- set variable name for Pub/Sub (Topic, Subscription), Log Sink, Service Account
- Provision resource (Pub/Sub, Log Sink and Service account) using Terraform in directory
/prerequisites/terraform - Get Service Account key, encrypt with SealedSecret
- Set Pub/Sub name and Service Account's SealedSecret data in
values.yaml/<env>.yaml(under gkeAuditBridge key) in directoryfalco - Set webhook address data for alert in
values.yamlin directoryfalcosidekick
helm upgrade -i falco ./falco --set auditLog.enabled=true --set ebpf.enabled=true --set falcosidekick.enabled=true --set falcosidekick.webui.enabled=true --namespace falco -f falco/values.yaml
Falco rules stored in rules directory (falco/rules), and being called from Falco configuration in falco.yaml