Scribd
Upload
21 views2 pages

Falcon Env

Uploaded by

phunguyen12111998
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
21 views2 pages

Falcon Env

Uploaded by

phunguyen12111998
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 2

export FALCON_CLIENT_ID=0e559a2bc2664463827c7b9380eda766

export FALCON_CLIENT_SECRET=5DU6T7S21hWP4H8iKJXsRjNd3QptFBwbn0myoYq9
export FALCON_CID=CFBFB4E8D05840DCA56DB3940928277D-64
export FALCON_CLOUD_API=api.us-2.crowdstrike.com
export FALCON_REGION=us-2
export FALCON_CONTAINER_REGISTRY=registry.crowdstrike.com
export FALCON_CS_API_TOKEN=$(curl \
--data "client_id=${FALCON_CLIENT_ID}&client_secret=${FALCON_CLIENT_SECRET}"\
--request POST \
--silent \
https://${FALCON_CLOUD_API}/oauth2/token | jq -cr '.access_token | values')
export FALCON_ART_USERNAME="fc-$(echo ${FALCON_CID} | awk '{ print tolower($0) }' |
cut -d'-' -f1)"
export FALCON_ART_PASSWORD=$(curl -X GET -H "authorization: Bearer $
{FALCON_CS_API_TOKEN}"
https://${FALCON_CLOUD_API}/container-security/entities/image-registry-
credentials/v1 | jq -cr
'.resources[].token | values')
export REGISTRY_BEARER=$(curl -X GET -s -u "${FALCON_ART_USERNAME}:$
{FALCON_ART_PASSWORD}"
"https://${FALCON_CONTAINER_REGISTRY}/v2/token?=fc-${CID}&scope=repository:falcon-
sensor/${FALCON_REGION}/release/falcon-sensor:pull&service=$
{FALCON_CONTAINER_REGISTRY}" | jq -r '.token')
curl -sSL -o falcon-container-sensor-pull.sh
"https://raw.githubusercontent.com/CrowdStrike/falcon-scripts/main/bash/
containers/falcon-container-sensor-pull/falcon-container-sensor-pull.sh"
chmod +x falcon-container-sensor-pull.sh
./falcon-container-sensor-pull.sh \
-u $FALCON_CLIENT_ID \
-s $FALCON_CLIENT_SECRET \
--list-tags \
-t falcon-sensor
export FALCON_IMAGE_REPO=registry.crowdstrike.com/falcon-sensor/us-2/release/
falcon-sensor
export FALCON_IMAGE_TAG=7.18.0-17106-1.falcon-linux.Release.US-2
./falcon-container-sensor-pull.sh \
-u $FALCON_CLIENT_ID \
-s $FALCON_CLIENT_SECRET \
--dump-credentials
export FALCON_ART_USERNAME=fc-cfbfb4e8d05840dca56db3940928277d
export
FALCON_ART_PASSWORD=cmVmdGtuOjAxOjAwMDAwMDAwMDA6RVo1NmFhR1QzMjBkdlhSOUhIVEFUR3loVWt
5
export PARTIALPULLTOKEN=$(echo -n "$FALCON_ART_USERNAME:$FALCON_ART_PASSWORD" |
base64 -w 0)
export FALCON_IMAGE_PULL_TOKEN=$(echo "{\"auths\":{\"registry.crowdstrike.com\":
{\"auth\":\"$PARTIALPULLTOKEN\"}}}" | base64 -w 0)
microk8s helm repo add crowdstrike https://crowdstrike.github.io/falcon-helm
microk8s helm repo update
microk8s helm repo list
export FALCON_SENSOR_REPO=crowdstrike/falcon-sensor
microk8s helm show values $FALCON_SENSOR_REPO
export FALCON_NAMESPACE=falcon-system
kubectl create namespace $FALCON_NAMESPACE
kubectl label ns --overwrite $FALCON_NAMESPACE
pod-security.kubernetes.io/enforce=privileged
microk8s helm install falcon-sensor $FALCON_SENSOR_REPO \
-n $FALCON_NAMESPACE \
--set falcon.cid=$FALCON_CID \
--set node.image.repository=$FALCON_IMAGE_REPO \
--set node.image.tag=$FALCON_IMAGE_TAG \
--set node.image.registryConfigJSON=$FALCON_IMAGE_PULL_TOKEN
--set node.enabled=true \
--set container.enabled=false
export
FALCON_IMAGE_PULL_TOKEN=eyJhdXRocyI6IHsgInJlZ2lzdHJ5LmNyb3dkc3RyaWtlLmNvbSI6IHsgImF
1dGgiOiAiYTNBdFkyWmlabUkwWlRoa01EVTROREJrWTJFMU5tUmlNemswTURreU9ESTNOMlE2WTIxV2JXUk
hkSFZQYWtGNFQycEJkMDFFUVhkTlJFRjNUVVJCTmxwNlFtNWpiR2d5V2tkS1JHTlZiSHBOYm1oVFVXcGFVM
VJ1YUROUFZYUlRVVEJ3UXc9PSIgfSB9IH0=
kubectl exec -it falcon-sensor-injector-7b88d8cb7-6fm5j -n falcon-system -- env

export FALCON_IMAGE_REPO=registry.crowdstrike.com/kubernetes_protection/kpagent
export FALCON_IMAGE_TAG=0.2117.0

You might also like