falcon-operator icon indicating copy to clipboard operation
falcon-operator copied to clipboard
verified publisher icon CrowdStrike

admission-controller: Allow to configure `clusterName`

Open ChristianCiach opened this issue 1 year ago • 3 comments

We are trying to run the admission-controller inside our Rancher K3s clusters, but it logs this:

clusterinfo: Failed to find cluster name" "providers"=["ec2v2MetadataProvider","ec2MetadataProvider","eksctlProvider","ecsFargateMetadataProvider","azureMonitorAgentProvider","azureMetadataProvider │
│ ","azureLabelProvider","gcpMetadataProvider","ocpProvider"]

The Helm Chart allows to configure the clusterName: https://github.com/CrowdStrike/falcon-helm/commit/811891e05a9c2cf26bfa82ac8d9725cb1c53ffde

ChristianCiach avatar Nov 25 '24 17:11 ChristianCiach

Tracked internally - but we'll see if engineering can verify that you can create the falcon-kac-meta ConfigMap manually to work around this.

evanstoner avatar Nov 26 '24 15:11 evanstoner

but we'll see if engineering can verify that you can create the falcon-kac-meta ConfigMap manually to work around this.

Thanks! I've already figured out that this workaround does work indeed. But this doesn't integrate well into our deployment pipelines, for similar reasons as https://github.com/CrowdStrike/falcon-operator/issues/567 (Namespace must exist at the time of the initial deployment)

We've reverted back to use the Helm charts (with post-processing using Kustomize), but I will keep an eye on the operator, as I try to move away from Helm as much as possible.

ChristianCiach avatar Nov 26 '24 15:11 ChristianCiach

We're trying to migrate the helm charts to the Operator again, but this is still an issue.

But maybe there is a better way than to configure the clusterName manually? Could you please tell us how exactly Falcon KAC usually auto-discovers the cluster-name if none is provided via configuration? Our clusters are running on K3s and RKE2. Is there some node-label or something similar that could be used to let Falcon KAC auto-discover the cluster name?

ChristianCiach avatar Apr 01 '25 09:04 ChristianCiach

Hi @ChristianCiach I'm sorry I missed this - are you able to open a support ticket, or work with your security group to do so?

evanstoner avatar Apr 17 '25 20:04 evanstoner

@evanstoner any comments on the cluster name detection? We are running pretty standard EKS cluster with Karpenter-managed nodes and KAC fails to find the cluster name. Could you elaborate what are the providers looking for?

pavel-spacil avatar May 12 '25 08:05 pavel-spacil

Hey @pavel-spacil - I do not know how auto-detection works. Best to put in a support case if it's not behaving. https://supportportal.crowdstrike.com

FYI manually specifying cluster name is in flight: https://github.com/CrowdStrike/falcon-operator/pull/650

evanstoner avatar May 12 '25 11:05 evanstoner

Same issue on Azure AKS.

YvesEarnix avatar Jun 26 '25 05:06 YvesEarnix

I decided to use operator over helm and I am. having trouble setting up the cluster_name. Can one guide me on how to set it up/ workaround? As you can imagine have an unknown cluster_name is not very practical when we have alot of environments

michelefa1988 avatar Jul 03 '25 07:07 michelefa1988

If cluster name detection is not working on an AWS, Azure, or Google managed Kubernetes cluster, please submit a support ticket: https://supportportal.crowdstrike.com/

evanstoner avatar Jul 07 '25 14:07 evanstoner