Motivation
I would like to have High Avaibility for my falco audit eks plugin which works as one pod in eks cluster. I don’t want to miss any of the events from eks if my pod will be failing or crashing due to different reasons (OOM etc)
I would like to utilise Falcosidkick pods for eks audit plugin pod which I have deployed for syscalls etc in order to not waste resources on my cluster. Can I point in configuration the falcosidekick endpoint instead of creating new one for the audit deployment?
HA for audit pods - it’s dangerous to have just one pod for audit eks plugin since the pod can crash or stop working and I will be missing for some time the alerts
Sidekick pods - I’m wasting resources on cluster instead of using already working sidekick pods
Feature
I would like to run the audit plugin pods with 3 replicas in order to provide HA and consume the logs from SQS in order to not have duplicated alerts
I would like to point in the configuration which sidekick I want to use instead of creating new one
Alternatives
robert-pudlowski-mox
commented
1 week ago
Motivation I would like to have High Avaibility for my falco audit eks plugin which works as one pod in eks cluster. I don’t want to miss any of the events from eks if my pod will be failing or crashing due to different reasons (OOM etc)
I would like to utilise Falcosidkick pods for eks audit plugin pod which I have deployed for syscalls etc in order to not waste resources on my cluster. Can I point in configuration the falcosidekick endpoint instead of creating new one for the audit deployment?
HA for audit pods - it’s dangerous to have just one pod for audit eks plugin since the pod can crash or stop working and I will be missing for some time the alerts
Sidekick pods - I’m wasting resources on cluster instead of using already working sidekick pods
Feature
I would like to run the audit plugin pods with 3 replicas in order to provide HA and consume the logs from SQS in order to not have duplicated alerts
I would like to point in the configuration which sidekick I want to use instead of creating new one Alternatives
Additional context