Lab 7.6 is Falco SSL cert required? and does it works with default k8s aduit rules ?

pbalajiips

Since by default the SSL disabled do we really need to generate SSL CERT?
i am trying to follow the Lab 7.5 instruction, until step 12 everything is ok, local events are processed but latter when we create aduit webhook , events are posted to falco webserver. but k8s aduit events are ignored by default falco rule. any idea why it is?

pbalajiips

its Working .i misconfigured the API endpoint. but still i am wondering the SSL CERT is mandatory ?

serewicz

Hello,

I'm unsure of your question, SSL CERT mandatory for what? I suppose it depends on which features one would plan on using, now or in the future.

Regards,

marcindulak

We are setting ssl_enabled: true in /etc/falco/falco.yaml (which seems to have issues on its own on Ubuntu 18.04, see https://github.com/falcosecurity/falco/issues/1708 )

webserver:
   enabled: true
   listen_port: 8765
   k8s_audit_endpoint: /k8s-audit
   ssl_enabled: true
   ssl_certificate: /etc/falco/falco.pem

I don't think we are expecting the http webhook in audit-webhook-config-file to still work against a falco webserver with https on?

server: http://<host-ip-address>:8765/k8s-audit

Are you planning to review the course materials, basically perform them by hand again forgetting the prior knowledge?
There are multiple issues, resulting mostly from changes in various components, and there are also still small typos in the course. It appears not very well maintained.

serewicz

Hello,

Indeed, thank you for your feedback. I am in the process of running each step by hand. There are a lot of changes in the many components.

Regards,