add FALCON_CLUSTER_NAME env var for unmanages k8s clusters (#741)

JonBruchim · web-flow · commit a25a3e8488af · 2026-01-28T11:41:43.000-05:00
diff --git a/api/falcon/v1alpha1/falconnodesensor_types.go b/api/falcon/v1alpha1/falconnodesensor_types.go
@@ -127,6 +127,10 @@ type FalconNodeSensorConfig struct {
 	// For more information, please see https://github.com/CrowdStrike/falcon-operator/blob/main/docs/ADVANCED.md.
 	// +operator-sdk:csv:customresourcedefinitions:type=spec,displayName="DaemonSet Advanced Settings"
 	Advanced FalconAdvanced `json:"advanced,omitempty"`
+
+	// When running on an unmanaged K8S cluster, set a cluster name. When running on managed, K8S cluster name is resolved cloud-side
+	// +kubebuilder:validation:Pattern="^[0-9a-zA-Z]{1}[0-9a-zA-Z_-]{1,99}$"
+	ClusterName *string `json:"clusterName,omitempty"`
 }
 
 type PriorityClassConfig struct {
diff --git a/api/falcon/v1alpha1/zz_generated.deepcopy.go b/api/falcon/v1alpha1/zz_generated.deepcopy.go
@@ -1325,6 +1325,11 @@ func (in *FalconNodeSensorConfig) DeepCopyInto(out *FalconNodeSensorConfig) {
 		**out = **in
 	}
 	in.Advanced.DeepCopyInto(&out.Advanced)
+	if in.ClusterName != nil {
+		in, out := &in.ClusterName, &out.ClusterName
+		*out = new(string)
+		**out = **in
+	}
 }
 
 // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconNodeSensorConfig.
diff --git a/config/crd/bases/falcon.crowdstrike.com_falcondeployments.yaml b/config/crd/bases/falcon.crowdstrike.com_falcondeployments.yaml
@@ -4033,6 +4033,12 @@ spec:
                         - kernel
                         - bpf
                         type: string
+                      clusterName:
+                        description: When running on an unmanaged K8S cluster, set
+                          a cluster name. When running on managed, K8S cluster name
+                          is resolved cloud-side
+                        pattern: ^[0-9a-zA-Z]{1}[0-9a-zA-Z_-]{1,99}$
+                        type: string
                       disableCleanup:
                         default: false
                         description: |-
diff --git a/config/crd/bases/falcon.crowdstrike.com_falconnodesensors.yaml b/config/crd/bases/falcon.crowdstrike.com_falconnodesensors.yaml
@@ -217,6 +217,12 @@ spec:
                     - kernel
                     - bpf
                     type: string
+                  clusterName:
+                    description: When running on an unmanaged K8S cluster, set a cluster
+                      name. When running on managed, K8S cluster name is resolved
+                      cloud-side
+                    pattern: ^[0-9a-zA-Z]{1}[0-9a-zA-Z_-]{1,99}$
+                    type: string
                   disableCleanup:
                     default: false
                     description: |-
diff --git a/deploy/falcon-operator.yaml b/deploy/falcon-operator.yaml
@@ -7435,6 +7435,12 @@ spec:
                         - kernel
                         - bpf
                         type: string
+                      clusterName:
+                        description: When running on an unmanaged K8S cluster, set
+                          a cluster name. When running on managed, K8S cluster name
+                          is resolved cloud-side
+                        pattern: ^[0-9a-zA-Z]{1}[0-9a-zA-Z_-]{1,99}$
+                        type: string
                       disableCleanup:
                         default: false
                         description: |-
@@ -8931,6 +8937,12 @@ spec:
                     - kernel
                     - bpf
                     type: string
+                  clusterName:
+                    description: When running on an unmanaged K8S cluster, set a cluster
+                      name. When running on managed, K8S cluster name is resolved
+                      cloud-side
+                    pattern: ^[0-9a-zA-Z]{1}[0-9a-zA-Z_-]{1,99}$
+                    type: string
                   disableCleanup:
                     default: false
                     description: |-
diff --git a/docs/deployment/openshift/resources/node/README.md b/docs/deployment/openshift/resources/node/README.md
@@ -67,6 +67,7 @@ spec:
 | node.serviceAccount.annotations     | (optional) Annotations that should be added to the Service Account (e.g. for IAM role association)                                                                                        |
 | node.backend                        | (optional) Configure the backend mode for Falcon Sensor (allowed values: kernel, bpf)                                                                                                     |
 | node.disableCleanup                 | (optional) Cleans up `/opt/CrowdStrike` on the nodes by deleting the files and directory.                                                                                                 |
+| node.clusterName                    | (optional) When running on an unmanaged K8S cluster, set a cluster name. When running on managed K8S (e.g. EKS, GKE, AKS), cluster name is resolved cloud-side                            |
 | node.version                        | (optional) Enforce particular Falcon Sensor version to be installed (example: "6.35", "6.35.0-13207"). Use this field when pulling from CrowdStrike registries (when using Falcon API credentials). For non-CrowdStrike registries, use `node.image` instead. |
 | node.gke.autopilot                  | (optional) Enable GKE Autopilot support for FalconNodeSensor.                                                                                                                             |
 | node.gke.deployAllowListVersion     | (optional) WorkloadAllowlist version for the sensor daemonset when using GKE AutoPilot. (example: "v1.0.3" for crowdstrike-falconsensor-deploy-allowlist-v1.0.3)  |
diff --git a/docs/resources/node/README.md b/docs/resources/node/README.md
@@ -67,6 +67,7 @@ spec:
 | node.serviceAccount.annotations     | (optional) Annotations that should be added to the Service Account (e.g. for IAM role association)                                                                                        |
 | node.backend                        | (optional) Configure the backend mode for Falcon Sensor (allowed values: kernel, bpf)                                                                                                     |
 | node.disableCleanup                 | (optional) Cleans up `/opt/CrowdStrike` on the nodes by deleting the files and directory.                                                                                                 |
+| node.clusterName                    | (optional) When running on an unmanaged K8S cluster, set a cluster name. When running on managed K8S (e.g. EKS, GKE, AKS), cluster name is resolved cloud-side                            |
 | node.version                        | (optional) Enforce particular Falcon Sensor version to be installed (example: "6.35", "6.35.0-13207"). Use this field when pulling from CrowdStrike registries (when using Falcon API credentials). For non-CrowdStrike registries, use `node.image` instead. |
 | node.gke.autopilot                  | (optional) Enable GKE Autopilot support for FalconNodeSensor.                                                                                                                             |
 | node.gke.deployAllowListVersion     | (optional) WorkloadAllowlist version for the sensor daemonset when using GKE AutoPilot. (example: "v1.0.3" for crowdstrike-falconsensor-deploy-allowlist-v1.0.3)  |
diff --git a/docs/src/resources/node.md.tmpl b/docs/src/resources/node.md.tmpl
@@ -67,6 +67,7 @@ spec:
 | node.serviceAccount.annotations     | (optional) Annotations that should be added to the Service Account (e.g. for IAM role association)                                                                                        |
 | node.backend                        | (optional) Configure the backend mode for Falcon Sensor (allowed values: kernel, bpf)                                                                                                     |
 | node.disableCleanup                 | (optional) Cleans up `/opt/CrowdStrike` on the nodes by deleting the files and directory.                                                                                                 |
+| node.clusterName                    | (optional) When running on an unmanaged K8S cluster, set a cluster name. When running on managed K8S (e.g. EKS, GKE, AKS), cluster name is resolved cloud-side                            |
 | node.version                        | (optional) Enforce particular Falcon Sensor version to be installed (example: "6.35", "6.35.0-13207"). Use this field when pulling from CrowdStrike registries (when using Falcon API credentials). For non-CrowdStrike registries, use `node.image` instead. |
 | node.gke.autopilot                  | (optional) Enable GKE Autopilot support for FalconNodeSensor.                                                                                                                             |
 | node.gke.deployAllowListVersion     | (optional) WorkloadAllowlist version for the sensor daemonset when using GKE AutoPilot. (example: "v1.0.3" for crowdstrike-falconsensor-deploy-allowlist-v1.0.3)  |
diff --git a/pkg/node/config_cache.go b/pkg/node/config_cache.go
@@ -6,6 +6,7 @@ import (
 	"fmt"
 	"os"
 	"strings"
+	"unicode"
 
 	falconv1alpha1 "github.com/crowdstrike/falcon-operator/api/falcon/v1alpha1"
 	"github.com/crowdstrike/falcon-operator/internal/controller/common/sensor"
@@ -91,10 +92,42 @@ func (cc *ConfigCache) SensorEnvVars() map[string]string {
 	if cc.nodesensor.Spec.Falcon.Cloud != "" {
 		sensorConfig["FALCONCTL_OPT_CLOUD"] = cc.nodesensor.Spec.Falcon.Cloud
 	}
+	if cc.nodesensor.Spec.Node.ClusterName != nil {
+		sensorConfig["FALCON_CLUSTER_NAME"] = sanitizeClusterName(cc.nodesensor.Spec.Node.ClusterName)
+	}
 
 	return sensorConfig
 }
 
+func sanitizeClusterName(clusterName *string) string {
+	if clusterName == nil {
+		return ""
+	}
+
+	if !isClusterNameValid(*clusterName) {
+		return ""
+	}
+
+	return *clusterName
+}
+
+// isClusterNameValid validates the clusterName.
+// Those rules had been taken from EKS (Amazon AWS).
+// See more at: https://docs.aws.amazon.com/eks/latest/APIReference/API_CreateCluster.html#API_CreateCluster_RequestSyntax
+func isClusterNameValid(clusterName string) bool {
+	if len(clusterName) > 100 || len(clusterName) == 0 {
+		return false
+	}
+
+	if !unicode.IsLetter(rune(clusterName[0])) && !unicode.IsNumber(rune(clusterName[0])) {
+		return false
+	}
+
+	return !strings.ContainsFunc(clusterName, func(r rune) bool {
+		return !unicode.IsLetter(r) && !unicode.IsNumber(r) && r != '-' && r != '_'
+	})
+}
+
 func (cc *ConfigCache) getFalconImage(ctx context.Context, nodesensor *falconv1alpha1.FalconNodeSensor) (string, error) {
 	if nodesensor.Spec.Node.Image != "" {
 		return nodesensor.Spec.Node.Image, nil

Original file line number	Diff line number	Diff line change
`@@ -1325,6 +1325,11 @@ func (in FalconNodeSensorConfig) DeepCopyInto(out FalconNodeSensorConfig) {`
`1325`	`1325`	`out = in`
`1326`	`1326`	`}`
`1327`	`1327`	`in.Advanced.DeepCopyInto(&out.Advanced)`
	`1328`	`+ if in.ClusterName != nil {`
	`1329`	`+ in, out := &in.ClusterName, &out.ClusterName`
	`1330`	`+ *out = new(string)`
	`1331`	`+ out = in`
	`1332`	`+ }`
`1328`	`1333`	`}`
`1329`	`1334`
`1330`	`1335`	`// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new FalconNodeSensorConfig.`