Falcon Node Sensor is a CrowdStrike product that provides runtime protection to the nodes and pods.
If you choose to install Falcon Node Sensor the operator will manage Kubernetes DaemonSet for you to deploy the Node Sensor onto each node of your kubernetes cluster.
Falcon Admission Controller is a CrowdStrike product that monitors and reviews Kubernetes objects when they are created or updated.
Detailed documentation for FalconNodeSensor and FalconAdmission can be found in the falcon-operator repository.
You will need to provide CrowdStrike API Keys and CrowdStrike cloud region for the installation. It is recommended to establish new API credentials for the installation at https://falcon.crowdstrike.com/support/api-clients-and-keys, minimal required permissions are:
| Scope Name | Permission |
|---|---|
| Falcon Images Download | Read |
| Sensor Download | Read |
Credentials (client_id and client_secret) from this step will be used in deployment.
| Name | Version |
|---|---|
| http | ~> 3.2.1 |
| kubectl | ~> 1.14.0 |
| null | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| client_id | Falcon API Client ID | string |
n/a | yes |
| client_secret | Falcon API Client Secret | string |
n/a | yes |
| environment | Environment or 'Alias' tag | string |
"tf_module" |
no |
| operator_version | Falcon Operator version to deploy. Can be a branch, tag, or commit hash of the falcon-operator repo. | string |
"v0.9.1" |
no |
| falcon_admission | Whether to deploy the FalconAdmission Custom Resource (CR) to the cluster. | bool |
'true' | no |
| node_sensor_mode | Falcon Node Sensor mode: 'kernel' or 'bpf'. | string |
"bpf" |
no |
| node_sensor_manifest_path | Path to custom manifest file. eg. ./manifests/node_sensor.yaml Leave as default to use the built in manifest with standard options |
string |
"default" |
no |
| admission_controller_manifest_path | Path to custom manifest file. eg. ./manifests/admission_controller.yaml Leave as default to use the built in manifest with standard options |
string |
"default" |
no |
No outputs.
provider "aws" {
region = local.region
}
# Example of using secrets stored in AWS Secrets Manager
data "aws_eks_cluster_auth" "this" {
name = module.eks_blueprints.eks_cluster_id
}
data "aws_secretsmanager_secret_version" "current" {
secret_id = data.aws_secretsmanager_secret.falcon_secrets.id
version_stage = var.aws_secret_version_stage
}
locals {
cluster_name = "cluster-name"
region = var.region
secrets = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)
}
module "crowdstrike_operator" {
source = "github.com/CrowdStrike/terraform-kubectl-falcon//modules/operator?ref=v0.4.0"
client_id = local.secrets["client_id"]
client_secret = local.secrets["client_secret"]
}