Skip to content
/ terraform-kubectl-falcon Public
forked from CrowdStrike/terraform-kubectl-falcon

Module to manage CrowdStrike Falcon Sensor and the Kubernetes Protection Agent on a Kubernetes cluster.

0 stars 14 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

pbaumbach2/terraform-kubectl-falcon

BranchesTags
 
 

Repository files navigation

CrowdStrike FalconPy

Twitter URL

CrowdStrike Falcon

This repository contains modules that can be used to automate the deployment of the CrowdStrike Falcon Sensor and the Kubernetes Protection Agent on a Kubernetes cluster.

Learn more about each module:

Module Description
operator Manages sensor deployment
k8s-protection-agent Manage KPA deployment

Pre-requisites

  1. You will need to provide CrowdStrike API Keys and CrowdStrike cloud region for the installation. It is recommended to establish new API credentials for the installation at https://falcon.crowdstrike.com/support/api-clients-and-keys, minimal required permissions are:

    Scope Name Permission
    Falcon Images Download Read
    Sensor Download Read
    Kubernetes Protection Agent Write

  2. You need a CrowdStrike Docker API Token and CID. See How to retrieve your Falcon Docker API Token and CID for instructions on how to retrieve your Docker API Token and CID.

Providers

No providers.

Resources

No resources.

Inputs

Name Description Type Default Required
cid Customer ID (CID) of the Falcon platform. string n/a yes
client_id Falcon API Client Id string n/a yes
client_secret Falcon API Client Secret string n/a yes
cloud Falcon Cloud Region to use. string n/a yes
cluster_name Your Cluster Name string n/a yes
docker_api_token Falcon Docker API Token string n/a yes
environment Environment or 'Alias' tag string "tf_module" no
sensor_type Falcon sensor type: FalconNodeSensor or FalconContainer. string "FalconNodeSensor" no

Outputs

No outputs.

Usage

provider "aws" {
  region = local.region
}

# Example of using secrets stored in AWS Secrets Manager
data "aws_eks_cluster_auth" "this" {
  name = module.eks_blueprints.eks_cluster_id
}

data "aws_secretsmanager_secret_version" "current" {
  secret_id     = data.aws_secretsmanager_secret.falcon_secrets.id
  version_stage = var.aws_secret_version_stage
}

locals {
  cluster_name = "cluster-name"
  region       = var.region

  secrets = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)
}

module "crowdstrike_falcon" {
  source = "github.com/CrowdStrike/terraform-kubectl-falcon?ref=v0.1.0"

  cid              = local.secrets["cid"]
  client_id        = local.secrets["client_id"]
  client_secret    = local.secrets["client_secret"]
  cloud            = var.cloud
  cluster_name     = local.cluster_name
  docker_api_token = local.secrets["docker_api_token"]
}

About

Module to manage CrowdStrike Falcon Sensor and the Kubernetes Protection Agent on a Kubernetes cluster.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • HCL 100.0%