From 7ac2476a735be58d3ac85514be0d84d6b80a2596 Mon Sep 17 00:00:00 2001 From: Yevhen Ivantsov Date: Fri, 7 Nov 2025 09:53:12 +1100 Subject: [PATCH] Add extra volumes and mounts, make automount sa token configurable Signed-off-by: Yevhen Ivantsov --- .../falcon-sensor/templates/_helpers.tpl | 19 +++++++++++++++++++ .../falcon-sensor/templates/daemonset.yaml | 3 +++ helm-charts/falcon-sensor/values.schema.json | 10 ++++++++++ helm-charts/falcon-sensor/values.yaml | 6 ++++++ 4 files changed, 38 insertions(+) diff --git a/helm-charts/falcon-sensor/templates/_helpers.tpl b/helm-charts/falcon-sensor/templates/_helpers.tpl index ee8d3c65..fb96f6a5 100644 --- a/helm-charts/falcon-sensor/templates/_helpers.tpl +++ b/helm-charts/falcon-sensor/templates/_helpers.tpl @@ -284,3 +284,22 @@ Get sidecar container registry config json from global value if it exists {{- .Values.container.image.pullSecrets.registryConfigJSON | default "" -}} {{- end -}} {{- end -}} + + +{{/* +Extra volume mounts for falcon-sensor container +*/}} +{{- define "falcon-sensor.extraVolumeMounts" -}} +{{- if .Values.container.extraVolumeMounts }} +{{- toYaml .Values.container.extraVolumeMounts }} +{{- end -}} +{{- end -}} + +{{/* +Extra volumes for falcon-sensor container +*/}} +{{- define "falcon-sensor.extraVolumes" -}} +{{- if .Values.container.extraVolumes }} +{{- toYaml .Values.container.extraVolumes }} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/helm-charts/falcon-sensor/templates/daemonset.yaml b/helm-charts/falcon-sensor/templates/daemonset.yaml index a864f057..9c935b40 100644 --- a/helm-charts/falcon-sensor/templates/daemonset.yaml +++ b/helm-charts/falcon-sensor/templates/daemonset.yaml @@ -184,11 +184,14 @@ spec: volumeMounts: - name: falconstore mountPath: /opt/CrowdStrike/falconstore + {{- include "falcon-sensor.extraVolumeMounts" . | nindent 10 }} volumes: - name: falconstore hostPath: path: /opt/CrowdStrike/falconstore + {{- include "falcon-sensor.extraVolumes" . | nindent 8 }} serviceAccountName: {{ .Values.serviceAccount.name }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} terminationGracePeriodSeconds: {{ .Values.node.terminationGracePeriod }} {{- if or .Values.node.daemonset.priorityClassName .Values.node.gke.autopilot }} priorityClassName: {{ include "falcon-sensor.priorityClassName" . }} diff --git a/helm-charts/falcon-sensor/values.schema.json b/helm-charts/falcon-sensor/values.schema.json index a6ec9af6..a19a92f3 100644 --- a/helm-charts/falcon-sensor/values.schema.json +++ b/helm-charts/falcon-sensor/values.schema.json @@ -295,6 +295,12 @@ "enabled" ], "properties": { + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, "tolerations": { "type": "array" }, @@ -497,6 +503,10 @@ "iam.gke.io/gcp-service-account": "my-service-account@my-project.iam.gserviceaccount.com" } ] + }, + "automountServiceAccountToken": { + "type": "boolean", + "default": "false" } } }, diff --git a/helm-charts/falcon-sensor/values.yaml b/helm-charts/falcon-sensor/values.yaml index 6b15d418..fefb335e 100644 --- a/helm-charts/falcon-sensor/values.yaml +++ b/helm-charts/falcon-sensor/values.yaml @@ -260,9 +260,15 @@ container: cpu: 10m memory: 20Mi + # Additional volume mounts in falcon sensor container + extraVolumeMounts: [] + # Additional volumes in falcon-sensor pod + extraVolumes: [] + serviceAccount: name: crowdstrike-falcon-sa annotations: {} + automountServiceAccountToken: true # Deploys the test suite during install for testing purposes. testing: