From 7c39841d30f0237fb135680f4bfa4d05d18c65fc Mon Sep 17 00:00:00 2001 From: JonBruchim Date: Fri, 17 Jan 2025 15:15:34 +0200 Subject: [PATCH] cdp: set ClusterFirstWithHostNet, so cluster DNS resolution is possible from host network --- helm-charts/falcon-sensor/templates/clusterrole.yaml | 6 +++--- helm-charts/falcon-sensor/templates/clusterrolebinding.yaml | 4 ++-- helm-charts/falcon-sensor/templates/configmap.yaml | 4 ++++ helm-charts/falcon-sensor/templates/daemonset.yaml | 1 + 4 files changed, 10 insertions(+), 5 deletions(-) diff --git a/helm-charts/falcon-sensor/templates/clusterrole.yaml b/helm-charts/falcon-sensor/templates/clusterrole.yaml index 913838f2..0f4903bd 100644 --- a/helm-charts/falcon-sensor/templates/clusterrole.yaml +++ b/helm-charts/falcon-sensor/templates/clusterrole.yaml @@ -8,11 +8,11 @@ metadata: app.kubernetes.io/name: {{ include "falcon-sensor.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ if .Values.container.enabled }} + {{- if .Values.container.enabled }} app.kubernetes.io/component: "container_sensor" {{ else if .Values.node.enabled }} app.kubernetes.io/component: "kernel_sensor" - {{ end }} + {{ end -}} crowdstrike.com/provider: crowdstrike helm.sh/chart: {{ include "falcon-sensor.chart" . }} rules: @@ -20,7 +20,7 @@ rules: - "" resources: - secrets - {{- if and .Values.node.enabled }} + {{- if .Values.node.enabled }} - pods - services - nodes diff --git a/helm-charts/falcon-sensor/templates/clusterrolebinding.yaml b/helm-charts/falcon-sensor/templates/clusterrolebinding.yaml index 7ad79ec5..6c476766 100644 --- a/helm-charts/falcon-sensor/templates/clusterrolebinding.yaml +++ b/helm-charts/falcon-sensor/templates/clusterrolebinding.yaml @@ -8,11 +8,11 @@ metadata: app.kubernetes.io/name: {{ include "falcon-sensor.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - {{ if .Values.container.enabled }} + {{- if .Values.container.enabled }} app.kubernetes.io/component: "container_sensor" {{ else if .Values.node.enabled }} app.kubernetes.io/component: "kernel_sensor" - {{ end }} + {{ end -}} crowdstrike.com/provider: crowdstrike helm.sh/chart: {{ include "falcon-sensor.chart" . }} subjects: diff --git a/helm-charts/falcon-sensor/templates/configmap.yaml b/helm-charts/falcon-sensor/templates/configmap.yaml index 2e0b43a0..f091a6d9 100644 --- a/helm-charts/falcon-sensor/templates/configmap.yaml +++ b/helm-charts/falcon-sensor/templates/configmap.yaml @@ -8,7 +8,11 @@ metadata: app.kubernetes.io/name: {{ include "falcon-sensor.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- if .Values.container.enabled }} app.kubernetes.io/component: "container_sensor" + {{ else if .Values.node.enabled }} + app.kubernetes.io/component: "kernel_sensor" + {{ end -}} crowdstrike.com/provider: crowdstrike helm.sh/chart: {{ include "falcon-sensor.chart" . }} data: diff --git a/helm-charts/falcon-sensor/templates/daemonset.yaml b/helm-charts/falcon-sensor/templates/daemonset.yaml index 99a18baf..421cb92e 100644 --- a/helm-charts/falcon-sensor/templates/daemonset.yaml +++ b/helm-charts/falcon-sensor/templates/daemonset.yaml @@ -180,6 +180,7 @@ spec: priorityClassName: {{ include "falcon-sensor.priorityClassName" . }} {{- end }} hostNetwork: true + dnsPolicy: ClusterFirstWithHostNet hostPID: true hostIPC: true {{- end }}