From 508688b63c638eca75b58ce1d321ebc75e964bf9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fr=C3=A9d=C3=A9ric=20Collonval?=
 <frederic.collonval@webscit.com>
Date: Wed, 8 Jan 2025 16:56:25 +0100
Subject: [PATCH] Move falco rules customization in private repository (#83)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Frédéric Collonval <fcollonval@users.noreply.github.com>
---
 charts/datalayer-falco/values-any.yaml | 18 ------------------
 1 file changed, 18 deletions(-)

diff --git a/charts/datalayer-falco/values-any.yaml b/charts/datalayer-falco/values-any.yaml
index b83a4fe..cc83280 100644
--- a/charts/datalayer-falco/values-any.yaml
+++ b/charts/datalayer-falco/values-any.yaml
@@ -20,24 +20,6 @@ k8s-metacollector:
             operator: In
             values:
             - "true"
-customRules:
-  rules-override-default.yaml: |-
-    # Whitelist strimzi operator for Kafka to connect to k8s API
-    - macro: user_known_contact_k8s_api_server_activities
-      condition: (container.image.repository=quay.io/strimzi/operator)
-      override:
-        condition: replace
-    # Enable cryptomining related rules
-    # See https://falco.org/blog/falco-detect-cryptomining
-    # Tested with https://github.com/n1g3ld0ugla5/Falco-Cryptomining-CNCF
-    - rule: Detect outbound connections to common miner pool ports
-      enabled: true
-      override:
-        enabled: replace
-    - rule: Set Setuid or Setgid bit
-      enabled: true
-      override:
-        enabled: replace
 falco:
   rules_files:
     # Order matters to apply override the rule should be loaded first.