Falco Config Schema¶
Note
This is auto-generated documentation from a JSON schema that is under construction, this will improve over time.
Return to the root config schema
https://raw.githubusercontent.com/elastisys/compliantkubernetes-apps/main/config/schemas/config.yaml#/properties/falco
Configuration for Falco, runtime security tool and threat detection.
| Abstract | Extensible | Status | Identifiable | Custom Properties | Additional Properties | Access Restrictions | Defined In |
|---|---|---|---|---|---|---|---|
| Can be instantiated | No | Unknown status | No | Forbidden | Forbidden | none | config/schemas/config.yaml* |
TYPE:
object (Falco Config)
PROPERTIES:
| Property | Type | Required | Nullable | Defined by |
|---|---|---|---|---|
| enabled | boolean |
Optional | cannot be null | Welkin Apps Config |
| alerts | object |
Optional | cannot be null | Welkin Apps Config |
| driver | object |
Optional | cannot be null | Welkin Apps Config |
| artifact | object |
Optional | cannot be null | Welkin Apps Config |
| customIndexes | array |
Optional | cannot be null | Welkin Apps Config |
| rulesFiles | object |
Optional | cannot be null | Welkin Apps Config |
| customRules | object |
Optional | cannot be null | Welkin Apps Config |
| tty | boolean |
Optional | cannot be null | Welkin Apps Config |
| falcoExporter | object |
Optional | cannot be null | Welkin Apps Config |
| falcoSidekick | object |
Optional | cannot be null | Welkin Apps Config |
| resources | object |
Optional | cannot be null | Welkin Apps Config |
| tolerations | array |
Optional | cannot be null | Welkin Apps Config |
| nodeSelector | object |
Optional | cannot be null | Welkin Apps Config |
| affinity | object |
Optional | cannot be null | Welkin Apps Config |
enabled¶
enabled
-
is optional
-
Type:
boolean(Falco Enabled) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
boolean (Falco Enabled)
DEFAULTS:
The default value is:
true
alerts¶
Configure Falco alerts sent from Falco sidekick.
alerts
-
is optional
-
Type:
object(Falco Alerts) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (Falco Alerts)
driver¶
Configuration for the Falco syscall driver used to collect events.
See the upstream documentation for more information.
driver
-
is optional
-
Type:
object(Falco Driver) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (Falco Driver)
artifact¶
Configure Falcoctl artefact management.
See the upstream repository for reference.
artifact
-
is optional
-
Type:
object(Falcoctl Artifact) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (Falcoctl Artifact)
customIndexes¶
Configure custom artefact indices for Falcoctl.
customIndexes
-
is optional
-
Type:
object[](Falcoctl Custom Artifact Index) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object[] (Falcoctl Custom Artifact Index)
rulesFiles¶
Configure standard rules to use in Falco.
See the upstream documentation for reference.
rulesFiles
-
is optional
-
Type:
object(Falco Rule Files) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (Falco Rule Files)
customRules¶
Configure custom rules to use in Falco.
Note
See the upstream documentation for reference.
The keys will become the file name of the generated rule file, and all files are parsed in alphabetical order.
customRules
-
is optional
-
Type:
object(Falco Custom Rules) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (Falco Custom Rules)
tty¶
Attach the Falco process to a TTY inside the container.
Needed to flush Falco logs as soon as they are emitted.
tty
-
is optional
-
Type:
boolean(Falco Allocate TTY) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
boolean (Falco Allocate TTY)
DEFAULTS:
The default value is:
true
falcoExporter¶
Basic configuration for Falco Exporter, the daemon set that exposes Falco alerts to Prometheus.
falcoExporter
-
is optional
-
Type:
object(Falco Exporter) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (Falco Exporter)
falcoSidekick¶
Basic configuration for Falco Sidekick, the deployment that forwards Falco alerts to Alertmanager.
falcoSidekick
-
is optional
-
Type:
object(Falco Sidekick) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (Falco Sidekick)
resources¶
Resource requests are used by the kube-scheduler to pick a node to schedule pods on.
Limits are enforced. Resources are commonly 'cpu' and 'memory'.
resources
-
is optional
-
Type:
object(Kubernetes Resource Requirements) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (Kubernetes Resource Requirements)
EXAMPLES:
requests:
memory: 128Mi
cpu: 100m
limits:
memory: 256Mi
cpu: 250m
tolerations¶
Kubernetes Tolerations
Kubernetes taint and toleration
tolerations
-
is optional
-
Type: an array of merged types (Details)
-
cannot be null
-
defined in: Welkin Apps Config
TYPE:
an array of merged types (Details)
nodeSelector¶
Kubernetes node selector
nodeSelector
-
is optional
-
Type:
object(Kubernetes Node Selector) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (Kubernetes Node Selector)
EXAMPLES:
kubernetes.io/os: linux
affinity¶
Affinity is a group of affinity scheduling rules.
affinity
-
is optional
-
Type:
object(Affinity) -
cannot be null
-
defined in: Welkin Apps Config
TYPE:
object (Affinity)
Return to the root config schema
Generated Sun Nov 17 03:51:36 UTC 2024 from elastisys/compliantkubernetes-apps@main