event-generator launched through helm chart, can't run k8saudit tests - Githubissues

falcosecurity / charts

Community managed Helm charts for running Falco with Kubernetes

Apache License 2.0

239 stars 285 forks source link

event-generator launched through helm chart, can't run k8saudit tests #723

Closed cam-at-tactiq closed 1 month ago

cam-at-tactiq commented 2 months ago

Describe the bug

event-generator launched through helm chart, can't run k8saudit tests

How to reproduce it

  helm install event-generator-k8saudits falcosecurity/event-generator \
    --namespace event-generator \
    --create-namespace \
    --set config.loop=false \
    --set config.actions="^k8saudit"

Expected behaviour

K8S rules should run, instead we get the error: Error: none of the selected actions is enabled FATA error executing event-generator error="none of the selected actions is enabled"

Environment

Falco version:
System info: 4.7.2
Cloud provider or hardware configuration:
OS: GKE
Kernel:
Installation method: Helm

Additional context

cam-at-tactiq commented 2 months ago

Please see the issue https://github.com/falcosecurity/event-generator/issues/212 originally raised by alfredomagallon.

The fix for this is to add --all in the pod template here https://github.com/falcosecurity/charts/blob/ba95f4cbf29a66727535c9460aa8b4f6a778b1f1/charts/event-generator/templates/pod-template.tpl#L26

cam-at-tactiq commented 1 month ago

This is still an issue with an open PR at #725 to fix it, is anyone able to review that PR?

Andreagit97 commented 1 month ago

Ei! Thank you for the proposed fix we will take a look ASAP! @alacuku

leogr commented 1 month ago

Hey @cam-at-tactiq, this should be fixed now. May you confirm? Thanks

cam-at-tactiq commented 1 month ago

@leogr yes this is fixed now, thank you.