chore(deps): Bump lycheeverse/lychee-action from 2.4.0 to 2.5.0

Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 2.4.0 to 2.5.0.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](1d97d84f0b...5c4ee84814)

---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
  dependency-version: 2.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

.github/workflows/links.yml

@@ -17,7 +17,7 @@ jobs:
           fetch-depth: 0
 
       - name: Link Checker
-        uses: lycheeverse/lychee-action@1d97d84f0bc547f7b25f4c2170d87d810dc2fb2c #v2.4.0
+        uses: lycheeverse/lychee-action@5c4ee84814c983aa7164eaee476f014e53ff3963 #v2.5.0
         with:
           args: --no-progress './**/*.yml' './**/*.yaml' './**/*.md' './**/*.gotmpl' './**/*.tpl' './**/OWNERS' './**/LICENSE'
           token: ${{ secrets.GITHUB_TOKE }}

charts/falco/CHANGELOG.md

@@ -3,6 +3,24 @@
 This file documents all notable changes to Falco Helm Chart. The release
 numbering uses [semantic versioning](http://semver.org).
 
+## v6.2.2
+
+* Bump container plugin to 0.3.5
+* Bump k8smeta plugin to 0.3.1
+
+## v6.2.1
+
+* Bump container plugin to 0.3.3
+
+## v6.2.0
+
+* Switch to `collectors.containerEngine` configuration by default
+* Update `collectors.containerEngine.engines` default values
+* Fix containerd socket path configuration
+* Address "container.name shows container.id" issue
+* Address "Missing k8s.pod name, container.name, other metadata with k3s" issue
+* Bump container plugin to 0.3.2
+
 ## v6.1.0
 
 * feat(falco): Add possibility to custom falco pods hostname

charts/falco/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: falco
-version: 6.1.0
+version: 6.2.2
 appVersion: "0.41.3"
 description: Falco
 keywords:

charts/falco/README.md

@@ -583,7 +583,7 @@ If you use a Proxy in your cluster, the requests between `Falco` and `Falcosidek
 
 ## Configuration
 
-The following table lists the main configurable parameters of the falco chart v6.1.0 and their default values. See [values.yaml](./values.yaml) for full list.
+The following table lists the main configurable parameters of the falco chart v6.2.2 and their default values. See [values.yaml](./values.yaml) for full list.
 
 ## Values
 
@@ -597,27 +597,28 @@ The following table lists the main configurable parameters of the falco chart v6
 | certs.existingSecret | string | `""` | Existing secret containing the following key, crt and ca as well as the bundle pem. |
 | certs.server.crt | string | `""` | Certificate used by gRPC and webserver. |
 | certs.server.key | string | `""` | Key used by gRPC and webserver. |
-| collectors.containerEngine | object | `{"enabled":false,"engines":{"bpm":{"enabled":true},"containerd":{"enabled":true,"sockets":["/run/containerd/containerd.sock"]},"cri":{"enabled":true,"sockets":["/run/crio/crio.sock"]},"docker":{"enabled":true,"sockets":["/var/run/docker.sock"]},"libvirt_lxc":{"enabled":true},"lxc":{"enabled":true},"podman":{"enabled":true,"sockets":["/run/podman/podman.sock"]}},"hooks":["create"],"labelMaxLen":100,"pluginRef":"ghcr.io/falcosecurity/plugins/plugin/container:0.3.1","withSize":false}` | This collector is the new container engine collector that replaces the old docker, containerd, crio and podman collectors. It is designed to collect metadata from various container engines and provide a unified interface through the container plugin. When enabled, it will deploy the container plugin and use it to collect metadata from the container engines. Keep in mind that the old collectors (docker, containerd, crio, podman) will use the container plugin to collect metadata under the hood. |
-| collectors.containerEngine.enabled | bool | `false` | Enable Container Engine support. |
+| collectors.containerEngine | object | `{"enabled":true,"engines":{"bpm":{"enabled":true},"containerd":{"enabled":true,"sockets":["/run/host-containerd/containerd.sock"]},"cri":{"enabled":true,"sockets":["/run/containerd/containerd.sock","/run/crio/crio.sock","/run/k3s/containerd/containerd.sock","/run/host-containerd/containerd.sock"]},"docker":{"enabled":true,"sockets":["/var/run/docker.sock"]},"libvirt_lxc":{"enabled":true},"lxc":{"enabled":true},"podman":{"enabled":true,"sockets":["/run/podman/podman.sock"]}},"hooks":["create"],"labelMaxLen":100,"pluginRef":"ghcr.io/falcosecurity/plugins/plugin/container:0.3.5","withSize":false}` | This collector is the new container engine collector that replaces the old docker, containerd, crio and podman collectors. It is designed to collect metadata from various container engines and provide a unified interface through the container plugin. When enabled, it will deploy the container plugin and use it to collect metadata from the container engines. Keep in mind that the old collectors (docker, containerd, crio, podman) will use the container plugin to collect metadata under the hood. |
+| collectors.containerEngine.enabled | bool | `true` | Enable Container Engine support. |
+| collectors.containerEngine.engines | object | `{"bpm":{"enabled":true},"containerd":{"enabled":true,"sockets":["/run/host-containerd/containerd.sock"]},"cri":{"enabled":true,"sockets":["/run/containerd/containerd.sock","/run/crio/crio.sock","/run/k3s/containerd/containerd.sock","/run/host-containerd/containerd.sock"]},"docker":{"enabled":true,"sockets":["/var/run/docker.sock"]},"libvirt_lxc":{"enabled":true},"lxc":{"enabled":true},"podman":{"enabled":true,"sockets":["/run/podman/podman.sock"]}}` | engines specify the container engines that will be used to collect metadata. See https://github.com/falcosecurity/plugins/blob/main/plugins/container/README.md#configuration |
 | collectors.containerEngine.hooks | list | `["create"]` | hooks specify the hooks that will be used to collect metadata from the container engine. The available hooks are: create, start. |
 | collectors.containerEngine.labelMaxLen | int | `100` | labelMaxLen is the maximum length of the labels that can be used in the container plugin. container labels larger than this value won't be collected. |
-| collectors.containerEngine.pluginRef | string | `"ghcr.io/falcosecurity/plugins/plugin/container:0.3.1"` | pluginRef is the OCI reference for the container plugin. It could be a full reference such as "ghcr.io/falcosecurity/plugins/plugin/container:0.3.1". Or just name + tag: container:0.3.1. |
+| collectors.containerEngine.pluginRef | string | `"ghcr.io/falcosecurity/plugins/plugin/container:0.3.5"` | pluginRef is the OCI reference for the container plugin. It could be a full reference such as "ghcr.io/falcosecurity/plugins/plugin/container:0.3.5". Or just name + tag: container:0.3.5. |
 | collectors.containerEngine.withSize | bool | `false` | withSize specifies whether to enable container size inspection, which is inherently slow. |
-| collectors.containerd | object | `{"enabled":true,"socket":"/run/containerd/containerd.sock"}` | This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead. |
-| collectors.containerd.enabled | bool | `true` | Enable ContainerD support. |
-| collectors.containerd.socket | string | `"/run/containerd/containerd.sock"` | The path of the ContainerD socket. |
-| collectors.crio | object | `{"enabled":true,"socket":"/run/crio/crio.sock"}` | This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead. |
-| collectors.crio.enabled | bool | `true` | Enable CRI-O support. |
+| collectors.containerd | object | `{"enabled":false,"socket":"/run/host-containerd/containerd.sock"}` | This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead. |
+| collectors.containerd.enabled | bool | `false` | Enable ContainerD support. |
+| collectors.containerd.socket | string | `"/run/host-containerd/containerd.sock"` | The path of the ContainerD socket. |
+| collectors.crio | object | `{"enabled":false,"socket":"/run/crio/crio.sock"}` | This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead. |
+| collectors.crio.enabled | bool | `false` | Enable CRI-O support. |
 | collectors.crio.socket | string | `"/run/crio/crio.sock"` | The path of the CRI-O socket. |
-| collectors.docker | object | `{"enabled":true,"socket":"/var/run/docker.sock"}` | This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead. |
-| collectors.docker.enabled | bool | `true` | Enable Docker support. |
+| collectors.docker | object | `{"enabled":false,"socket":"/var/run/docker.sock"}` | This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead. |
+| collectors.docker.enabled | bool | `false` | Enable Docker support. |
 | collectors.docker.socket | string | `"/var/run/docker.sock"` | The path of the Docker daemon socket. |
 | collectors.enabled | bool | `true` | Enable/disable all the metadata collectors. |
-| collectors.kubernetes | object | `{"collectorHostname":"","collectorPort":"","enabled":false,"hostProc":"/host","pluginRef":"ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.3.0","verbosity":"info"}` | kubernetes holds the configuration for the kubernetes collector. Starting from version 0.37.0 of Falco, the legacy kubernetes client has been removed. A new standalone component named k8s-metacollector and a Falco plugin have been developed to solve the issues that were present in the old implementation. More info here: https://github.com/falcosecurity/falco/issues/2973 |
+| collectors.kubernetes | object | `{"collectorHostname":"","collectorPort":"","enabled":false,"hostProc":"/host","pluginRef":"ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.3.1","verbosity":"info"}` | kubernetes holds the configuration for the kubernetes collector. Starting from version 0.37.0 of Falco, the legacy kubernetes client has been removed. A new standalone component named k8s-metacollector and a Falco plugin have been developed to solve the issues that were present in the old implementation. More info here: https://github.com/falcosecurity/falco/issues/2973 |
 | collectors.kubernetes.collectorHostname | string | `""` | collectorHostname is the address of the k8s-metacollector. When not specified it will be set to match k8s-metacollector service. e.x: falco-k8smetacollecto.falco.svc. If for any reason you need to override it, make sure to set here the address of the k8s-metacollector. It is used by the k8smeta plugin to connect to the k8s-metacollector. |
 | collectors.kubernetes.collectorPort | string | `""` | collectorPort designates the port on which the k8s-metacollector gRPC service listens. If not specified the value of the port named `broker-grpc` in k8s-metacollector.service.ports is used. The default values is 45000. It is used by the k8smeta plugin to connect to the k8s-metacollector. |
 | collectors.kubernetes.enabled | bool | `false` | enabled specifies whether the Kubernetes metadata should be collected using the k8smeta plugin and the k8s-metacollector component. It will deploy the k8s-metacollector external component that fetches Kubernetes metadata and pushes them to Falco instances. For more info see: https://github.com/falcosecurity/k8s-metacollector https://github.com/falcosecurity/charts/tree/master/charts/k8s-metacollector When this option is disabled, Falco falls back to the container annotations to grab the metadata. In such a case, only the ID, name, namespace, labels of the pod will be available. |
-| collectors.kubernetes.pluginRef | string | `"ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.3.0"` | pluginRef is the OCI reference for the k8smeta plugin. It could be a full reference such as: "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.1.0". Or just name + tag: k8smeta:0.1.0. |
+| collectors.kubernetes.pluginRef | string | `"ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.3.1"` | pluginRef is the OCI reference for the k8smeta plugin. It could be a full reference such as: "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.1.0". Or just name + tag: k8smeta:0.1.0. |
 | containerSecurityContext | object | `{}` | Set securityContext for the Falco container.For more info see the "falco.securityContext" helper in "pod-template.tpl" |
 | controller.annotations | object | `{}` |  |
 | controller.daemonset.updateStrategy.type | string | `"RollingUpdate"` | Perform rolling updates by default in the DaemonSet agent ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ |

