falco
falco copied to clipboard
Create `container_engines` configs in `falco.yaml`
Motivation
See https://github.com/falcosecurity/falco/issues/3243#issuecomment-2174224867 and additional comments after that comment.
The current favorite seems to expose new container_engines
in the following format:
container_engines:
docker:
enabled: true
cri:
enabled: true
cri: ["/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock"]
disable-cri-async: false
This feature will allow end users to explicitly disable some container engines, plus it can help in deployment scenarios where the existing --cri
and --disable-cri-async
CLI flags are more difficult to configure.