feat: add support for falco custom rules (#1658)

_sub/security/falco/main.tf

@@ -41,7 +41,7 @@ resource "github_repository_file" "helm_patch" {
     stream_enabled               = var.stream_enabled
     stream_webhook_url           = var.stream_webhook_url
     stream_channel_name          = var.stream_channel_name
-
+    custom_rules                 = var.custom_rules
   })
   overwrite_on_create = var.overwrite_on_create
 }

_sub/security/falco/values/patch.yaml

@@ -28,6 +28,9 @@ spec:
         enabled: true
     webserver:
       prometheus_metrics_enabled: true
+    customRules:
+        falco_custom_rules.yaml: |-
+          ${custom_rules}
     falcosidekick:
       enabled: true
       webui:

_sub/security/falco/vars.tf

@@ -100,4 +100,10 @@ variable "stream_channel_name" {
   type = string
   default = ""
   description = "Channel name for falco stream. Example: #falco-stream"
+}
+
+variable "custom_rules" {
+  type = string
+  default = ""
+  description = "Custom rules to be added to the falco config"
 }

compute/k8s-services/main.tf

@@ -1047,6 +1047,7 @@ module "falco" {
   stream_enabled               = var.falco_stream_enabled
   stream_webhook_url           = var.falco_stream_webhook_url
   stream_channel_name          = var.falco_stream_channel_name
+  custom_rules                 = var.falco_custom_rules
 
   providers = {
     github = github.fluxcd

compute/k8s-services/vars.tf

@@ -1478,3 +1478,9 @@ variable "falco_stream_channel_name" {
   default     = ""
   description = "Channel name for falco stream. Example: #falco-stream"
 }
+
+variable "falco_custom_rules" {
+  type = string
+  default = ""
+  description = "Custom rules to be added to the falco config"
+}