K3S-HOME/security
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FIX(falco): add NoExecute tolerations

Browse Source 
- and enable Redis persistence
- Add NoExecute tolerations for master/control-plane nodes to run Falco
  DaemonSet on all nodes
- Enable Redis storage to persist index data across pod restarts
This commit is contained in:
Mayne0213
2026-01-02 19:17:53 +09:00
parent d88cf75b95
commit 4d4ecb13d6
1 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
falco/helm-values.yaml
View File

@@ -142,7 +142,7 @@ falcosidekick:
memory: 512Mi memory: 512Mi
redis: redis:
storageEnabled: false storageEnabled: true
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
@@ -172,8 +172,12 @@ nodeSelector: {}
tolerations: tolerations:
- effect: NoSchedule - effect: NoSchedule
key: node-role.kubernetes.io/master key: node-role.kubernetes.io/master
- effect: NoExecute
key: node-role.kubernetes.io/master
- effect: NoSchedule - effect: NoSchedule
key: node-role.kubernetes.io/control-plane key: node-role.kubernetes.io/control-plane
- effect: NoExecute
key: node-role.kubernetes.io/control-plane
# Run as DaemonSet on all nodes # Run as DaemonSet on all nodes
daemonset: daemonset: