Kubernetes
This Terraform module can be used to automate the deployment of the CrowdStrike Falcon Sensor, Falcon Admission Controller (KAC) and Falcon Image Analyzer (IAR) on Kubernetes clusters.
Learn more about each module:
| Module | Description |
|---|---|
| operator | Manages sensor deployment |
| operator-openshift | Manages sensor deployment on OpenShift clusters |
Pre-requisites
Section titled “Pre-requisites”-
You will need to provide CrowdStrike API Keys and CrowdStrike cloud region for the installation. It is recommended to establish new API credentials for the installation at https://falcon.crowdstrike.com/support/api-clients-and-keys, minimal required permissions are:
Scope Name Permission Falcon Images Download Read Sensor Download Read Falcon Container CLI Write Falcon Container Image Read and Write
Providers
Section titled “Providers”No providers.
Resources
Section titled “Resources”No resources.
Inputs
Section titled “Inputs”| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| admission_controller_manifest_path | Path to custom admission controller manifest file. Use ‘default’ to use the built-in manifest. | string | "default" | no |
| cid | Customer ID (CID) of the Falcon platform. Required when using us-gov-2 cloud region. | string | "" | no |
| cleanup | Whether to cleanup resources on destroy. | bool | true | no |
| client_id | Falcon API Client Id | string | n/a | yes |
| client_secret | Falcon API Client Secret | string | n/a | yes |
| cloud | Falcon Cloud Region | string | "us-1" | no |
| container_sensor_manifest_path | Path to custom container sensor manifest file. Use ‘default’ to use the built-in manifest. | string | "default" | no |
| environment | Environment or ‘Alias’ tag | string | "tf_module" | no |
| falcon_admission | Whether to deploy the FalconAdmission Custom Resource (CR) to the cluster. | bool | true | no |
| iar | Whether to deploy the Falcon Image Analyzer Custom Resource (CR) to the cluster. | bool | true | no |
| iar_manifest_path | Path to custom image analyzer manifest file. Use ‘default’ to use the built-in manifest. | string | "default" | no |
| node_manifest_path | Path to custom node sensor manifest file. Use ‘default’ to use the built-in manifest. | string | "default" | no |
| node_sensor_mode | Falcon Node Sensor mode: ‘kernel’ or ‘bpf’. | string | "bpf" | no |
| operator_version | Falcon Operator version to deploy. Can be a branch, tag, or commit hash of the falcon-operator repo. | string | "v1.4.0" | no |
| platform | Specify whether your cluster is managed by kubernetes or openshift. | string | "kubernetes" | no |
| sensor_type | Falcon sensor type: FalconNodeSensor or FalconContainer. | string | "FalconNodeSensor" | no |
Outputs
Section titled “Outputs”No outputs.
provider "aws" { region = local.region}
# Example of using secrets stored in AWS Secrets Managerdata "aws_eks_cluster_auth" "this" { name = module.eks_blueprints.eks_cluster_id}
data "aws_secretsmanager_secret_version" "current" { secret_id = data.aws_secretsmanager_secret.falcon_secrets.id version_stage = var.aws_secret_version_stage}
locals { cluster_name = "cluster-name" region = var.region
secrets = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)}
module "crowdstrike_falcon" { source = "github.com/CrowdStrike/terraform-kubectl-falcon?ref=v0.1.0"
cid = local.secrets["cid"] client_id = local.secrets["client_id"] client_secret = local.secrets["client_secret"] cloud = var.cloud cluster_name = local.cluster_name}