diff --git a/helm-charts/falcon-image-analyzer/Chart.yaml b/helm-charts/falcon-image-analyzer/Chart.yaml
index a4f77006..7b5dfcb6 100644
--- a/helm-charts/falcon-image-analyzer/Chart.yaml
+++ b/helm-charts/falcon-image-analyzer/Chart.yaml
@@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.1.20
+version: 1.1.21
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
diff --git a/helm-charts/falcon-image-analyzer/README.md b/helm-charts/falcon-image-analyzer/README.md
index abe06653..ca4d65e0 100644
--- a/helm-charts/falcon-image-analyzer/README.md
+++ b/helm-charts/falcon-image-analyzer/README.md
@@ -47,6 +47,7 @@ The Falcon Image Analyzer Helm chart has been tested to deploy on the following
| Helm Chart Version | Falcon Image Analyzer Version | Notes |
|:-------------------|:------------------------------|:-------------------------------------------------------------------------------------------------|
+| `1.1.21` | `>= 1.0.24` | Added support for providing `AGENT_CID` through `crowdstrikeConfig.existingSecret`. |
| `1.1.20` | `>= 1.0.24` | falcon-imageanalyzer images now use a non-regionalized unified image repo, starting with 1.0.24. |
| `1.1.19` | `>= 1.0.21` | — |
| `1.1.18` | `>= 1.0.21` | — |
@@ -54,6 +55,9 @@ The Falcon Image Analyzer Helm chart has been tested to deploy on the following
## New updates in current release
+### Helm (1.1.21) + iar 1.0.24
+- Added support for providing the Falcon CID through `crowdstrikeConfig.existingSecret` using `AGENT_CID`.
+
### Helm (1.1.19) + iar 1.0.23
- Adding support for excluding specific images from scanning.
@@ -117,11 +121,11 @@ The following tables list the Falcon sensor configurable parameters and their de
| `crowdstrikeConfig.clusterName` optional | Cluster name | None |
| `crowdstrikeConfig.enableDebug` optional | Set to `true` for debug level log verbosity. | false |
| `crowdstrikeConfig.enableKlogs` optional | Set to `true` for kubernetes api log verbosity. | false |
-| `crowdstrikeConfig.clientID` required | CrowdStrike Falcon OAuth API Client ID | None |
-| `crowdstrikeConfig.clientSecret` required | CrowdStrike Falcon OAuth API Client secret | None |
-| `crowdstrikeConfig.cid` required | Customer ID (CID) | None |
+| `crowdstrikeConfig.clientID` required unless using an existing secret | CrowdStrike Falcon OAuth API Client ID | None |
+| `crowdstrikeConfig.clientSecret` required unless using an existing secret | CrowdStrike Falcon OAuth API Client secret | None |
+| `crowdstrikeConfig.cid` required unless using `global.falcon.cid` or an existing secret | Customer ID (CID) | None |
| `crowdstrikeConfig.dockerAPIToken` optional | Crowdstrike Artifactory Image Pull Token for pulling IAR image directly from `[CROWDSTRIKE_IMAGE_REGISTRY] described below` | None |
-| `crowdstrikeConfig.existingSecret` optional | Existing secret ref name of the customer Kubernetes cluster | None |
+| `crowdstrikeConfig.existingSecret` optional | Existing secret ref name containing `AGENT_CID`, `AGENT_CLIENT_ID`, and `AGENT_CLIENT_SECRET` | None |
| `crowdstrikeConfig.agentRegion` required | Region of the CrowdStrike API to connect to value should be one of `us-1/us-2/eu-1/gov1/gov2` | None |
| `crowdstrikeConfig.agentRuntime` required ( if daemonset ) | The underlying runtime of the OS. docker/containerd/podman/crio. ONLY TO BE USED with `daemonset.enabled` = `true` | None |
| `crowdstrikeConfig.agentRuntimeSocket` optional | The unix socket path for the runtime socket. For example: `unix///var/run/docker.sock`. ONLY TO BE USED with ONLY TO BE USED with `daemonset.enabled` = `true` | None |
diff --git a/helm-charts/falcon-image-analyzer/templates/_helpers.tpl b/helm-charts/falcon-image-analyzer/templates/_helpers.tpl
index 218a220d..71a7c5eb 100644
--- a/helm-charts/falcon-image-analyzer/templates/_helpers.tpl
+++ b/helm-charts/falcon-image-analyzer/templates/_helpers.tpl
@@ -229,7 +229,7 @@ Get Falcon CID from global value if it exists
{{- if and .Values.global.falcon.cid (not .Values.crowdstrikeConfig.cid) -}}
{{- .Values.global.falcon.cid -}}
{{- else -}}
-{{- .Values.crowdstrikeConfig.cid -}}
+{{- .Values.crowdstrikeConfig.cid | default "" -}}
{{- end -}}
{{- end -}}
@@ -244,6 +244,17 @@ Get Falcon secret name from global value if it exists
{{- end -}}
{{- end -}}
+{{/*
+Validate that Falcon CID is provided directly or by an existing secret.
+*/}}
+{{- define "falcon-image-analyzer.validateFalconCidOrFalconSecret" -}}
+{{- $hasCid := include "falcon-image-analyzer.falconCid" . | trim -}}
+{{- $hasSecret := include "falcon-image-analyzer.falconSecretName" . | trim -}}
+{{- if and (not $hasCid) (not $hasSecret) -}}
+{{- fail "Must configure one of global.falcon.cid, crowdstrikeConfig.cid, or an existing secret with AGENT_CID data" }}
+{{- end -}}
+{{- end -}}
+
{{/*
Get container registry pull secret from global value if it exists
*/}}
diff --git a/helm-charts/falcon-image-analyzer/templates/configmap.yaml b/helm-charts/falcon-image-analyzer/templates/configmap.yaml
index c3f822ed..5d84d4cc 100644
--- a/helm-charts/falcon-image-analyzer/templates/configmap.yaml
+++ b/helm-charts/falcon-image-analyzer/templates/configmap.yaml
@@ -1,3 +1,5 @@
+{{- include "falcon-image-analyzer.validateFalconCidOrFalconSecret" . }}
+{{- $falconCid := include "falcon-image-analyzer.falconCid" . | trim }}
apiVersion: v1
kind: ConfigMap
metadata:
@@ -12,7 +14,9 @@ data:
IS_KUBERNETES: {{ include "falcon-image-analyzer.isKubernetes" . | quote }}
AGENT_HELM_VERSION: {{ .Chart.Version | quote }}
LOG_OUTPUT: {{ .Values.log.output | quote }}
- AGENT_CID: {{ include "falcon-image-analyzer.falconCid" . | quote }}
+ {{- if $falconCid }}
+ AGENT_CID: {{ $falconCid | quote }}
+ {{- end }}
AGENT_CLUSTER_NAME: {{ .Values.crowdstrikeConfig.clusterName | quote }}
AGENT_REGISTRY_CREDENTIALS: {{ .Values.privateRegistries.credentials | quote }}
AGENT_NAMESPACE_EXCLUSIONS: {{ .Values.exclusions.namespace | quote }}
diff --git a/helm-charts/falcon-image-analyzer/values.schema.json b/helm-charts/falcon-image-analyzer/values.schema.json
index cd0e08b2..3e46888a 100644
--- a/helm-charts/falcon-image-analyzer/values.schema.json
+++ b/helm-charts/falcon-image-analyzer/values.schema.json
@@ -235,6 +235,19 @@
"pattern": "^[0-9a-fA-F]{32}-[0-9a-fA-F]{2}$"
}
}
+ },
+ "falconSecret": {
+ "type": "object",
+ "properties": {
+ "enabled": {
+ "type": "boolean",
+ "default": false
+ },
+ "secretName": {
+ "type": "string",
+ "description": "Name of existing Kubernetes secret containing Falcon configuration values"
+ }
+ }
}
}
}
@@ -308,19 +321,49 @@
},
{
"if": {
- "properties": {
- "global": {
+ "allOf": [
+ {
"properties": {
- "falcon": {
+ "global": {
"properties": {
- "cid": {
- "const": null
+ "falcon": {
+ "properties": {
+ "cid": {
+ "const": null
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ {
+ "properties": {
+ "global": {
+ "properties": {
+ "falconSecret": {
+ "properties": {
+ "secretName": {
+ "const": ""
+ }
+ }
+ }
+ }
+ }
+ }
+ },
+ {
+ "properties": {
+ "crowdstrikeConfig": {
+ "properties": {
+ "existingSecret": {
+ "const": ""
}
}
}
}
}
- }
+ ]
},
"then": {
"properties": {
diff --git a/helm-charts/falcon-image-analyzer/values.yaml b/helm-charts/falcon-image-analyzer/values.yaml
index 69b8c97e..b9056cf2 100644
--- a/helm-charts/falcon-image-analyzer/values.yaml
+++ b/helm-charts/falcon-image-analyzer/values.yaml
@@ -209,7 +209,7 @@ crowdstrikeConfig:
# Use this value if you have an existing secret
# defined in your k8s that may contain secrets
- # for falcon api client id and pw
+ # for Falcon CID, api client id, and pw
existingSecret: ""
agentRegion: "autodiscovery"
agentRuntime: ""
@@ -226,6 +226,7 @@ global:
falcon:
cid:
falconSecret:
+ enabled: false
secretName: ""
containerRegistry:
pullSecret: ""
diff --git a/helm-charts/falcon-platform/Chart.lock b/helm-charts/falcon-platform/Chart.lock
index 04fffa2d..47ae2a09 100644
--- a/helm-charts/falcon-platform/Chart.lock
+++ b/helm-charts/falcon-platform/Chart.lock
@@ -7,6 +7,6 @@ dependencies:
version: 1.6.0
- name: falcon-image-analyzer
repository: file://../falcon-image-analyzer
- version: 1.1.20
-digest: sha256:df5d3f9047c9ae430112c5c69860afc7f9a27771590ea9a872e85cd8ae27ae11
-generated: "2026-05-05T10:37:59.520948-04:00"
+ version: 1.1.21
+digest: sha256:03ecf92048161d9348dee071f7e64d8399140fb915a4d03738dac7a4a33f3cea
