manages Falcon Sensor and KAC deployments
operator-openshift Manages Falcon Sensor and KAC deployments on OpenShift
k8s-protection-agent Manage KPA deployment

Pre-requisites

  1. You will need to provide CrowdStrike API Keys and CrowdStrike cloud region for the installation. It is recommended to establish new API credentials for the installation at https://falcon.crowdstrike.com/support/api-clients-and-keys, minimal required permissions are:

    Scope Name Permission
    Falcon Images Download Read
    Sensor Download Read
    Kubernetes Protection Agent Write
    Kubernetes Protection Read and Write
  2. You need a CrowdStrike Docker API Token and CID. See How to retrieve your Falcon Docker API Token and CID for instructions on how to retrieve your Docker API Token and CID.

Providers

No providers.

Resources

No resources.

Inputs

Name Description Type Default Required
cid Customer ID (CID) of the Falcon platform. string n/a yes
client_id Falcon API Client Id string n/a yes
client_secret Falcon API Client Secret string n/a yes
cloud Falcon Cloud Region to use. string n/a yes
cluster_name Your Cluster Name string n/a yes
docker_api_token Falcon Docker API Token string n/a yes
environment Environment or 'Alias' tag string "tf_module" no
operator_version Falcon Operator version to deploy. Can be a branch, tag, or commit hash of the falcon-operator repo. string "v0.9.1" no
sensor_type Falcon sensor type: FalconNodeSensor or FalconContainer. Requires platform = kubernetes string "FalconNodeSensor" no
node_sensor_mode Falcon Node Sensor mode: 'kernel' or 'bpf'. string "bpf" no
falcon_admission Whether to deploy the FalconAdmission Custom Resource (CR) to the cluster. bool 'true' no
platform Whether to deploy on kubernetes or OpenShift. string 'kubernetes' no
cleanup Whether to cleanup resources on destroy. bool 'true' no

Outputs

No outputs.

Usage

provider "aws" {
  region = local.region
}

# Example of using secrets stored in AWS Secrets Manager
data "aws_eks_cluster_auth" "this" {
  name = module.eks_blueprints.eks_cluster_id
}

data "aws_secretsmanager_secret_version" "current" {
  secret_id     = data.aws_secretsmanager_secret.falcon_secrets.id
  version_stage = var.aws_secret_version_stage
}

locals {
  cluster_name = "cluster-name"
  region       = var.region

  secrets = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)
}

module "crowdstrike_falcon" {
  source = "CrowdStrike/falcon/kubectl"
  version = "0.4.0"

  cid              = local.secrets["cid"]
  client_id        = local.secrets["client_id"]
  client_secret    = local.secrets["client_secret"]
  cloud            = var.cloud
  cluster_name     = local.cluster_name
  docker_api_token = local.secrets["docker_api_token"]
  platform         = "kubernetes"
}