From 2bb2b7259c2d9f830c5ba0be0c7dafdff11ba486 Mon Sep 17 00:00:00 2001 From: gitea-admin Date: Tue, 2 Jun 2026 06:04:08 +0000 Subject: [PATCH] feat: deploy Falco runtime security --- .../security-monitoring/falco-app.yaml | 68 +++++++++++++++++++ 1 file changed, 68 insertions(+) create mode 100644 deployments/security-monitoring/falco-app.yaml diff --git a/deployments/security-monitoring/falco-app.yaml b/deployments/security-monitoring/falco-app.yaml new file mode 100644 index 0000000..b3afbf1 --- /dev/null +++ b/deployments/security-monitoring/falco-app.yaml @@ -0,0 +1,68 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: falco + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: https://falcosecurity.github.io/charts + chart: falco + targetRevision: 3.9.0 + helm: + releaseName: falco + values: | + ## Falco configuration + falco: + config: + ## Log output + json_output: true + json_include_output_property: true + ## Log stdout + webhook for Wazuh integration + programs_output: + - enabled: true + keep_alive: false + executor: /etc/falco/webhook.sh + file_output: + - enabled: true + keep_alive: false + filename: /var/log/falco/falco.log + syscall_event_drops: + enable_outputs: true + max_percentage_lost: 20.0 + rate: 10 + base_syscalls: + enable_outputs: false + buffers_pmem: false + syscall_buffer_num_pages: 256 + + ## Falco host mount + hostNetwork: true + hostPID: true + tolerations: + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + resources: + requests: + cpu: "200m" + memory: "256Mi" + limits: + cpu: "1" + memory: "512Mi" + + destination: + server: https://kubernetes.default.svc + namespace: falco + + syncPolicy: + automated: + prune: true + selfHeal: true + syncOptions: + - CreateNamespace=true -- 2.52.0