falco ConfigMap diff in live vs desired state - using ArgoCD #695
Description
Describe the bug
We are using the latest (4.5.1) falco helm chart to deploy falco to our clusters using ArgoCD
After a while (minute or so) we see a diff in the live falco configMap vs. desired configMap (rendered from the falco helm chart)
Mostly this is due to incorrect indentation but also due to different yaml scalars
How to reproduce it
Deploy falco using helm and then compare the falco configMap against the rendered falco configMap. Or deploy using ArgoCD
Expected behaviour
We expect the live and desired state to match after we deploy falco using helm and ArgoCD
Screenshots
Environment
- Falco version:
falco --version
Tue Jun 25 14:00:56 2024: Using deprecated config key 'rules_file' (singular form). Please use new 'rules_files' config key (plural form).
Tue Jun 25 14:00:56 2024: Falco version: 0.38.1 (x86_64)
Tue Jun 25 14:00:56 2024: Falco initialized with configuration files:
Tue Jun 25 14:00:56 2024: /etc/falco/falco.yaml
Tue Jun 25 14:00:56 2024: System info: Linux version 5.10.218-208.862.amzn2.x86_64 (mockbuild@ip-10-0-42-214) (gcc10-gcc (GCC) 10.5.0 20230707 (Red Hat 10.5.0-1), GNU ld version 2.35.2-9.amzn2.0.1) #1 SMP Tue Jun 4 16:52:10 UTC 2024
{"default_driver_version":"7.2.0+driver","driver_api_version":"8.0.0","driver_schema_version":"2.0.0","engine_version":"40","engine_version_semver":"0.40.0","falco_version":"0.38.1","libs_version":"0.17.2","plugin_api_version":"3.6.0"}
- System info:
falco --support | jq .system_info
Tue Jun 25 13:58:31 2024: Using deprecated config key 'rules_file' (singular form). Please use new 'rules_files' config key (plural form).
Tue Jun 25 13:58:31 2024: Falco version: 0.38.1 (x86_64)
Tue Jun 25 13:58:31 2024: Falco initialized with configuration files:
Tue Jun 25 13:58:31 2024: /etc/falco/falco.yaml
Tue Jun 25 13:58:31 2024: System info: Linux version 5.10.218-208.862.amzn2.x86_64 (mockbuild@ip-10-0-42-214) (gcc10-gcc (GCC) 10.5.0 20230707 (Red Hat 10.5.0-1), GNU ld version 2.35.2-9.amzn2.0.1) #1 SMP Tue Jun 4 16:52:10 UTC 2024
Tue Jun 25 13:58:31 2024: Loading rules from file /etc/falco/falco_rules.yaml
Tue Jun 25 13:58:31 2024: Loading rules from file /etc/falco/rules.d/datadog-agent-exclude.yaml
Tue Jun 25 13:58:32 2024: Loading rules from file /etc/falco/rules.d/k8s-api-namespace-exclude.yaml
Tue Jun 25 13:58:32 2024: Loading rules from file /etc/falco/rules.d/kong-spawn-processes-exclude.yaml
{
"machine": "x86_64",
"nodename": "falco-2b9cd",
"release": "5.10.218-208.862.amzn2.x86_64",
"sysname": "Linux",
"version": "#1 SMP Tue Jun 4 16:52:10 UTC 2024"
}
- Cloud provider or hardware configuration:
- OS: EKS - linux
- Kernel: 5.10.218-208.862.amzn2.x86_64
- Installation method:
Kubernetes using Helm and ArgoCD
Additional context