Add an alternative "driverRepo" option, for private/internal driver repos other than drivers.falco.org

[fandradeg]

Motivation

Motivations for this request: 1) We use this Falco driver in our org, but per Security requirement, we're not allowed to download files from the big evil Internet, and rather this has to be done from an internal (https) repo. 2) We use custom Linux OS that is not used by AWS for EKS, so we need to compile the kernel module anyways.

Feature

Add in the daemonset templates, the option to grab the driver from an alternative location

Alternatives

If this already an option, please let me know... Otherwise, this is what I am proposing we could do:

diff --git a/falco/templates/daemonset.yaml b/falco/templates/daemonset.yaml index b7a91b8..bfc0f08 100644 --- a/falco/templates/daemonset.yaml +++ b/falco/templates/daemonset.yaml @@ -97,6 +97,10 @@ spec:

• name: FALCO_BPF_PROBE value: {{ .Values.ebpf.path }} {{- end }}

       {{- if .Values.driverRepo }}
         - name: driver_repo 
           value: {{ .Values.driverRepo }} 
       {{- end }}

  {{- if .Values.proxy.httpProxy }}

• name: http_proxy value: {{ .Values.proxy.httpProxy }}

And then, in the values.yaml just add

driverRepo: https://alternativelocation.com/locationhere

Additional context

No additional context.

[leogr]

Hey @fandradeg

First of all, sorry for the late reply. I missed this issue :(

If I understood correctly, the feature you are asking for is already implemented. The falco-driver-loader script supports the DRIVER_REPO env var (you can pass it via Helm values) to configure a custom driver repo base URL.

See here :point_down: under the "Configurable options" part https://falco.org/docs/getting-started/installation/#install-driver

Is this what you need? If yes, perhaps we poorly documented it, and this is a good chance for improvement.

[poiana]

Issues go stale after 90d of inactivity.

Mark the issue as fresh with /remove-lifecycle stale.

Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle stale

[poiana]

Stale issues rot after 30d of inactivity.

Mark the issue as fresh with /remove-lifecycle rotten.

Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Provide feedback via https://github.com/falcosecurity/community.

/lifecycle rotten

[poiana]

Rotten issues close after 30d of inactivity.

Reopen the issue with /reopen.

Mark the issue as fresh with /remove-lifecycle rotten.

Provide feedback via https://github.com/falcosecurity/community. /close

[poiana]

@poiana: Closing this issue.

In response to [this](https://github.com/falcosecurity/charts/issues/316#issuecomment-1297260874): >Rotten issues close after 30d of inactivity. > >Reopen the issue with `/reopen`. > >Mark the issue as fresh with `/remove-lifecycle rotten`. > >Provide feedback via https://github.com/falcosecurity/community. >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.