From bedd78b2f1aa2222052355b4e5977377b444ab22 Mon Sep 17 00:00:00 2001
From: Andrea Terzolo <andreaterzolo3@gmail.com>
Date: Fri, 22 Dec 2023 13:02:58 +0100
Subject: [PATCH] cleanup(falco): remove `--userspace` flag

Signed-off-by: Andrea Terzolo <andreaterzolo3@gmail.com>
---
 charts/falco/ci/ci-values.yaml      |  9 ++++-----
 charts/falco/templates/_helpers.tpl |  8 ++------
 tests/falco-test-ci.yaml            | 10 +++-------
 3 files changed, 9 insertions(+), 18 deletions(-)

diff --git a/charts/falco/ci/ci-values.yaml b/charts/falco/ci/ci-values.yaml
index 6b156203d..46c982567 100644
--- a/charts/falco/ci/ci-values.yaml
+++ b/charts/falco/ci/ci-values.yaml
@@ -6,11 +6,10 @@
 driver:
   enabled: false
 
-# make Falco run in userspace only mode
-extra:
-  args:
-    - --userspace
-
+falco:
+  # Run Falco in no driver mode, to avoid injection of kernel modules or eBPF probes
+  engine:
+    kind: none
 # enforce /proc mounting since Falco still tries to scan it
 mounts:
   enforceProcMount: true
diff --git a/charts/falco/templates/_helpers.tpl b/charts/falco/templates/_helpers.tpl
index c64f3fe57..844c1a344 100644
--- a/charts/falco/templates/_helpers.tpl
+++ b/charts/falco/templates/_helpers.tpl
@@ -184,13 +184,9 @@ exits. Here we check that no producers for syscalls event has been configured, a
 we just disable the sycall source.
 */}}
 {{- define "falco.configSyscallSource" -}}
-{{- $userspaceDisabled := true -}}
 {{- $gvisorDisabled := (not .Values.gvisor.enabled) -}}
 {{- $driverDisabled :=  (not .Values.driver.enabled) -}}
-{{- if or (has "-u" .Values.extra.args) (has "--userspace" .Values.extra.args) -}}
-{{- $userspaceDisabled = false -}}
-{{- end -}}
-{{- if and $driverDisabled $userspaceDisabled $gvisorDisabled }}
+{{- if and $driverDisabled $gvisorDisabled }}
 - --disable-source
 - syscall
 {{- end -}}
@@ -318,4 +314,4 @@ be temporary and will stay here until we move this logic to the falcoctl tool.
   {{- if .Values.falcoctl.artifact.follow.env }}
   {{- include "falco.renderTemplate" ( dict "value" .Values.falcoctl.artifact.follow.env "context" $) | nindent 4 }}
   {{- end }}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
diff --git a/tests/falco-test-ci.yaml b/tests/falco-test-ci.yaml
index db2c7ad80..d0491b7b1 100644
--- a/tests/falco-test-ci.yaml
+++ b/tests/falco-test-ci.yaml
@@ -1,15 +1,11 @@
-# CI values for Falco.
-# To deploy Falco on CI we need to set an argument to bypass the installation
-# of the kernel module, so we bypass that.
-extra:
-  args:
-  - --userspace
-
 falco:
   grpc:
     enabled: true
   grpc_output:
     enabled: true
+  # Run Falco in no driver mode, to avoid injection of kernel modules or eBPF probes
+  engine:
+    kind: none
 
 driver:
   enabled: false