Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Falcoctl Commands #64

Closed
krisnova opened this issue Jan 24, 2020 · 0 comments
Closed

Falcoctl Commands #64

krisnova opened this issue Jan 24, 2020 · 0 comments
Labels
kind/feature

Comments

@krisnova
Copy link
Contributor

History

This project was originally proposed here in falcosecurity/falco#811

The purpose of this project is to support and encapsulate commonly used logic for The Falco Project.

What is a Falcoctl command?

A command consists of three things.

  • An action
  • A subject
  • A target

For instance the following CLI command

$ falcoctl install tls --local

Would yield:

  • Install (action)
  • TLS (subject)
  • Local (target)

Note that we would like falcoctl to default to Kubernetes as the default target such that the following two commands would be identical commands.

$ falcoctl install tls
$ falcoctl install tls --kubernetes

Commands

Here are commands I think the project should support.

For each of these commands, we will need the following support

An idiomatic .go starting point in the /cmd directory

Following the naming convention where

falcoctl install tls

should be named

install_tls_<os>.go
install_tls_linux.go
install_tls_windows.go
install_tls_freebsd.go

An exposed package that can be vendored as a library

The point of the /pkg directory is create libraries we can use in other places of the project, or even for other projects/users to consume. So write the code as complete as possible, and make the libraries as modular as possible. A good example of writing consumable libraries is in the Kubernetes code base itself.

The /cmd directory should just define CLI flags/options and inject the configuration into various libraries found in the /pkg directory.

Features

Below is a list of features that we think falcoctl should support. These are open for discussion, and are not a complete list. This is just a starting point.

If you would like to fix/refactor/create/support any of these commands please open up an issue for the one you would like to work on and /assign it to yourself.

Create TLS material for Falco on the same filesystem that falcoctl is installed on.

falcoctl install tls --local

Create TLS material for Falco in Kubernetes and also configure Falco to look for the newly created secrets

falcoctl install tls --kubernetes

Idempotent install of Falco on the local filesystem

falcoctl install falco --local

Idempotent install of Falco in Kubernetes

falcoctl install falco --kubernetes

Create TLS material for Falco on the same filesystem that falcoctl is installed on.

falcoctl install tls --local

History

This project was originally proposed here in falcosecurity/falco#811

The purpose of this project is to support and encapsulate commonly used logic for The Falco Project.

What is a Falcoctl command?

A command consists of three things.

  • An action
  • A subject
  • A target

For instance the following CLI command

$ falcoctl install tls --local

Would yield:

  • Install (action)
  • TLS (subject)
  • Local (target)

Note that we would like falcoctl to default to Kubernetes as the default target such that the following two commands would be identical commands.

$ falcoctl install tls
$ falcoctl install tls --kubernetes

Commands

Here are commands I think the project should support.

For each of these commands, we will need the following support

An idiomatic .go starting point in the /cmd directory

Following the naming convention where

falcoctl install tls

should be named

install_tls_<os>.go
install_tls_linux.go
install_tls_windows.go
install_tls_freebsd.go

An exposed package that can be vendored as a library

The point of the /pkg directory is create libraries we can use in other places of the project, or even for other projects/users to consume. So write the code as complete as possible, and make the libraries as modular as possible. A good example of writing consumable libraries is in the Kubernetes code base itself.

The /cmd directory should just define CLI flags/options and inject the configuration into various libraries found in the /pkg directory.

Features

Below is a list of features that we think falcoctl should support. These are open for discussion, and are not a complete list. This is just a starting point.

If you would like to fix/refactor/create/support any of these commands please open up an issue for the one you would like to work on and /assign it to yourself.

Create TLS material for Falco on the same filesystem that falcoctl is installed on.

falcoctl install tls --local

Create TLS material for Falco in Kubernetes and also configure Falco to look for the newly created secrets

falcoctl install tls --kubernetes

Idempotent install of Falco on the local filesystem

falcoctl install falco --local

Idempotent install of Falco in Kubernetes

falcoctl install falco --kubernetes

Install a new Falco rule on the local file system

falcoctl install rule --local

Install a new Falco rule in Kubernetes

falcoctl install rule --kubernetes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@krisnova