search

falcosecurity / evolution

Evolution process of The Falco Project
Apache License 2.0
47 stars 37 forks source link

Donate alacuku/k8s-metacollector to falcosecurity #335

Closed alacuku closed 8 months ago

alacuku commented 8 months ago

Repository: https://github.com/alacuku/k8s-metacollector

Motivation Falco has a built-in functionality called Kubernetes Metadata Enrichment. It provides k8s metadata, fetched from the k8s api-server, used by Falco to enrich the system-call events. Furthermore, these metadata are available to users as events fields to be used in the conditions and 'outputs' of Falco rules.

The current k8s client has a number of issues described in this issue falcosecurity/falco#2973.

The new component addresses those issues and scales in large environments with thousands of nodes. It is a standalone component deployed alongside Falco in a Kubernetes cluster. It connects to the Kubernetes API server and dispatches the metadata to the Falco instances. For more info on the implementation details please refer to:

Please note that, the repository is still a work in progress since we are working on a new Falco plugin that will be paired with the metacollector and provide Falco with the k8s metadata.

Andreagit97 commented 8 months ago

Thank you for the amazing job! :rocket: +1 from me :+1:

count me in if you need help maintaining the project!

leogr commented 8 months ago

Big +1 from me! :partying_face:

LucaGuerra commented 8 months ago

+1 :tada: :rocket:

FedeDP commented 8 months ago

Big +1 from me!! :rocket:

leogr commented 8 months ago

PS count me as maintainer if you need help

zuc commented 8 months ago

+1 from me as well!

jasondellaluce commented 8 months ago

+1 for this!

Issif commented 8 months ago

Do you think we could extend this to more than just Kubernetes? I mean, collecting metadata for EC2, etc?

Huge +1 anyway :wink:

leogr commented 8 months ago

I guess we can proceed :)

@alacuku I will help with the process. /assign

Anyone other than @Andreagit97 and me is willing to maintain this project? :thinking: If so, please ping us. Thank you.

Issif commented 8 months ago

Count on me if others agree, I know go and k8s api.

alacuku commented 8 months ago

Do you think we could extend this to more than just Kubernetes? I mean, collecting metadata for EC2, etc?

It could be extended for other use-cases, but currently, we are focused on replacing the old k8s metadata fetcher in Falco.

leogr commented 8 months ago

I guess this is done :partying_face: https://github.com/alacuku/k8s-metacollector