Issif · June 15, 2023 12:02
diff --git a/gistfile1.yaml b/gistfile1.yaml
 customRules:
  override-k8saudit.yaml: |-
    - list: allowed_k8s_users
      append: true
      items: [eks:cloud-controller-manager, eks:vpc-resource-controller, eks:az-poller]
    - macro: live_endpoint
      append: true
      condition: or ka.uri="/readyz?exclude=kms-provider-0" or ka.uri="/livez?exclude=kms-provider-0"

 falco:
  rules_file:
    - /etc/falco/k8s_audit_rules.yaml
    - /etc/falco/rules.d
	customRules:
	override-k8saudit.yaml: \|-
	- list: allowed_k8s_users
	append: true
	items: [eks:cloud-controller-manager, eks:vpc-resource-controller, eks:az-poller]
	- macro: live_endpoint
	append: true
	condition: or ka.uri="/readyz?exclude=kms-provider-0" or ka.uri="/livez?exclude=kms-provider-0"

	falco:
	rules_file:
	- /etc/falco/k8s_audit_rules.yaml
	- /etc/falco/rules.d