Falcon Node Sensor and Falcon Container Sensor are CrowdStrike products that provide runtime protection to the nodes and pods.
If you choose to install Falcon Node Sensor the operator will manage Kubernetes DaemonSet for you to deploy the Node Sensor onto each node of your kubernetes cluster. Alternatively, if you choose to install Falcon Container Sensor the operator will set-up deployment hook on your cluster so every new deployment will get Falcon Container inserted in each pod.
Falcon Admission Controller is a CrowdStrike product that monitors and reviews Kubernetes objects when they are created or updated.
Detailed documentation for FalconNodeSensor, FalconContainer and FalconAdmission can be found in the falcon-operator repository.
You will need to provide CrowdStrike API Keys and CrowdStrike cloud region for the installation. It is recommended to establish new API credentials for the installation at https://falcon.crowdstrike.com/support/api-clients-and-keys, minimal required permissions are:
| Scope Name | Permission |
|---|---|
| Falcon Images Download | Read |
| Sensor Download | Read |
Credentials (client_id and client_secret) from this step will be used in deployment.
| Name | Version |
|---|---|
| http | ~> 3.2.1 |
| kubectl | ~> 1.14.0 |
| null | n/a |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| client_id | Falcon API Client ID | string |
n/a | yes |
| client_secret | Falcon API Client Secret | string |
n/a | yes |
| environment | Environment or 'Alias' tag | string |
"tf_module" |
no |
| operator_version | Falcon Operator version to deploy. Can be a branch, tag, or commit hash of the falcon-operator repo. | string |
"v0.9.1" |
no |
| sensor_type | Falcon sensor type: FalconNodeSensor or FalconContainer. | string |
"FalconNodeSensor" |
no |
| falcon_admission | Whether to deploy the FalconAdmission Custom Resource (CR) to the cluster. | bool |
'true' | no |
| node_sensor_mode | Falcon Node Sensor mode: 'kernel' or 'bpf'. | string |
"bpf" |
no |
| node_sensor_manifest_path | Path to custom manifest file. eg. ./manifests/node_sensor.yaml Leave as default to use the built in manifest with standard options |
string |
"default" |
no |
| container_sensor_manifest_path | Path to custom manifest file. eg. ./manifests/container_sensor.yaml Leave as default to use the built in manifest with standard options |
string |
"default" |
no |
| admission_controller_manifest_path | Path to custom manifest file. eg. ./manifests/admission_controller.yaml Leave as default to use the built in manifest with standard options |
string |
"default" |
no |
No outputs.
provider "aws" {
region = local.region
}
# Example of using secrets stored in AWS Secrets Manager
data "aws_eks_cluster_auth" "this" {
name = module.eks_blueprints.eks_cluster_id
}
data "aws_secretsmanager_secret_version" "current" {
secret_id = data.aws_secretsmanager_secret.falcon_secrets.id
version_stage = var.aws_secret_version_stage
}
locals {
cluster_name = "cluster-name"
region = var.region
secrets = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)
}
module "crowdstrike_operator" {
source = "github.com/CrowdStrike/terraform-kubectl-falcon//modules/operator?ref=v0.4.0"
client_id = local.secrets["client_id"]
client_secret = local.secrets["client_secret"]
}