WIP: Integrating the new k8s-metacollector + k8smeta plugin with falco 0.36.2

[alacuku]

What type of PR is this?

Uncomment one (or more) /kind <> lines:

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

If this PR will release a new chart version please make sure to also uncomment the following line:

/kind chart-release

Any specific area of the project related to this PR?

Uncomment one (or more) /area <> lines:

/area falco-chart

/area falco-exporter-chart

/area falcosidekick-chart

/area event-generator-chart

/area k8s-metacollector

What this PR does / why we need it:

This PR updates the Falco charts to leverage the new k8s-metacollector and k8smeta plugin.

How to deploy:

# Clone the right branch.
git clone --branch kcl/falco-integrate-k8s-metacollector --single-branch https://github.com/alacuku/charts.git

# Change directory to Falco chart.
cd charts/charts/falco

# Build dependencies.
helm dependency build

# Install falco + k8smeta plugin and the k8s-metacollector in namespace falco.
helm install falco ./ -n falco --create-namespace --set tty=true

# Install falco + k8smeta plugin in namespace falco and the k8s-metacollector in namespace collector.
kubectl create namespace collector
helm install falco ./ 
    -n falco \
    --create-namespace \
    --set k8s-metacollector.namespaceOverride=collector \
    --set tty=true

Check that the pods are in place:

kubectl get pods -n falco

You should have something like (the number of Falco pods will depend on the number of your nodes):

NAME                                       READY   STATUS    RESTARTS   AGE
falco-dkntd                                2/2     Running   0          27m
falco-k8s-metacollector-674dc59c98-sblwv   1/1     Running   0          27m

NOTE: The new fields exported by the plugins start with prefix k8smeta. The container runtime engines still use the old prefix k8s. The majority of those fields will return <NA>. Please update your old fields to match the ones of the plugin.

Some implementation details of this PR:

The old kubernetes collector has been replaced by the k8smeta plugin. The k8s-metacollector chart has been added as a dependency to the Falco chart and is enabled by default. The Falco and falcoctl configurations are updated at deployment time by a custom helper. It does the following:

• Adds the k8smeta plugin to the load_plugins list;
• Adds the k8smeta plugin configuration to the plugins section;
• Adds the plugin artifact type to the allowedTypes in the falcoctl configuration;
• Adds the pluigin OCI references to the falcoctl install references.

Furthermore, all the resources needed by Falco to connect to the k8s api-server has been removed:

• service account;
• cluster role;
• cluster role binding;
  Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

Checklist

• Chart Version bumped
• Variables are documented in the README.md
• CHANGELOG.md updated

[poiana]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: alacuku
Once this PR has been reviewed and has the lgtm label, please assign issif for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[alacuku]

/hold

The PR is only for testing the new k8s-metacollector and k8smeta plugin.

[alacuku]

/close

Not more relevant. See #601

[poiana]

@alacuku: Closed this PR.

In response to this:

/close

Not more relevant. See #601

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.