feat: add falcoctl configuration, driver, artifacts

juju4 · Aug 10, 2024 · 60af989 · 60af989
1 parent 2eb9c6b
commit 60af989
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 0 deletions.
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -55,3 +55,7 @@ falco_grpc_unix_enabled: false
 falco_reporting: true
 falco_reporting_template: falco_report.sh
 falco_reporting_dest: /var/tmp
+
+falcoctl_artifacts_follow: []
+#  - github-rules
+#  - k8saudit-rules
diff --git a/tasks/falcoctl.yml b/tasks/falcoctl.yml
@@ -0,0 +1,25 @@
+---
+
+- name: Falcoctl | Get current index
+  ansible.builtin.command:
+    cmd: falcoctl index list
+  changed_when: false
+  register: falcoctl_index
+
+- name: Falcoctl | Configure index
+  ansible.builtin.command:  # noqa no-changed-when
+    cmd: falcoctl index add falcosecurity https://falcosecurity.github.io/falcoctl/index.yaml
+  when:
+    - "'falcosecurity' not in falcoctl_index.stdout"
+
+- name: Falcoctl | Configure driver
+  ansible.builtin.command:  # noqa no-changed-when
+    cmd: "{{ item }}"
+  loop:
+    - falcoctl driver config --type ebpf
+    - falcoctl driver install  # Will build/fech driver if kernel is supported
+
+- name: Falcoctl | Configure follow artifacts
+  ansible.builtin.command:  # noqa no-changed-when
+    cmd: "falcoctl artifact follow {{ item }}"
+  loop: "{{ falcoctl_artifacts_follow }}"
diff --git a/tasks/main.yml b/tasks/main.yml
@@ -17,3 +17,6 @@
 - name: Import falco (distrib package)
   ansible.builtin.import_tasks: falco.yml
   when: not falco_k8s_helm | bool
+
+- name: Import falcoctl
+  ansible.builtin.import_tasks: falcoctl.yml