Feature: Add option to limit the Container Sensor to Fargate Pods

[CrisNevares]

Currently, if an Amazon EKS Cluster contains both worker nodes and Fargate nodes/pods, the only way to achieve full coverage of the cluster using the falcon-sensor is to inject the Container Sensor as a sidecar to all pods.

Instead, we would like to be able to deploy both the node sensor and the container sensor as part of the same helm installation. This can be achieved by limiting the container sensor to those Fargate pods by adding a toleration to the falcon-sensor-injector Deployment spec. For example:

    spec:
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/os
                operator: In
                values:
                - linux
              - key: eks.amazonaws.com/compute-type
                operator: In
                values:
                - fargate

[redhatrises]

Just to confirm. You want the node sensor to only work on EKS nodes, and the sidecar to only deploy to pods on Fargate nodes whereas today the sidecar sensor will enforce on every pod across an entire cluster. Am I understanding the ask correctly?

[hazcod]

I think we need to be able to customize the nodeSelector, we are having the same issue for deploying falcon to a separate node pool.

[CrisNevares]

Just to confirm. You want the node sensor to only work on EKS nodes, and the sidecar to only deploy to pods on Fargate nodes whereas today the sidecar sensor will enforce on every pod across an entire cluster. Am I understanding the ask correctly?

Yep! That's exactly right.