Skip to content

feat: pod reload on configmaps and falco separated configmaps #2057

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

feat: pod reload on configmaps and falco separated configmaps #2057

wants to merge 6 commits into from
+779 −196

Conversation

@chance-coleman
Copy link
Contributor

Description

Previously all Falco configmaps for rules were combined into a single configmap, this raised concerns that over time as those rules change the configmap could become too large. This PR will separate each ruleset out into its own configmap.

Additionally, when Falco ruleset changes and we update a configmap we want our pods to reload so that Falco starts using that new configmap. Previously uds core only supported pod reloading on secret changes, this PR will expand that functionality to work with configmaps as well as secrets.

Related Issue

Fixes #1972

Type of change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Other (security config, docs update, etc)

Checklist before merging

@chance-coleman chance-coleman self-assigned this Oct 22, 2025
@chance-coleman chance-coleman linked an issue Oct 22, 2025 that may be closed by this pull request
Falco Configmap Rework #1972
Open
@chance-coleman chance-coleman marked this pull request as ready for review October 22, 2025 20:48
@chance-coleman chance-coleman requested a review from a team as a code owner October 22, 2025 20:48
mjnagel
mjnagel reviewed Oct 24, 2025
View reviewed changes
Copy link
Contributor

@mjnagel mjnagel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Haven't gotten a chance to deploy locally but the changes to support configmaps look good from a review standpoint. Some other comments on docs mostly.

docs/reference/deployment/resource-pod-reload.md Outdated
@@ -1,14 +1,14 @@
---
title: Secret Pod Reload
title: Resource Pod Reload
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's make sure to add a doc redirect to the docs site since this one has been linked in release notes, etc. I also wonder if it makes more sense to just call it "pod reloading"?

Copy link
Contributor Author

@chance-coleman chance-coleman Oct 24, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah tracking the redirect, put up a PR for that. I like the idea of calling the doc Pod Reload, simpler, more straightforward.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Let's rename the file to match, which should make the docs PR correct 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mjnagel mjnagel mjnagel left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@chance-coleman chance-coleman

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Falco Configmap Rework

2 participants

@chance-coleman @mjnagel