charts/falco/templates/_helpers.tpl

@@ -440,7 +440,7 @@ This helper is used to add the container plugin to the falco configuration.
 {{ define "falco.containerPlugin" -}}
 {{ if and .Values.driver.enabled .Values.collectors.enabled -}}
 {{ if and (or .Values.collectors.docker.enabled .Values.collectors.crio.enabled .Values.collectors.containerd.enabled) .Values.collectors.containerEngine.enabled -}}
-{{ fail "You can not enable one of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated." }}
+{{ fail "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated." }}
 {{ else if or .Values.collectors.docker.enabled .Values.collectors.crio.enabled .Values.collectors.containerd.enabled .Values.collectors.containerEngine.enabled -}}
 {{ if or .Values.collectors.docker.enabled .Values.collectors.crio.enabled .Values.collectors.containerd.enabled -}}
 {{ $_ := set .Values.collectors.containerEngine.engines.docker "enabled" .Values.collectors.docker.enabled -}}
@@ -482,7 +482,7 @@ This helper is used to add container plugin volumes to the falco pod.
 {{- define "falco.containerPluginVolumes" -}}
 {{- if and .Values.driver.enabled .Values.collectors.enabled -}}
 {{- if and (or .Values.collectors.docker.enabled .Values.collectors.crio.enabled .Values.collectors.containerd.enabled) .Values.collectors.containerEngine.enabled -}}
-{{ fail "You can not enable one of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated." }}
+{{ fail "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated." }}
 {{- end -}}
 {{ $volumes := list -}}
 {{- if .Values.collectors.docker.enabled -}}
@@ -495,10 +495,19 @@ This helper is used to add container plugin volumes to the falco pod.
 {{ $volumes = append $volumes (dict "name" "containerd-socket" "hostPath" (dict "path" .Values.collectors.containerd.socket)) -}}
 {{- end -}}
 {{- if .Values.collectors.containerEngine.enabled -}}
-{{- range $key, $val := .Values.collectors.containerEngine.engines -}}
-{{- if and $val.enabled -}}
+{{- $seenPaths := dict -}}
+{{- $idx := 0 -}}
+{{- $engineOrder := list "docker" "podman" "containerd" "cri" "lxc" "libvirt_lxc" "bpm" -}}
+{{- range $engineName := $engineOrder -}}
+{{- $val := index $.Values.collectors.containerEngine.engines $engineName -}}
+{{- if and $val $val.enabled -}}
 {{- range $index, $socket := $val.sockets -}}
-{{ $volumes = append $volumes (dict "name" (printf "%s-socket-%d" $key $index) "hostPath" (dict "path" $socket)) -}}
+{{- $mountPath := print "/host" $socket -}}
+{{- if not (hasKey $seenPaths $mountPath) -}}
+{{ $volumes = append $volumes (dict "name" (printf "container-engine-socket-%d" $idx) "hostPath" (dict "path" $socket)) -}}
+{{- $idx = add $idx 1 -}}
+{{- $_ := set $seenPaths $mountPath true -}}
+{{- end -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
@@ -515,7 +524,7 @@ This helper is used to add container plugin volumeMounts to the falco pod.
 {{- define "falco.containerPluginVolumeMounts" -}}
 {{- if and .Values.driver.enabled .Values.collectors.enabled -}}
 {{- if and (or .Values.collectors.docker.enabled .Values.collectors.crio.enabled .Values.collectors.containerd.enabled) .Values.collectors.containerEngine.enabled -}}
-{{ fail "You can not enable one of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated." }}
+{{ fail "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated." }}
 {{- end -}}
 {{ $volumeMounts := list -}}
 {{- if .Values.collectors.docker.enabled -}}
@@ -528,16 +537,25 @@ This helper is used to add container plugin volumeMounts to the falco pod.
 {{ $volumeMounts = append $volumeMounts (dict "name" "containerd-socket" "mountPath" (print "/host" .Values.collectors.containerd.socket)) -}}
 {{- end -}}
 {{- if .Values.collectors.containerEngine.enabled -}}
-{{- range $key, $val := .Values.collectors.containerEngine.engines -}}
-{{- if and $val.enabled -}}
+{{- $seenPaths := dict -}}
+{{- $idx := 0 -}}
+{{- $engineOrder := list "docker" "podman" "containerd" "cri" "lxc" "libvirt_lxc" "bpm" -}}
+{{- range $engineName := $engineOrder -}}
+{{- $val := index $.Values.collectors.containerEngine.engines $engineName -}}
+{{- if and $val $val.enabled -}}
 {{- range $index, $socket := $val.sockets -}}
-{{ $volumeMounts = append $volumeMounts (dict "name" (printf "%s-socket-%d" $key $index)  "mountPath" (print "/host" $socket)) -}}
+{{- $mountPath := print "/host" $socket -}}
+{{- if not (hasKey $seenPaths $mountPath) -}}
+{{ $volumeMounts = append $volumeMounts (dict "name" (printf "container-engine-socket-%d" $idx) "mountPath" $mountPath) -}}
+{{- $idx = add $idx 1 -}}
+{{- $_ := set $seenPaths $mountPath true -}}
+{{- end -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{- if gt (len $volumeMounts) 0 -}}
-{{ toYaml $volumeMounts }}
+{{ toYaml ($volumeMounts) }}
 {{- end -}}
 {{- end -}}
 {{- end -}}

charts/falco/tests/unit/containerPlugin/common.go

@@ -2,18 +2,12 @@ package containerPlugin
 
 var volumeNames = []string{
 	"docker-socket",
-	"docker-socket-0",
-	"docker-socket-1",
-	"docker-socket-2",
 	"containerd-socket",
-	"containerd-socket-0",
-	"containerd-socket-1",
-	"containerd-socket-2",
 	"crio-socket",
-	"cri-socket-0",
-	"cri-socket-1",
-	"cri-socket-2",
-	"podman-socket-0",
-	"podman-socket-1",
-	"podman-socket-2",
+	"container-engine-socket-0",
+	"container-engine-socket-1",
+	"container-engine-socket-2",
+	"container-engine-socket-3",
+	"container-engine-socket-4",
+	"container-engine-socket-5",
 }

charts/falco/tests/unit/containerPlugin/containerPluginConfig_test.go

@@ -29,20 +29,10 @@ func TestContainerPluginConfiguration(t *testing.T) {
 			nil,
 			func(t *testing.T, config any) {
 				plugin := config.(map[string]interface{})
-				// Get init config.
 				initConfig, ok := plugin["init_config"]
 				require.True(t, ok)
-				require.Len(t, initConfig, 4, "checking number of config entries in the init section")
 
 				initConfigMap := initConfig.(map[string]interface{})
-				// Check the default values.
-				labelMaxLen := initConfigMap["label_max_len"]
-				require.Equal(t, float64(100), labelMaxLen.(float64), "checking default value for label_max_len")
-				withSize := initConfigMap["with_size"]
-				require.False(t, withSize.(bool), "checking default value for with_size")
-				hooks := initConfigMap["hooks"].([]interface{})
-				require.Len(t, hooks, 1, "checking number of hooks")
-				require.True(t, slices.Contains(hooks, "create"), "checking if create hook is present")
 
 				// Check engines configurations.
 				engines, ok := initConfigMap["engines"].(map[string]interface{})
@@ -58,24 +48,25 @@ func TestContainerPluginConfiguration(t *testing.T) {
 				require.True(t, engineConfig.Docker.Enabled)
 				require.Equal(t, []string{"/var/run/docker.sock"}, engineConfig.Docker.Sockets)
 
-				require.False(t, engineConfig.Podman.Enabled)
+				require.True(t, engineConfig.Podman.Enabled)
 				require.Equal(t, []string{"/run/podman/podman.sock"}, engineConfig.Podman.Sockets)
 
 				require.True(t, engineConfig.Containerd.Enabled)
-				require.Equal(t, []string{"/run/containerd/containerd.sock"}, engineConfig.Containerd.Sockets)
+				require.Equal(t, []string{"/run/host-containerd/containerd.sock"}, engineConfig.Containerd.Sockets)
 
 				require.True(t, engineConfig.CRI.Enabled)
-				require.Equal(t, []string{"/run/crio/crio.sock"}, engineConfig.CRI.Sockets)
+				require.Equal(t, []string{"/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock", "/run/host-containerd/containerd.sock"}, engineConfig.CRI.Sockets)
 
-				require.False(t, engineConfig.LXC.Enabled)
-				require.False(t, engineConfig.LibvirtLXC.Enabled)
-				require.False(t, engineConfig.BPM.Enabled)
+				require.True(t, engineConfig.LXC.Enabled)
+				require.True(t, engineConfig.LibvirtLXC.Enabled)
+				require.True(t, engineConfig.BPM.Enabled)
 			},
 		},
 		{
 			name: "changeDockerSocket",
 			values: map[string]string{
-				"collectors.docker.socket": "/custom/docker.sock",
+				"collectors.containerEngine.engines.docker.enabled":    "true",
+				"collectors.containerEngine.engines.docker.sockets[0]": "/custom/docker.sock",
 			},
 			expected: func(t *testing.T, config any) {
 				plugin := config.(map[string]interface{})
@@ -97,9 +88,10 @@ func TestContainerPluginConfiguration(t *testing.T) {
 			},
 		},
 		{
-			name: "changeCrioSocket",
+			name: "changeCriSocket",
 			values: map[string]string{
-				"collectors.crio.socket": "/custom/crio.sock",
+				"collectors.containerEngine.engines.cri.enabled":    "true",
+				"collectors.containerEngine.engines.cri.sockets[0]": "/custom/cri.sock",
 			},
 			expected: func(t *testing.T, config any) {
 				plugin := config.(map[string]interface{})
@@ -117,13 +109,13 @@ func TestContainerPluginConfiguration(t *testing.T) {
 				require.NoError(t, err)
 
 				require.True(t, engineConfig.CRI.Enabled)
-				require.Equal(t, []string{"/custom/crio.sock"}, engineConfig.CRI.Sockets)
+				require.Equal(t, []string{"/custom/cri.sock"}, engineConfig.CRI.Sockets)
 			},
 		},
 		{
 			name: "disableDockerSocket",
 			values: map[string]string{
-				"collectors.docker.enabled": "false",
+				"collectors.containerEngine.engines.docker.enabled": "false",
 			},
 			expected: func(t *testing.T, config any) {
 				plugin := config.(map[string]interface{})
@@ -144,9 +136,9 @@ func TestContainerPluginConfiguration(t *testing.T) {
 			},
 		},
 		{
-			name: "disableCrioSocket",
+			name: "disableCriSocket",
 			values: map[string]string{
-				"collectors.crio.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled": "false",
 			},
 			expected: func(t *testing.T, config any) {
 				plugin := config.(map[string]interface{})
@@ -169,7 +161,8 @@ func TestContainerPluginConfiguration(t *testing.T) {
 		{
 			name: "changeContainerdSocket",
 			values: map[string]string{
-				"collectors.containerd.socket": "/custom/containerd.sock",
+				"collectors.containerEngine.engines.containerd.enabled":    "true",
+				"collectors.containerEngine.engines.containerd.sockets[0]": "/custom/containerd.sock",
 			},
 			expected: func(t *testing.T, config any) {
 				plugin := config.(map[string]interface{})
@@ -193,7 +186,7 @@ func TestContainerPluginConfiguration(t *testing.T) {
 		{
 			name: "disableContainerdSocket",
 			values: map[string]string{
-				"collectors.containerd.enabled": "false",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
 			},
 			expected: func(t *testing.T, config any) {
 				plugin := config.(map[string]interface{})
@@ -215,12 +208,7 @@ func TestContainerPluginConfiguration(t *testing.T) {
 		},
 		{
 			name:   "defaultContainerEngineConfig",
-			values: map[string]string{
-				"collectors.containerEngine.enabled": "true",
-				"collectors.docker.enabled":          "false",
-				"collectors.containerd.enabled":      "false",
-				"collectors.crio.enabled":            "false",
-			},
+			values: map[string]string{},
 			expected: func(t *testing.T, config any) {
 				plugin := config.(map[string]interface{})
 				initConfig, ok := plugin["init_config"]
@@ -249,10 +237,10 @@ func TestContainerPluginConfiguration(t *testing.T) {
 				require.Equal(t, []string{"/run/podman/podman.sock"}, engineConfig.Podman.Sockets)
 
 				require.True(t, engineConfig.Containerd.Enabled)
-				require.Equal(t, []string{"/run/containerd/containerd.sock"}, engineConfig.Containerd.Sockets)
+				require.Equal(t, []string{"/run/host-containerd/containerd.sock"}, engineConfig.Containerd.Sockets)
 
 				require.True(t, engineConfig.CRI.Enabled)
-				require.Equal(t, []string{"/run/crio/crio.sock"}, engineConfig.CRI.Sockets)
+				require.Equal(t, []string{"/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock", "/run/host-containerd/containerd.sock"}, engineConfig.CRI.Sockets)
 
 				require.True(t, engineConfig.LXC.Enabled)
 				require.True(t, engineConfig.LibvirtLXC.Enabled)
@@ -638,17 +626,17 @@ func TestInvalidCollectorConfiguration(t *testing.T) {
 				"collectors.crio.enabled":            "false",
 				"collectors.containerEngine.enabled": "true",
 			},
-			expectedErr: "You can not enable one of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated.",
+			expectedErr: "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated.",
 		},
 		{
 			name: "containerdAndContainerEngine",
 			values: map[string]string{
 				"collectors.docker.enabled":          "false",
-				"collectoars.containerd.enabled":     "true",
+				"collectors.containerd.enabled":      "true",
 				"collectors.crio.enabled":            "false",
 				"collectors.containerEngine.enabled": "true",
 			},
-			expectedErr: "You can not enable one of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated.",
+			expectedErr: "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated.",
 		},
 		{
 			name: "crioAndContainerEngine",
@@ -658,7 +646,7 @@ func TestInvalidCollectorConfiguration(t *testing.T) {
 				"collectors.crio.enabled":            "true",
 				"collectors.containerEngine.enabled": "true",
 			},
-			expectedErr: "You can not enable one of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated.",
+			expectedErr: "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated.",
 		},
 	}
 
@@ -697,7 +685,7 @@ func TestFalcoctlRefs(t *testing.T) {
 		refs := artifactConfig["install"].(map[string]interface{})["refs"].([]interface{})
 		require.Len(t, refs, 2)
 		require.True(t, slices.Contains(refs, "falco-rules:4"))
-		require.True(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/container:0.3.1"))
+		require.True(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/container:0.3.5"))
 	}
 
 	refShouldNotBeSet := func(t *testing.T, config any) {
@@ -713,7 +701,7 @@ func TestFalcoctlRefs(t *testing.T) {
 		refs := artifactConfig["install"].(map[string]interface{})["refs"].([]interface{})
 		require.Len(t, refs, 1)
 		require.True(t, slices.Contains(refs, "falco-rules:4"))
-		require.False(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/container:0.3.1"))
+		require.False(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/container:0.3.5"))
 	}
 
 	testCases := []struct {

charts/falco/tests/unit/containerPlugin/volumeMounts_test.go

@@ -26,128 +26,148 @@ func TestContainerPluginVolumeMounts(t *testing.T) {
 			name:   "defaultValues",
 			values: nil,
 			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
-				require.Len(t, volumeMounts, 3)
-				require.Equal(t, "docker-socket", volumeMounts[0].Name)
+				require.Len(t, volumeMounts, 6)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
 				require.Equal(t, "/host/var/run/docker.sock", volumeMounts[0].MountPath)
-				require.Equal(t, "crio-socket", volumeMounts[1].Name)
-				require.Equal(t, "/host/run/crio/crio.sock", volumeMounts[1].MountPath)
-				require.Equal(t, "containerd-socket", volumeMounts[2].Name)
-				require.Equal(t, "/host/run/containerd/containerd.sock", volumeMounts[2].MountPath)
+				require.Equal(t, "container-engine-socket-1", volumeMounts[1].Name)
+				require.Equal(t, "/host/run/podman/podman.sock", volumeMounts[1].MountPath)
+				require.Equal(t, "container-engine-socket-2", volumeMounts[2].Name)
+				require.Equal(t, "/host/run/host-containerd/containerd.sock", volumeMounts[2].MountPath)
+				require.Equal(t, "container-engine-socket-3", volumeMounts[3].Name)
+				require.Equal(t, "/host/run/containerd/containerd.sock", volumeMounts[3].MountPath)
+				require.Equal(t, "container-engine-socket-4", volumeMounts[4].Name)
+				require.Equal(t, "/host/run/crio/crio.sock", volumeMounts[4].MountPath)
+				require.Equal(t, "container-engine-socket-5", volumeMounts[5].Name)
+				require.Equal(t, "/host/run/k3s/containerd/containerd.sock", volumeMounts[5].MountPath)
 			},
 		},
 		{
 			name: "defaultDockerVolumeMount",
 			values: map[string]string{
-				"collectors.docker.enabled":     "true",
-				"collectors.containerd.enabled": "false",
-				"collectors.crio.enabled":       "false",
+				"collectors.containerEngine.engines.docker.enabled":     "true",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
 			},
 			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
 				require.Len(t, volumeMounts, 1)
-				require.Equal(t, "docker-socket", volumeMounts[0].Name)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
 				require.Equal(t, "/host/var/run/docker.sock", volumeMounts[0].MountPath)
 			},
 		},
 		{
 			name: "customDockerSocket",
 			values: map[string]string{
-				"collectors.docker.enabled":     "true",
-				"collectors.docker.socket":      "/custom/docker.sock",
-				"collectors.containerd.enabled": "false",
-				"collectors.crio.enabled":       "false",
+				"collectors.containerEngine.engines.docker.enabled":     "true",
+				"collectors.containerEngine.engines.docker.sockets[0]":  "/custom/docker.sock",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
 			},
 			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
 				require.Len(t, volumeMounts, 1)
-				require.Equal(t, "docker-socket", volumeMounts[0].Name)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
 				require.Equal(t, "/host/custom/docker.sock", volumeMounts[0].MountPath)
 			},
 		},
 		{
-			name: "defaultCrioVolumeMount",
+			name: "defaultCriVolumeMount",
 			values: map[string]string{
-				"collectors.docker.enabled":     "false",
-				"collectors.containerd.enabled": "false",
-				"collectors.crio.enabled":       "true",
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "true",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
 			},
 			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
-				require.Len(t, volumeMounts, 1)
-				require.Equal(t, "crio-socket", volumeMounts[0].Name)
-				require.Equal(t, "/host/run/crio/crio.sock", volumeMounts[0].MountPath)
+				require.Len(t, volumeMounts, 4)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
+				require.Equal(t, "/host/run/containerd/containerd.sock", volumeMounts[0].MountPath)
+				require.Equal(t, "container-engine-socket-1", volumeMounts[1].Name)
+				require.Equal(t, "/host/run/crio/crio.sock", volumeMounts[1].MountPath)
+				require.Equal(t, "container-engine-socket-2", volumeMounts[2].Name)
+				require.Equal(t, "/host/run/k3s/containerd/containerd.sock", volumeMounts[2].MountPath)
+				require.Equal(t, "container-engine-socket-3", volumeMounts[3].Name)
+				require.Equal(t, "/host/run/host-containerd/containerd.sock", volumeMounts[3].MountPath)
 			},
 		},
 		{
-			name: "customCrioSocket",
+			name: "customCriSocket",
 			values: map[string]string{
-				"collectors.docker.enabled":     "false",
-				"collectors.containerd.enabled": "false",
-				"collectors.crio.enabled":       "true",
-				"collectors.crio.socket":        "/custom/crio.sock",
+				"collectors.containerEngine.engines.cri.enabled":        "true",
+				"collectors.containerEngine.engines.cri.sockets[0]":     "/custom/crio.sock",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
 			},
 			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
 				require.Len(t, volumeMounts, 1)
-				require.Equal(t, "crio-socket", volumeMounts[0].Name)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
 				require.Equal(t, "/host/custom/crio.sock", volumeMounts[0].MountPath)
 			},
 		},
 		{
 			name: "defaultContainerdVolumeMount",
 			values: map[string]string{
-				"collectors.docker.enabled":     "false",
-				"collectors.containerd.enabled": "true",
-				"collectors.crio.enabled":       "false",
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.containerd.enabled": "true",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
 			},
 			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
 				require.Len(t, volumeMounts, 1)
-				require.Equal(t, "containerd-socket", volumeMounts[0].Name)
-				require.Equal(t, "/host/run/containerd/containerd.sock", volumeMounts[0].MountPath)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
+				require.Equal(t, "/host/run/host-containerd/containerd.sock", volumeMounts[0].MountPath)
 			},
 		},
 		{
 			name: "customContainerdSocket",
 			values: map[string]string{
-				"collectors.docker.enabled":     "false",
-				"collectors.containerd.enabled": "true",
-				"collectors.containerd.socket":  "/custom/containerd.sock",
-				"collectors.crio.enabled":       "false",
+				"collectors.containerEngine.engines.containerd.enabled":    "true",
+				"collectors.containerEngine.engines.containerd.sockets[0]": "/custom/containerd.sock",
+				"collectors.containerEngine.engines.cri.enabled":           "false",
+				"collectors.containerEngine.engines.docker.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":        "false",
 			},
 			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
 				require.Len(t, volumeMounts, 1)
-				require.Equal(t, "containerd-socket", volumeMounts[0].Name)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
 				require.Equal(t, "/host/custom/containerd.sock", volumeMounts[0].MountPath)
 			},
 		},
 		{
 			name:   "ContainerEnginesDefaultValues",
-			values: map[string]string{
-				"collectors.docker.enabled":          "false",
-				"collectors.containerd.enabled":      "false",
-				"collectors.crio.enabled":            "false",
-				"collectors.containerEngine.enabled": "true",
-			},
+			values: map[string]string{},
 			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
-				require.Len(t, volumeMounts, 4)
+				require.Len(t, volumeMounts, 6)
 
-				dockerV := findVolumeMount("docker-socket-0", volumeMounts)
-				require.NotNil(t, dockerV)
-				require.Equal(t, "/host/var/run/docker.sock", dockerV.MountPath)
-				podmanV := findVolumeMount("podman-socket-0", volumeMounts)
-				require.NotNil(t, podmanV)
-				require.Equal(t, "/host/run/podman/podman.sock", podmanV.MountPath)
-				containerdV := findVolumeMount("containerd-socket-0", volumeMounts)
-				require.NotNil(t, containerdV)
-				require.Equal(t, "/host/run/containerd/containerd.sock", containerdV.MountPath)
-				crioV := findVolumeMount("cri-socket-0", volumeMounts)
-				require.NotNil(t, crioV)
-				require.Equal(t, "/host/run/crio/crio.sock", crioV.MountPath)
+				// dockerV := findVolumeMount("docker-socket-0", volumeMounts)
+				// require.NotNil(t, dockerV)
+				// require.Equal(t, "/host/var/run/docker.sock", dockerV.MountPath)
+
+				// podmanV := findVolumeMount("podman-socket-0", volumeMounts)
+				// require.NotNil(t, podmanV)
+				// require.Equal(t, "/host/run/podman/podman.sock", podmanV.MountPath)
+
+				// containerdV := findVolumeMount("containerd-socket-0", volumeMounts)
+				// require.NotNil(t, containerdV)
+				// require.Equal(t, "/host/run/host-containerd/containerd.sock", containerdV.MountPath)
+
+				// crioV0 := findVolumeMount("cri-socket-0", volumeMounts)
+				// require.NotNil(t, crioV0)
+				// require.Equal(t, "/host/run/containerd/containerd.sock", crioV0.MountPath)
+
+				// crioV1 := findVolumeMount("cri-socket-1", volumeMounts)
+				// require.NotNil(t, crioV1)
+				// require.Equal(t, "/host/run/crio/crio.sock", crioV1.MountPath)
+
+				// crioV2 := findVolumeMount("cri-socket-2", volumeMounts)
+				// require.NotNil(t, crioV2)
+				// require.Equal(t, "/host/run/k3s/containerd/containerd.sock", crioV2.MountPath)
 			},
 		},
 		{
 			name: "ContainerEnginesDockerWithMultipleSockets",
 			values: map[string]string{
-				"collectors.docker.enabled":                             "false",
-				"collectors.containerd.enabled":                         "false",
-				"collectors.crio.enabled":                               "false",
-				"collectors.containerEngine.enabled":                    "true",
 				"collectors.containerEngine.engines.docker.enabled":     "true",
 				"collectors.containerEngine.engines.docker.sockets[0]":  "/var/run/docker.sock",
 				"collectors.containerEngine.engines.docker.sockets[1]":  "/custom/docker.sock",
@@ -158,11 +178,11 @@ func TestContainerPluginVolumeMounts(t *testing.T) {
 			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
 				require.Len(t, volumeMounts, 2)
 
-				dockerV0 := findVolumeMount("docker-socket-0", volumeMounts)
+				dockerV0 := findVolumeMount("container-engine-socket-0", volumeMounts)
 				require.NotNil(t, dockerV0)
 				require.Equal(t, "/host/var/run/docker.sock", dockerV0.MountPath)
 
-				dockerV1 := findVolumeMount("docker-socket-1", volumeMounts)
+				dockerV1 := findVolumeMount("container-engine-socket-1", volumeMounts)
 				require.NotNil(t, dockerV1)
 				require.Equal(t, "/host/custom/docker.sock", dockerV1.MountPath)
 			},
@@ -170,10 +190,6 @@ func TestContainerPluginVolumeMounts(t *testing.T) {
 		{
 			name: "ContainerEnginesCrioWithMultipleSockets",
 			values: map[string]string{
-				"collectors.docker.enabled":                             "false",
-				"collectors.containerd.enabled":                         "false",
-				"collectors.crio.enabled":                               "false",
-				"collectors.containerEngine.enabled":                    "true",
 				"collectors.containerEngine.engines.docker.enabled":     "false",
 				"collectors.containerEngine.engines.containerd.enabled": "false",
 				"collectors.containerEngine.engines.cri.enabled":        "true",
@@ -184,11 +200,11 @@ func TestContainerPluginVolumeMounts(t *testing.T) {
 			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
 				require.Len(t, volumeMounts, 2)
 
-				crioV0 := findVolumeMount("cri-socket-0", volumeMounts)
+				crioV0 := findVolumeMount("container-engine-socket-0", volumeMounts)
 				require.NotNil(t, crioV0)
 				require.Equal(t, "/host/run/crio/crio.sock", crioV0.MountPath)
 
-				crioV1 := findVolumeMount("cri-socket-1", volumeMounts)
+				crioV1 := findVolumeMount("container-engine-socket-1", volumeMounts)
 				require.NotNil(t, crioV1)
 				require.Equal(t, "/host/custom/crio.sock", crioV1.MountPath)
 			},
@@ -263,7 +279,7 @@ func TestInvalidVolumeMountConfiguration(t *testing.T) {
 				"collectors.docker.enabled":          "true",
 				"collectors.containerEngine.enabled": "true",
 			},
-			expectedErr: "You can not enable one of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time",
+			expectedErr: "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time",
 		},
 	}
 

charts/falco/tests/unit/containerPlugin/volumes_test.go

@@ -27,93 +27,111 @@ func TestContainerPluginVolumes(t *testing.T) {
 			name:   "defaultValues",
 			values: nil,
 			expected: func(t *testing.T, volumes []corev1.Volume) {
-				require.Len(t, volumes, 3)
-				require.Equal(t, "docker-socket", volumes[0].Name)
+				require.Len(t, volumes, 6)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
 				require.Equal(t, "/var/run/docker.sock", volumes[0].HostPath.Path)
-				require.Equal(t, "crio-socket", volumes[1].Name)
-				require.Equal(t, "/run/crio/crio.sock", volumes[1].HostPath.Path)
-				require.Equal(t, "containerd-socket", volumes[2].Name)
-				require.Equal(t, "/run/containerd/containerd.sock", volumes[2].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/run/podman/podman.sock", volumes[1].HostPath.Path)
+				require.Equal(t, "container-engine-socket-2", volumes[2].Name)
+				require.Equal(t, "/run/host-containerd/containerd.sock", volumes[2].HostPath.Path)
+				require.Equal(t, "container-engine-socket-3", volumes[3].Name)
+				require.Equal(t, "/run/containerd/containerd.sock", volumes[3].HostPath.Path)
+				require.Equal(t, "container-engine-socket-4", volumes[4].Name)
+				require.Equal(t, "/run/crio/crio.sock", volumes[4].HostPath.Path)
+				require.Equal(t, "container-engine-socket-5", volumes[5].Name)
+				require.Equal(t, "/run/k3s/containerd/containerd.sock", volumes[5].HostPath.Path)
 			},
 		},
 		{
 			name: "defaultDockerVolume",
 			values: map[string]string{
-				"collectors.docker.enabled":     "true",
-				"collectors.containerd.enabled": "false",
-				"collectors.crio.enabled":       "false",
+				"collectors.containerEngine.engines.docker.enabled":     "true",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
 			},
 			expected: func(t *testing.T, volumes []corev1.Volume) {
 				require.Len(t, volumes, 1)
-				require.Equal(t, "docker-socket", volumes[0].Name)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
 				require.Equal(t, "/var/run/docker.sock", volumes[0].HostPath.Path)
 			},
 		},
 		{
 			name: "customDockerSocket",
 			values: map[string]string{
-				"collectors.docker.enabled":     "true",
-				"collectors.docker.socket":      "/custom/docker.sock",
-				"collectors.containerd.enabled": "false",
-				"collectors.crio.enabled":       "false",
+				"collectors.containerEngine.engines.docker.enabled":     "true",
+				"collectors.containerEngine.engines.docker.sockets[0]":  "/custom/docker.sock",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
 			},
 			expected: func(t *testing.T, volumes []corev1.Volume) {
 				require.Len(t, volumes, 1)
-				require.Equal(t, "docker-socket", volumes[0].Name)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
 				require.Equal(t, "/custom/docker.sock", volumes[0].HostPath.Path)
 			},
 		},
 		{
-			name: "defaultCrioVolume",
+			name: "defaultCriVolume",
 			values: map[string]string{
-				"collectors.docker.enabled":     "false",
-				"collectors.containerd.enabled": "false",
-				"collectors.crio.enabled":       "true",
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "true",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
 			},
 			expected: func(t *testing.T, volumes []corev1.Volume) {
-				require.Len(t, volumes, 1)
-				require.Equal(t, "crio-socket", volumes[0].Name)
-				require.Equal(t, "/run/crio/crio.sock", volumes[0].HostPath.Path)
+				require.Len(t, volumes, 4)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/run/containerd/containerd.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/run/crio/crio.sock", volumes[1].HostPath.Path)
+				require.Equal(t, "container-engine-socket-2", volumes[2].Name)
+				require.Equal(t, "/run/k3s/containerd/containerd.sock", volumes[2].HostPath.Path)
+				require.Equal(t, "container-engine-socket-3", volumes[3].Name)
+				require.Equal(t, "/run/host-containerd/containerd.sock", volumes[3].HostPath.Path)
 			},
 		},
 		{
 			name: "customCrioSocket",
 			values: map[string]string{
-				"collectors.docker.enabled":     "false",
-				"collectors.containerd.enabled": "false",
-				"collectors.crio.enabled":       "true",
-				"collectors.crio.socket":        "/custom/crio.sock",
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.cri.enabled":        "true",
+				"collectors.containerEngine.engines.cri.sockets[0]":     "/custom/crio.sock",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
 			},
 			expected: func(t *testing.T, volumes []corev1.Volume) {
 				require.Len(t, volumes, 1)
-				require.Equal(t, "crio-socket", volumes[0].Name)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
 				require.Equal(t, "/custom/crio.sock", volumes[0].HostPath.Path)
 			},
 		},
 		{
 			name: "defaultContainerdVolume",
 			values: map[string]string{
-				"collectors.docker.enabled":     "false",
-				"collectors.containerd.enabled": "true",
-				"collectors.crio.enabled":       "false",
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.containerd.enabled": "true",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
 			},
 			expected: func(t *testing.T, volumes []corev1.Volume) {
 				require.Len(t, volumes, 1)
-				require.Equal(t, "containerd-socket", volumes[0].Name)
-				require.Equal(t, "/run/containerd/containerd.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/run/host-containerd/containerd.sock", volumes[0].HostPath.Path)
 			},
 		},
 		{
 			name: "customContainerdSocket",
 			values: map[string]string{
-				"collectors.docker.enabled":     "false",
-				"collectors.containerd.enabled": "true",
-				"collectors.containerd.socket":  "/custom/containerd.sock",
-				"collectors.crio.enabled":       "false",
+				"collectors.containerEngine.engines.docker.enabled":        "false",
+				"collectors.containerEngine.engines.containerd.enabled":    "true",
+				"collectors.containerEngine.engines.containerd.sockets[0]": "/custom/containerd.sock",
+				"collectors.containerEngine.engines.cri.enabled":           "false",
+				"collectors.containerEngine.engines.podman.enabled":        "false",
 			},
 			expected: func(t *testing.T, volumes []corev1.Volume) {
 				require.Len(t, volumes, 1)
-				require.Equal(t, "containerd-socket", volumes[0].Name)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
 				require.Equal(t, "/custom/containerd.sock", volumes[0].HostPath.Path)
 			},
 		},
@@ -127,20 +145,19 @@ func TestContainerPluginVolumes(t *testing.T) {
 				"collectors.containerEngine.enabled": "true",
 			},
 			expected: func(t *testing.T, volumes []corev1.Volume) {
-				require.Len(t, volumes, 4)
-
-				dockerV := findVolume("docker-socket-0", volumes)
-				require.NotNil(t, dockerV)
-				require.Equal(t, "/var/run/docker.sock", dockerV.HostPath.Path)
-				podmanV := findVolume("podman-socket-0", volumes)
-				require.NotNil(t, podmanV)
-				require.Equal(t, "/run/podman/podman.sock", podmanV.HostPath.Path)
-				containerdV := findVolume("containerd-socket-0", volumes)
-				require.NotNil(t, containerdV)
-				require.Equal(t, "/run/containerd/containerd.sock", containerdV.HostPath.Path)
-				crioV := findVolume("cri-socket-0", volumes)
-				require.NotNil(t, crioV)
-				require.Equal(t, "/run/crio/crio.sock", crioV.HostPath.Path)
+				require.Len(t, volumes, 6)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/var/run/docker.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/run/podman/podman.sock", volumes[1].HostPath.Path)
+				require.Equal(t, "container-engine-socket-2", volumes[2].Name)
+				require.Equal(t, "/run/host-containerd/containerd.sock", volumes[2].HostPath.Path)
+				require.Equal(t, "container-engine-socket-3", volumes[3].Name)
+				require.Equal(t, "/run/containerd/containerd.sock", volumes[3].HostPath.Path)
+				require.Equal(t, "container-engine-socket-4", volumes[4].Name)
+				require.Equal(t, "/run/crio/crio.sock", volumes[4].HostPath.Path)
+				require.Equal(t, "container-engine-socket-5", volumes[5].Name)
+				require.Equal(t, "/run/k3s/containerd/containerd.sock", volumes[5].HostPath.Path)
 			},
 		},
 		{
@@ -159,14 +176,10 @@ func TestContainerPluginVolumes(t *testing.T) {
 			},
 			expected: func(t *testing.T, volumes []corev1.Volume) {
 				require.Len(t, volumes, 2)
-
-				dockerV0 := findVolume("docker-socket-0", volumes)
-				require.NotNil(t, dockerV0)
-				require.Equal(t, "/var/run/docker.sock", dockerV0.HostPath.Path)
-
-				dockerV1 := findVolume("docker-socket-1", volumes)
-				require.NotNil(t, dockerV1)
-				require.Equal(t, "/custom/docker.sock", dockerV1.HostPath.Path)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/var/run/docker.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/custom/docker.sock", volumes[1].HostPath.Path)
 			},
 		},
 		{
@@ -185,14 +198,10 @@ func TestContainerPluginVolumes(t *testing.T) {
 			},
 			expected: func(t *testing.T, volumes []corev1.Volume) {
 				require.Len(t, volumes, 2)
-
-				crioV0 := findVolume("cri-socket-0", volumes)
-				require.NotNil(t, crioV0)
-				require.Equal(t, "/run/crio/crio.sock", crioV0.HostPath.Path)
-
-				crioV1 := findVolume("cri-socket-1", volumes)
-				require.NotNil(t, crioV1)
-				require.Equal(t, "/custom/crio.sock", crioV1.HostPath.Path)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/run/crio/crio.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/custom/crio.sock", volumes[1].HostPath.Path)
 			},
 		},
 		{
@@ -211,14 +220,10 @@ func TestContainerPluginVolumes(t *testing.T) {
 			},
 			expected: func(t *testing.T, volumes []corev1.Volume) {
 				require.Len(t, volumes, 2)
-
-				podmanV0 := findVolume("podman-socket-0", volumes)
-				require.NotNil(t, podmanV0)
-				require.Equal(t, "/run/podman/podman.sock", podmanV0.HostPath.Path)
-
-				podmanV1 := findVolume("podman-socket-1", volumes)
-				require.NotNil(t, podmanV1)
-				require.Equal(t, "/custom/podman.sock", podmanV1.HostPath.Path)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/run/podman/podman.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/custom/podman.sock", volumes[1].HostPath.Path)
 			},
 		},
 		{
@@ -237,14 +242,10 @@ func TestContainerPluginVolumes(t *testing.T) {
 			},
 			expected: func(t *testing.T, volumes []corev1.Volume) {
 				require.Len(t, volumes, 2)
-
-				containerdV0 := findVolume("containerd-socket-0", volumes)
-				require.NotNil(t, containerdV0)
-				require.Equal(t, "/run/containerd/containerd.sock", containerdV0.HostPath.Path)
-
-				containerdV1 := findVolume("containerd-socket-1", volumes)
-				require.NotNil(t, containerdV1)
-				require.Equal(t, "/custom/containerd.sock", containerdV1.HostPath.Path)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/run/containerd/containerd.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/custom/containerd.sock", volumes[1].HostPath.Path)
 			},
 		},
 		{
@@ -264,22 +265,14 @@ func TestContainerPluginVolumes(t *testing.T) {
 			},
 			expected: func(t *testing.T, volumes []corev1.Volume) {
 				require.Len(t, volumes, 4)
-
-				dockerV0 := findVolume("docker-socket-0", volumes)
-				require.NotNil(t, dockerV0)
-				require.Equal(t, "/custom/docker/socket.sock", dockerV0.HostPath.Path)
-
-				containerdV0 := findVolume("containerd-socket-0", volumes)
-				require.NotNil(t, containerdV0)
-				require.Equal(t, "/run/containerd/containerd.sock", containerdV0.HostPath.Path)
-
-				crioV0 := findVolume("cri-socket-0", volumes)
-				require.NotNil(t, crioV0)
-				require.Equal(t, "/var/custom/crio.sock", crioV0.HostPath.Path)
-
-				podmanV0 := findVolume("podman-socket-0", volumes)
-				require.NotNil(t, podmanV0)
-				require.Equal(t, "/run/podman/podman.sock", podmanV0.HostPath.Path)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/custom/docker/socket.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/run/podman/podman.sock", volumes[1].HostPath.Path)
+				require.Equal(t, "container-engine-socket-2", volumes[2].Name)
+				require.Equal(t, "/run/host-containerd/containerd.sock", volumes[2].HostPath.Path)
+				require.Equal(t, "container-engine-socket-3", volumes[3].Name)
+				require.Equal(t, "/var/custom/crio.sock", volumes[3].HostPath.Path)
 			},
 		},
 		{
@@ -349,7 +342,7 @@ func TestInvalidVolumeConfiguration(t *testing.T) {
 				"collectors.docker.enabled":          "true",
 				"collectors.containerEngine.enabled": "true",
 			},
-			expectedErr: "You can not enable one of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time",
+			expectedErr: "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time",
 		},
 	}
 

charts/falco/tests/unit/k8smetaPlugin/k8smetacollectorDependency_test.go

@@ -18,12 +18,13 @@ package k8smetaPlugin
 import (
 	"encoding/json"
 	"fmt"
-	"github.com/falcosecurity/charts/charts/falco/tests/unit"
 	"path/filepath"
 	"regexp"
 	"strings"
 	"testing"
 
+	"github.com/falcosecurity/charts/charts/falco/tests/unit"
+
 	"slices"
 
 	"github.com/gruntwork-io/terratest/modules/helm"
@@ -589,8 +590,8 @@ func TestFalcoctlRefs(t *testing.T) {
 		refs := artifactConfig["install"].(map[string]interface{})["refs"].([]interface{})
 		require.Len(t, refs, 3)
 		require.True(t, slices.Contains(refs, "falco-rules:4"))
-		require.True(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.3.0"))
-		require.True(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/container:0.3.1"))
+		require.True(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.3.1"))
+		require.True(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/container:0.3.5"))
 	}
 
 	testCases := []struct {

charts/falco/values.yaml

@@ -365,21 +365,21 @@ collectors:
   # -- This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead.
   docker:
     # -- Enable Docker support.
-    enabled: true
+    enabled: false
     # -- The path of the Docker daemon socket.
     socket: /var/run/docker.sock
 
   # -- This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead.
   containerd:
     # -- Enable ContainerD support.
-    enabled: true
+    enabled: false
     # -- The path of the ContainerD socket.
-    socket: /run/containerd/containerd.sock
+    socket: /run/host-containerd/containerd.sock
 
   # -- This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead.
   crio:
     # -- Enable CRI-O support.
-    enabled: true
+    enabled: false
     # -- The path of the CRI-O socket.
     socket: /run/crio/crio.sock
 
@@ -389,10 +389,10 @@ collectors:
   # Keep in mind that the old collectors (docker, containerd, crio, podman) will use the container plugin to collect metadata under the hood.
   containerEngine:
     # -- Enable Container Engine support.
-    enabled: false
+    enabled: true
     # -- pluginRef is the OCI reference for the container plugin. It could be a full reference such as
-    # "ghcr.io/falcosecurity/plugins/plugin/container:0.3.1". Or just name + tag: container:0.3.1.
-    pluginRef: "ghcr.io/falcosecurity/plugins/plugin/container:0.3.1"
+    # "ghcr.io/falcosecurity/plugins/plugin/container:0.3.5". Or just name + tag: container:0.3.5.
+    pluginRef: "ghcr.io/falcosecurity/plugins/plugin/container:0.3.5"
     # -- labelMaxLen is the maximum length of the labels that can be used in the container plugin.
     # container labels larger than this value won't be collected.
     labelMaxLen: 100
@@ -401,6 +401,8 @@ collectors:
     # -- hooks specify the hooks that will be used to collect metadata from the container engine.
     # The available hooks are: create, start.
     hooks: ["create"]
+    # -- engines specify the container engines that will be used to collect metadata.
+    # See https://github.com/falcosecurity/plugins/blob/main/plugins/container/README.md#configuration
     engines:
       docker:
         enabled: true
@@ -410,10 +412,16 @@ collectors:
         sockets: ["/run/podman/podman.sock"]
       containerd:
         enabled: true
-        sockets: ["/run/containerd/containerd.sock"]
+        sockets: ["/run/host-containerd/containerd.sock"]
       cri:
         enabled: true
-        sockets: ["/run/crio/crio.sock"]
+        sockets:
+          [
+            "/run/containerd/containerd.sock",
+            "/run/crio/crio.sock",
+            "/run/k3s/containerd/containerd.sock",
+            "/run/host-containerd/containerd.sock",
+          ]
       lxc:
         enabled: true
       libvirt_lxc:
@@ -435,7 +443,7 @@ collectors:
     enabled: false
     # --pluginRef is the OCI reference for the k8smeta plugin. It could be a full reference such as:
     # "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.1.0". Or just name + tag: k8smeta:0.1.0.
-    pluginRef: "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.3.0"
+    pluginRef: "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.3.1"
     # -- collectorHostname is the address of the k8s-metacollector. When not specified it will be set to match
     # k8s-metacollector service. e.x: falco-k8smetacollecto.falco.svc. If for any reason you need to override
     # it, make sure to set here the address of the k8s-metacollector.