maxgio92

> This is a work in progress 1. Create/update GKE cluster enabling the [Google Groups for Kubernetes RBAC](https://cloud.google.com/kubernetes-engine/docs/how-to/google-groups-rbac) **GKE feature** 2. Create a GCP IAM **Group**: * email: `gke-security-group@` *...

@prometherion generally speaking I think that Falco helps understand whether an event is malicious. Then, if the events are all related to violations, maybe it could further filter them by...

If the type of the event is of the native Kind Audit event [`Event`](https://kubernetes.io/docs/reference/config-api/apiserver-audit.v1/#audit-k8s-io-v1-Event) I think we don't need a new plugin, as there's already one [in place](https://falco.org/docs/event-sources/kubernetes-audit/). If so,...

Hold on, impersonation `"fails to reconcile impersonating the default service account"` test fails.

Fixed it and added a test for this specific use case. PR I think is ready.

Hi @stefanprodan, WDYT about this? Thanks

Thank you @stefanprodan. Going to check them

Hi @stefanprodan I re-triggered CI as timeout on the new e2e test case seems curious, because locally the test is passing 100% of the time. Could you appove GH workflow...

@stefanprodan as expected now e2e tests pass :-) Thank you. This client config setup stage (i.e. impersonation) is executed before the `Kustomization`s reconciliation, and by default with cluster-admin `ClusterRole`, isn't...

Yes @stefanprodan, to be honest I didn't consider the `kubeconfig` in this scenario. I think a dedicated e2e test case is needed here, besides the SA impersonation-only case. TL;DR: -...