From 4cc915fd8fcb071c5a61e7ddcfa702c019fd2bc0 Mon Sep 17 00:00:00 2001 From: JonBruchim Date: Wed, 4 Dec 2024 10:11:06 +0200 Subject: [PATCH] cdp: added resources and verbs for the cluster role. removed cdpRolesEnabled --- .../falcon-sensor/templates/clusterrole.yaml | 22 ++++++++++++++++++- .../templates/clusterrolebinding.yaml | 6 ++++- 2 files changed, 26 insertions(+), 2 deletions(-) diff --git a/helm-charts/falcon-sensor/templates/clusterrole.yaml b/helm-charts/falcon-sensor/templates/clusterrole.yaml index 0cbd2116..913838f2 100644 --- a/helm-charts/falcon-sensor/templates/clusterrole.yaml +++ b/helm-charts/falcon-sensor/templates/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if .Values.container.enabled }} +{{- if or .Values.container.enabled .Values.node.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -8,7 +8,11 @@ metadata: app.kubernetes.io/name: {{ include "falcon-sensor.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + {{ if .Values.container.enabled }} app.kubernetes.io/component: "container_sensor" + {{ else if .Values.node.enabled }} + app.kubernetes.io/component: "kernel_sensor" + {{ end }} crowdstrike.com/provider: crowdstrike helm.sh/chart: {{ include "falcon-sensor.chart" . }} rules: @@ -16,6 +20,22 @@ rules: - "" resources: - secrets + {{- if and .Values.node.enabled }} + - pods + - services + - nodes + - daemonsets + - replicasets + - deployments + - jobs + - ingresses + - cronjobs + - persistentvolumes + {{- end }} verbs: - get + {{- if .Values.node.enabled }} + - watch + - list + {{- end }} {{- end }} diff --git a/helm-charts/falcon-sensor/templates/clusterrolebinding.yaml b/helm-charts/falcon-sensor/templates/clusterrolebinding.yaml index 77ff998f..7ad79ec5 100644 --- a/helm-charts/falcon-sensor/templates/clusterrolebinding.yaml +++ b/helm-charts/falcon-sensor/templates/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if .Values.container.enabled }} +{{- if or .Values.container.enabled .Values.node.enabled }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: @@ -8,7 +8,11 @@ metadata: app.kubernetes.io/name: {{ include "falcon-sensor.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + {{ if .Values.container.enabled }} app.kubernetes.io/component: "container_sensor" + {{ else if .Values.node.enabled }} + app.kubernetes.io/component: "kernel_sensor" + {{ end }} crowdstrike.com/provider: crowdstrike helm.sh/chart: {{ include "falcon-sensor.chart" . }} subjects: