'Falco k8s, when add an exception, some fields become null
If I add an exception to the rule 'The docker client is executed in a container' like:
exceptions:
- name: kube_mon
fields: [container.image.repository, k8s.ns.name, k8s.pod.name]
comps: [=, =, startswith]
values:
- [repo/myimg, myns, my-pod-]
I start receiving Warnings where the mentioned fields are null (instead of not receiving them at all) : screen: [1]: https://i.stack.imgur.com/1RTiJ.png
Same exceptions added to the rule 'Contact K8S API Server From Container' works ok and my pods are filtered out from logging.
How can I solve it?
Thanks.
Falco 0.31.1
Chart falco-1.17.4
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|