+generated: "2026-06-10T07:29:50.844508-05:00"
diff --git a/helm-charts/falcon-platform/Chart.yaml b/helm-charts/falcon-platform/Chart.yaml
index 3ff59a24..2177c0d9 100644
--- a/helm-charts/falcon-platform/Chart.yaml
+++ b/helm-charts/falcon-platform/Chart.yaml
@@ -8,7 +8,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.4.0
+version: 1.4.1
keywords:
- CrowdStrike
@@ -43,6 +43,6 @@ dependencies:
repository: file://../falcon-kac
condition: falcon-kac.enabled
- name: falcon-image-analyzer
- version: 1.1.20
+ version: 1.1.21
repository: file://../falcon-image-analyzer
condition: falcon-image-analyzer.enabled
diff --git a/helm-charts/falcon-platform/README.md b/helm-charts/falcon-platform/README.md
index 7df63d71..4d2f78fa 100644
--- a/helm-charts/falcon-platform/README.md
+++ b/helm-charts/falcon-platform/README.md
@@ -64,6 +64,7 @@ The table below shows the subchart versions bundled with each falcon-platform re
| falcon-platform | falcon-sensor | falcon-kac | falcon-image-analyzer |
|:----------------|:--------------|:-----------|:----------------------|
+| `1.4.1` | `1.36.0` | `1.6.0` | `1.1.21` |
| `1.4.0` | `1.36.0` | `1.6.0` | `1.1.20` |
| `1.3.0` | `1.35.0` | `1.6.0` | `1.1.20` |
| `1.2.0` | `1.34.2` | `1.6.0` | `1.1.18` |
@@ -71,6 +72,18 @@ The table below shows the subchart versions bundled with each falcon-platform re
| `1.0.0` | `1.34.1` | `1.5.1` | `1.1.16` |
+
+falcon-platform 1.4.1
+
+| Component | Helm Version | Sensor Version | Notes |
+|:----------|:--------|:---------------|:------|
+| falcon-sensor (node) | `1.36.0` | `>= 7.35` | — |
+| falcon-sensor (container) | `1.36.0` | `>= 7.37` | Added AI-DR support. |
+| falcon-kac | `1.6.0` | `>= 7.33` | — |
+| falcon-image-analyzer | `1.1.21` | `>= 1.0.24` | Added support for providing `AGENT_CID` through an existing secret. |
+
+
+
falcon-platform 1.4.0
@@ -455,6 +468,7 @@ Falcon Image Analyzer specific configurations must be prefixed with `falcon-imag
Instead of specifying sensitive values directly in Helm values, you can use existing Kubernetes secrets for the following env vars:
- `FALCONCTL_OPT_CID`: Falcon CID - Required for falcon-sensor and falcon-kac
- `FALCONCTL_OPT_PROVISIONING_TOKEN`: Falcon provisioning token - Optional for falcon-sensor and falcon-kac
+- `AGENT_CID`: Falcon CID - Required for falcon-image-analyzer
- `AGENT_CLIENT_ID`: Falcon OAuth client ID - Required for falcon-image-analyzer
- `AGENT_CLIENT_SECRET`: Falcon OAuth client secret - Required for falcon-image-analyzer
@@ -481,6 +495,7 @@ kubectl create secret generic $FALCON_SECRET_NAME -n falcon-kac \
# Create secret with required values for falcon-image-analyzer
kubectl create secret generic $FALCON_SECRET_NAME -n falcon-image-analyzer \
+ --from-literal=AGENT_CID=$FALCON_CID \
--from-literal=AGENT_CLIENT_ID=$FALCON_CLIENT_ID \
--from-literal=AGENT_CLIENT_SECRET=$FALCON_CLIENT_SECRET
```
@@ -501,8 +516,7 @@ helm install falcon-platform crowdstrike/falcon-platform --version 1.0.0 -n falc
--set falcon-image-analyzer.image.repository=$IAR_REGISTRY \
--set falcon-image-analyzer.image.tag=$IAR_IMAGE_TAG \
--set falcon-image-analyzer.crowdstrikeConfig.agentRuntime=$IAR_AGENT_RUNTIME \
- --set falcon-image-analyzer.crowdstrikeConfig.clusterName=$CLUSTER_NAME \
- --set falcon-image-analyzer.crowdstrikeConfig.cid=$FALCON_CID # IAR Falcon CID is not yet supported by existing secrets
+ --set falcon-image-analyzer.crowdstrikeConfig.clusterName=$CLUSTER_NAME
```
## Upgrade Strategy
diff --git a/helm-charts/falcon-platform/values.yaml b/helm-charts/falcon-platform/values.yaml
index cce434c7..a5081d97 100644
--- a/helm-charts/falcon-platform/values.yaml
+++ b/helm-charts/falcon-platform/values.yaml
@@ -19,6 +19,7 @@ global:
# Required data for falcon-sensor and falcon-kac:
# - FALCONCTL_OPT_CID
# Required data for falcon-image-analyzer:
+ # - AGENT_CID
# - AGENT_CLIENT_ID
# - AGENT_CLIENT_SECRET
# Optional data: