This repository contains modules that can be used to automate the deployment of the CrowdStrike Falcon Sensor and the Kubernetes Protection Agent on a Kubernetes cluster.
Learn more about each module:
| Module | Description |
|---|---|
| operator | Manages sensor deployment |
| k8s-protection-agent | Manage KPA deployment |
-
You will need to provide CrowdStrike API Keys and CrowdStrike cloud region for the installation. It is recommended to establish new API credentials for the installation at https://falcon.crowdstrike.com/support/api-clients-and-keys, minimal required permissions are:
Scope Name Permission Falcon Images Download Read Sensor Download Read Kubernetes Protection Agent Write Kubernetes Protection Read and Write -
You need a CrowdStrike Docker API Token and CID. See How to retrieve your Falcon Docker API Token and CID for instructions on how to retrieve your Docker API Token and CID.
No providers.
No resources.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cid | Customer ID (CID) of the Falcon platform. | string |
n/a | yes |
| client_id | Falcon API Client Id | string |
n/a | yes |
| client_secret | Falcon API Client Secret | string |
n/a | yes |
| cloud | Falcon Cloud Region to use. | string |
n/a | yes |
| cluster_name | Your Cluster Name | string |
n/a | yes |
| docker_api_token | Falcon Docker API Token | string |
n/a | yes |
| environment | Environment or 'Alias' tag | string |
"tf_module" |
no |
| operator_version | Falcon Operator version to deploy. Can be a branch, tag, or commit hash of the falcon-operator repo. | string |
"v0.7.2" |
no |
| sensor_type | Falcon sensor type: FalconNodeSensor or FalconContainer. | string |
"FalconNodeSensor" |
no |
| falcon_admission | Whether to deploy the FalconAdmission Custom Resource (CR) to the cluster. | bool |
'true' | no |
No outputs.
provider "aws" {
region = local.region
}
# Example of using secrets stored in AWS Secrets Manager
data "aws_eks_cluster_auth" "this" {
name = module.eks_blueprints.eks_cluster_id
}
data "aws_secretsmanager_secret_version" "current" {
secret_id = data.aws_secretsmanager_secret.falcon_secrets.id
version_stage = var.aws_secret_version_stage
}
locals {
cluster_name = "cluster-name"
region = var.region
secrets = jsondecode(data.aws_secretsmanager_secret_version.current.secret_string)
}
module "crowdstrike_falcon" {
source = "CrowdStrike/falcon/kubectl"
version = "0.4.0"
cid = local.secrets["cid"]
client_id = local.secrets["client_id"]
client_secret = local.secrets["client_secret"]
cloud = var.cloud
cluster_name = local.cluster_name
docker_api_token = local.secrets["docker_api_token"]
}