Welcome to the Linux Foundation Forum!

Lab 7.6 is Falco SSL cert required? and does it works with default k8s aduit rules ?

Since by default the SSL disabled do we really need to generate SSL CERT?
i am trying to follow the Lab 7.5 instruction, until step 12 everything is ok, local events are processed but latter when we create aduit webhook , events are posted to falco webserver. but k8s aduit events are ignored by default falco rule. any idea why it is?

Comments

  • pbalajiips
    pbalajiips Posts: 2

    its Working .i misconfigured the API endpoint. but still i am wondering the SSL CERT is mandatory ?

  • serewicz
    serewicz Posts: 969

    Hello,

    I'm unsure of your question, SSL CERT mandatory for what? I suppose it depends on which features one would plan on using, now or in the future.

    Regards,

  • We are setting ssl_enabled: true in /etc/falco/falco.yaml (which seems to have issues on its own on Ubuntu 18.04, see https://github.com/falcosecurity/falco/issues/1708 )

    webserver:
       enabled: true
       listen_port: 8765
       k8s_audit_endpoint: /k8s-audit
       ssl_enabled: true
       ssl_certificate: /etc/falco/falco.pem
    

    I don't think we are expecting the http webhook in audit-webhook-config-file to still work against a falco webserver with https on?

    server: http://<host-ip-address>:8765/k8s-audit
    

    Are you planning to review the course materials, basically perform them by hand again forgetting the prior knowledge?
    There are multiple issues, resulting mostly from changes in various components, and there are also still small typos in the course. It appears not very well maintained.

  • serewicz
    serewicz Posts: 969

    Hello,

    Indeed, thank you for your feedback. I am in the process of running each step by hand. There are a lot of changes in the many components.

    Regards,

Categories

Upcoming Training