Skip to content

Falco Config Schema

Note

This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.

Return to the root config schema

https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/falco

Configuration for Falco, runtime security tool and threat detection.

Abstract Extensible Status Identifiable Custom Properties Additional Properties Access Restrictions Defined In
Can be instantiated No Unknown status No Forbidden Forbidden none config/schemas/config.yaml*

TYPE:

object (Falco Config)

PROPERTIES:

Property Type Required Nullable Defined by
enabled boolean Optional cannot be null Compliant Kubernetes Apps Config
alerts object Optional cannot be null Compliant Kubernetes Apps Config
driver object Optional cannot be null Compliant Kubernetes Apps Config
artifact object Optional cannot be null Compliant Kubernetes Apps Config
customIndexes array Optional cannot be null Compliant Kubernetes Apps Config
rulesFiles object Optional cannot be null Compliant Kubernetes Apps Config
customRules object Optional cannot be null Compliant Kubernetes Apps Config
tty boolean Optional cannot be null Compliant Kubernetes Apps Config
falcoExporter object Optional cannot be null Compliant Kubernetes Apps Config
falcoSidekick object Optional cannot be null Compliant Kubernetes Apps Config
resources object Optional cannot be null Compliant Kubernetes Apps Config
tolerations array Optional cannot be null Compliant Kubernetes Apps Config
nodeSelector object Optional cannot be null Compliant Kubernetes Apps Config
affinity object Optional cannot be null Compliant Kubernetes Apps Config

enabled

enabled

TYPE:

boolean (Falco Enabled)

DEFAULTS:

The default value is:

true

alerts

Configure Falco alerts sent from Falco sidekick.

alerts

TYPE:

object (Falco Alerts)

driver

Configuration for the Falco syscall driver used to collect events.

See the upstream documentation for more information.

driver

TYPE:

object (Falco Driver)

artifact

Configure Falcoctl artefact management.

See the upstream repository for reference.

artifact

TYPE:

object (Falcoctl Artifact)

customIndexes

Configure custom artefact indices for Falcoctl.

customIndexes

TYPE:

object[] (Falcoctl Custom Artifact Index)

rulesFiles

Configure standard rules to use in Falco.

See the upstream documentation for reference.

rulesFiles

TYPE:

object (Falco Rule Files)

customRules

Configure custom rules to use in Falco.

Note

See the upstream documentation for reference.

The keys will become the file name of the generated rule file, and all files are parsed in alphabetical order.

customRules

TYPE:

object (Falco Custom Rules)

tty

Attach the Falco process to a TTY inside the container.

Needed to flush Falco logs as soon as they are emitted.

tty

TYPE:

boolean (Falco Allocate TTY)

DEFAULTS:

The default value is:

true

falcoExporter

Basic configuration for Falco Exporter, the daemon set that exposes Falco alerts to Prometheus.

falcoExporter

TYPE:

object (Falco Exporter)

falcoSidekick

Basic configuration for Falco Sidekick, the deployment that forwards Falco alerts to Alertmanager.

falcoSidekick

TYPE:

object (Falco Sidekick)

resources

Resource requests are used by the kube-scheduler to pick a node to schedule pods on.

Limits are enforced. Resources are commonly 'cpu' and 'memory'.

resources

TYPE:

object (Kubernetes Resource Requirements)

EXAMPLES:

requests:
  memory: 128Mi
  cpu: 100m
limits:
  memory: 256Mi
  cpu: 250m

tolerations

Kubernetes Tolerations

Kubernetes taint and toleration

tolerations

TYPE:

an array of merged types (Details)

nodeSelector

Kubernetes node selector

Kubernetes assign pod node

nodeSelector

TYPE:

object (Kubernetes Node Selector)

EXAMPLES:

kubernetes.io/os: linux

affinity

Affinity is a group of affinity scheduling rules.

affinity

TYPE:

object (Affinity)

Return to the root config schema

Generated Sat Jun 22 03:48:20 UTC 2024 from elastisys/compliantkubernetes-apps@main