From 7527d0f635bd3a20ece3362fcd8d7b9e418d939a Mon Sep 17 00:00:00 2001 From: Fabian Zimmermann Date: Fri, 23 Feb 2024 14:12:01 +0100 Subject: [PATCH] use directory-mapping instead of simple containerd.socket-file-mapping to allow falco to reconnect if containerd got restarted on host Fixes #632 Signed-off-by: Fabian Zimmermann --- charts/falco/CHANGELOG.md | 4 ++++ charts/falco/Chart.yaml | 2 +- charts/falco/README.md | 2 +- charts/falco/templates/pod-template.tpl | 20 ++++++++++++-------- 4 files changed, 18 insertions(+), 10 deletions(-) diff --git a/charts/falco/CHANGELOG.md b/charts/falco/CHANGELOG.md index 649b34de..46212c1c 100644 --- a/charts/falco/CHANGELOG.md +++ b/charts/falco/CHANGELOG.md @@ -3,6 +3,10 @@ This file documents all notable changes to Falco Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v4.5.1 + +* falco is now able to reconnect to containerd.socket + ## v4.5.0 * bump Falco version to 0.38.1 diff --git a/charts/falco/Chart.yaml b/charts/falco/Chart.yaml index a49ba8cc..ff2a9348 100644 --- a/charts/falco/Chart.yaml +++ b/charts/falco/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: falco -version: 4.5.0 +version: 4.5.1 appVersion: "0.38.1" description: Falco keywords: diff --git a/charts/falco/README.md b/charts/falco/README.md index aab1b149..27ca8456 100644 --- a/charts/falco/README.md +++ b/charts/falco/README.md @@ -581,7 +581,7 @@ If you use a Proxy in your cluster, the requests between `Falco` and `Falcosidek ## Configuration -The following table lists the main configurable parameters of the falco chart v4.5.0 and their default values. See [values.yaml](./values.yaml) for full list. +The following table lists the main configurable parameters of the falco chart v4.5.1 and their default values. See [values.yaml](./values.yaml) for full list. ## Values diff --git a/charts/falco/templates/pod-template.tpl b/charts/falco/templates/pod-template.tpl index 4b1a8729..376c5177 100644 --- a/charts/falco/templates/pod-template.tpl +++ b/charts/falco/templates/pod-template.tpl @@ -63,13 +63,17 @@ spec: {{- include "falco.configSyscallSource" . | indent 8 }} {{- with .Values.collectors }} {{- if .enabled }} + {{- if .docker.enabled }} + - --cri + - /var/run/{{ base .docker.socket }} + {{- end }} {{- if .containerd.enabled }} - --cri - - /run/containerd/containerd.sock + - /run/containerd/{{ base .containerd.socket }} {{- end }} {{- if .crio.enabled }} - --cri - - /run/crio/crio.sock + - /run/crio/{{ base .crio.socket }} {{- end }} - -pk {{- end }} @@ -161,15 +165,15 @@ spec: {{- with .Values.collectors }} {{- if .enabled }} {{- if .docker.enabled }} - - mountPath: /host/var/run/docker.sock + - mountPath: /host/var/run/ name: docker-socket {{- end }} {{- if .containerd.enabled }} - - mountPath: /host/run/containerd/containerd.sock + - mountPath: /host/run/containerd/ name: containerd-socket {{- end }} {{- if .crio.enabled }} - - mountPath: /host/run/crio/crio.sock + - mountPath: /host/run/crio/ name: crio-socket {{- end }} {{- end }} @@ -263,17 +267,17 @@ spec: {{- if .docker.enabled }} - name: docker-socket hostPath: - path: {{ .docker.socket }} + path: {{ dir .docker.socket }} {{- end }} {{- if .containerd.enabled }} - name: containerd-socket hostPath: - path: {{ .containerd.socket }} + path: {{ dir .containerd.socket }} {{- end }} {{- if .crio.enabled }} - name: crio-socket hostPath: - path: {{ .crio.socket }} + path: {{ dir .crio.socket }} {{- end }} {{- end }} {{- end }}