- Category: Other
- Website: https://github.com/kubernetes-sigs/wg-policy-prototypes/tree/master/policy-report/falco-adapter
| Setting | Env var | Default value | Description |
|---|---|---|---|
policyreport.enabled |
POLICYREPORT_ENABLED |
If true; policyreport output is enabled | |
policyreport.kubeconfig |
POLICYREPORT_KUBECONFIG |
~/.kube/config |
Kubeconfig file to use (only if falcosidekick is running outside the cluster) |
policyreport.falconamespace |
POLICYREPORT_FALCONAMESPACE |
Set the namespace where Falco is running (only if falcosidekick is running outside the cluster) | |
policyreport.maxevents |
POLICYREPORT_MAXEVENTS |
1000 |
The max number of events that can be in a policyreport |
policyreport.minimumpriority |
POLICYREPORT_MINIMUMPRIORITY |
"" (= debug) |
Minimum priority of event for using this output, order is emergency,alert,critical,error,warning,notice,informational,debug or "" |
Note
The Env var values override the settings from yaml file.
policyreport:
enabled: false # if true; policyreport output is enabled
kubeconfig: "~/.kube/config" # kubeconfig file to use (only if falcosidekick is running outside the cluster)
falconamespace: "" # set the namespace where Falco is running (only if falcosidekick is running outside the cluster)
maxevents: 1000 # the max number of events that can be in a policyreport (default: 1000)
minimumpriority: "debug" # events with a priority above this are mapped to fail in PolicyReport Summary and lower that those are mapped to warn (default="")Warning
This output works only for the sources syscalls and k8saudit.
Warning
Installation of the Policy Report Custom Resource Definition (CRD) is a prerequisite for using the Policy Report output.
Information about how to find and install the CRD for the reports can be found here.