cleanup(falco): remove --userspace flag

Signed-off-by: Andrea Terzolo <[email protected]>

charts/falco/ci/ci-values.yaml

@@ -6,11 +6,10 @@
 driver:
   enabled: false
 
-# make Falco run in userspace only mode
-extra:
-  args:
-    - --userspace
-
+falco:
+  # Run Falco in no driver mode, to avoid injection of kernel modules or eBPF probes
+  engine:
+    kind: none
 # enforce /proc mounting since Falco still tries to scan it
 mounts:
   enforceProcMount: true

charts/falco/templates/_helpers.tpl

@@ -184,13 +184,9 @@ exits. Here we check that no producers for syscalls event has been configured, a
 we just disable the sycall source.
 */}}
 {{- define "falco.configSyscallSource" -}}
-{{- $userspaceDisabled := true -}}
 {{- $gvisorDisabled := (not .Values.gvisor.enabled) -}}
 {{- $driverDisabled :=  (not .Values.driver.enabled) -}}
-{{- if or (has "-u" .Values.extra.args) (has "--userspace" .Values.extra.args) -}}
-{{- $userspaceDisabled = false -}}
-{{- end -}}
-{{- if and $driverDisabled $userspaceDisabled $gvisorDisabled }}
+{{- if and $driverDisabled $gvisorDisabled }}
 - --disable-source
 - syscall
 {{- end -}}
@@ -318,4 +314,4 @@ be temporary and will stay here until we move this logic to the falcoctl tool.
   {{- if .Values.falcoctl.artifact.follow.env }}
   {{- include "falco.renderTemplate" ( dict "value" .Values.falcoctl.artifact.follow.env "context" $) | nindent 4 }}
   {{- end }}
-{{- end -}}
+{{- end -}}

tests/falco-test-ci.yaml

@@ -1,15 +1,11 @@
-# CI values for Falco.
-# To deploy Falco on CI we need to set an argument to bypass the installation
-# of the kernel module, so we bypass that.
-extra:
-  args:
-  - --userspace
-
 falco:
   grpc:
     enabled: true
   grpc_output:
     enabled: true
+  # Run Falco in no driver mode, to avoid injection of kernel modules or eBPF probes
+  engine:
+    kind: none
 
 driver:
   enabled: false