-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy pathfalcon-integration-gateway.yaml
118 lines (105 loc) · 3.84 KB
/
falcon-integration-gateway.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# Kubernetes pod spec for falcon-integration-gateway
#
# Deployment
# kubectl apply -f ./falcon-integration-gateway.yaml
# Tear Down
# kubectl delete -f ./falcon-integration-gateway.yaml
#
# This example shows how to bind CrowdStrike OAuth Credentials and configuration file to the application.
---
apiVersion: v1
data:
FALCON_CLIENT_ID: REPLACE_ME_WITH_BASE64_ENCODED_STR=
FALCON_CLIENT_SECRET: REPLACE_ME_WITH_BASE64_ENCODED_STR=
GOOGLE_APPLICATION_CREDENTIALS: REPLACE_ME_WITH_BASE64_ENCODED_STR=
kind: Secret
type: Opaque
metadata:
name: falcon-integration-gateway-creds
---
apiVersion: v1
kind: ConfigMap
metadata:
name: falcon-integration-gateway-config
data:
config.ini: |
# Falcon Integration Gateway
[main]
# Cloud backends that are enabled. The gateway will push events to the cloud providers specified below
backends=GCP
# Uncomment to configure number of threads that process Falcon Events
# worker_threads = 4
[events]
# Uncomment to filter out events based on severity (allowed values 1-5, default 2)
# severity_threshold = 3
# Uncomment to filter out events based on number of days past the event (default 21)
#older_than_days_threshold = 14
[logging]
# Uncomment to request logging level (ERROR, WARN, INFO, DEBUG)
#level = DEBUG
[falcon]
# Uncomment to provide Falcon Cloud. Alternatively, use FALCON_CLOUD_REGION env variable.
#cloud_region = us-1
# Uncomment to provide OAuth Secret. Alternatively, use FALCON_CLIENT_SECRET env variable.
#client_id = ABCD
# Uncomment to provide OAuth Secret. Alternatively, use FALCON_CLIENT_SECRET env variable.
#client_secret = ABCD
# Uncomment to provide application id. Needs to be different per each fig instance.
#application_id = my-acme-gcp-1
[gcp]
# GCP section is applicable only when GCP backend is enabled in the [main] section.
# Use GOOGLE_APPLICATION_CREDENTIALS env variable to configure GCP Backend. GOOGLE_APPLICATION_CREDENTIALS
# is an environment variable used to configure GCP Service accounts, it should point out to the credentials
# file for given service account.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: falcon-integration-gateway
spec:
selector:
matchLabels:
run: falcon-integration-gateway
replicas: 1
template:
metadata:
labels:
run: falcon-integration-gateway
spec:
containers:
- name: app
image: quay.io/crowdstrike/falcon-integration-gateway:latest
imagePullPolicy: Always
volumeMounts:
- name: config-volume
mountPath: /fig/config/config.ini
subPath: config.ini
- name: google-application-credentials
mountPath: /google-application-credentials.json
subPath: google-application-credentials.json
env:
- name: FALCON_CLIENT_ID
valueFrom:
secretKeyRef:
name: falcon-integration-gateway-creds
key: FALCON_CLIENT_ID
- name: FALCON_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: falcon-integration-gateway-creds
key: FALCON_CLIENT_SECRET
- name: GOOGLE_APPLICATION_CREDENTIALS
value: /google-application-credentials.json
volumes:
- name: config-volume
configMap:
name: falcon-integration-gateway-config
items:
- key: config.ini
path: config.ini
- name: google-application-credentials
secret:
secretName: falcon-integration-gateway-creds
items:
- key: GOOGLE_APPLICATION_CREDENTIALS
path: google-application-credentials.json