wip: add helm chart #15
Conversation
* [stable/falco] Add Falco chart * Fix indentation and other stuff reported by CI * Add appVersion to Chart.yaml * Specify container resources * Allow to load external Falco rules * Move GCSCC integrations to a top level integrations section We can correlate falco.* keys for falco related settings, and refer them in Falco Wiki * Rename deployment to fakeEventGenerator First one is too generic * Add OWNERS file * Separate rbac and serviceAccount Follow RBAC best practices: https://github.com/kubernetes/helm/blob/master/docs/chart_best_practices/rbac.md * Use falco.serviceAccount name template for cluster role binding * Fixes required from reviewer * Allow passing rules in an external file instead of editing configMap by hand * Remove quotes from Chart version I'm not sure if this break lint stage in CircleCI * Update Chart.yaml
* [stable/falco] Fix some small typos Fix some small typos * Add version 0.1.1 Add version 0.1.1
* Update value of bufferedOutputs in configmap documentation * Add NATS output integration for Sysdig Falco * Add a change log
* Add eBPF support for Falco in Helm Chart * Add a more fine grained settings for eBPF stuff
Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: cpanato <[email protected]>
* Add Amazon SNS integration This allows Falco to publish alerts to a SNS topic Signed-off-by: Néstor Salceda <[email protected]> * Fix build and add entry to the CHANGELOG Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: Diego Lendoiro <[email protected]>
Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: Néstor Salceda <[email protected]>
* use version 0.13.0 instead of latest Signed-off-by: cpanato <[email protected]> * udpate changelog Signed-off-by: cpanato <[email protected]>
* update correct exemple Signed-off-by: Daniel BERUBEN <[email protected]> * Signed-off-by: Daniel BERUBEN <[email protected]> * bump chart version Signed-off-by: Daniel BERUBEN <[email protected]> * update CHANGELOG Signed-off-by: Daniel BERUBEN <[email protected]> * update space Signed-off-by: Daniel BERUBEN <[email protected]> �:q! * remove space Signed-off-by: Daniel BERUBEN <[email protected]> �:x * space Signed-off-by: Daniel BERUBEN <[email protected]> �:x
Signed-off-by: Cameron Attard <[email protected]>
* Upgrade to Falco 0.14.0 Signed-off-by: Néstor Salceda <[email protected]> * Enable eBPF by default on Falco builds Signed-off-by: Néstor Salceda <[email protected]> * Allow to specify images from different registries than `docker.io` Signed-off-by: Néstor Salceda <[email protected]> * Upgrade Chart version to a minor one because eBPF default value Signed-off-by: Néstor Salceda <[email protected]> * Use RollingUpgrade strategy by default Signed-off-by: Néstor Salceda <[email protected]> * Provide a sane defaults for resources Signed-off-by: Néstor Salceda <[email protected]> * Update CHANGELOG entries Signed-off-by: Néstor Salceda <[email protected]> * Add minor / major categorization to changelog Signed-off-by: Néstor Salceda <[email protected]>
* Disable ebpf by default This reverts the change made on 0.6.0 Signed-off-by: Néstor Salceda <[email protected]> * Specify in CHANGELOG that we are reverting the previous change. The vast majority of our users are using the kernel module approach and we can cause some troubles with this change. Signed-off-by: Néstor Salceda <[email protected]> * Explain WHY we activated the ebpf module by default Signed-off-by: Néstor Salceda <[email protected]>
* [stable/falco] Add GCloud PubSub integration * Add GCloud PubSub integration This allows Falco to publish alerts to a PubSub topic Signed-off-by: Federico Barcelona <[email protected]> * [stable/falco] Fix values to follow naming conventions Signed-off-by: Federico Barcelona <[email protected]> * [stable/falco] Changes requested in the PR - Follow naming conventions - Use only one secret instead of two different ones Signed-off-by: Federico Barcelona <[email protected]>
Signed-off-by: Federico Barcelona <[email protected]>
Signed-off-by: Néstor Salceda <[email protected]>
Instead of hardcoding or relying in DNS, use this method. Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: Néstor Salceda <[email protected]>
* [stable/falco] make the container runtime socket configurable Co-authored-by: Leonardo Di Donato <[email protected]> Signed-off-by: Lorenzo Fontana <[email protected]> * [stable/falco]: update to falco 0.15.0 with cri-o and containerd support Signed-off-by: Lorenzo Fontana <[email protected]> Co-Authored-By: Leonardo Di Donato <[email protected]> Signed-off-by: Lorenzo Fontana <[email protected]> * [stable/falco]: update changelog Signed-off-by: Lorenzo Fontana <[email protected]> Co-Authored-By: Leonardo Di Donato <[email protected]> * [stable/falco]: bump chart release to 0.7.6 Signed-off-by: Lorenzo Fontana <[email protected]> Co-Authored-By: Leonardo Di Donato <[email protected]>
* [stable/falco] Upgrade to Falco 0.15.1 Signed-off-by: Néstor Salceda <[email protected]> * Reflect values in README Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: Naoki Oketani <[email protected]>
* [stable/falco] Fix issues with timezone parameter inclusion. * Add it to values.yaml file * Add the ChangeLog entry Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Upgrade Falco to 0.15.3 Signed-off-by: Néstor Salceda <[email protected]>
…ation with Falco (#15020) Signed-off-by: Néstor Salceda <[email protected]>
Signed-off-by: Maxime VISONNEAU <[email protected]>
Signed-off-by: Néstor Salceda <[email protected]>
…_event_drops, time_format_iso8601 and httpOutput (#15361) * [stable/falco] Add a parameter to use ISO8601 formatted dates If true, the times displayed in log messages and output messages will be in ISO 8601. By default, times are displayed in the local time zone, as governed by /etc/localtime. Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Allow configuration for `syscall_event_drops` in falco.yaml Falco uses a shared buffer between the kernel and userspace to pass system call information. When falco detects that this buffer is full and system calls have been dropped, it can take one or more of the following actions: - "ignore": do nothing. If an empty list is provided, ignore is assumed. - "log": log a CRITICAL message noting that the buffer was full. - "alert": emit a falco alert noting that the buffer was full. - "exit": exit falco with a non-zero rc. The rate at which log/alert messages are emitted is governed by a token bucket. The rate corresponds to one message every 30 seconds with a burst of 10 messages. Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Enable httpOutput section from the configmap Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Add CHANGELOG entry for 0.8.0 This was not done in [its own PR](helm/charts#14813 (comment)) Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Bump version and add CHANGELOG entries Signed-off-by: Néstor Salceda <[email protected]>
* [stable/falco] Allow audit logging with Falco You can enable it on minikube with the following command: `helm install --name falco --set falco.webserver.enabled=true --set falco.webserver.clusterIP=10.96.0.100 stable/falco` The main problem is that minikube doesn't resolve the service from apiserver, so that you need to specify the clusterIP. https://github.com/falcosecurity/falco/blob/dev/examples/k8s_audit_config/README.md Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Apiserver don't resolve internal services That would be a layering violation so we are going to rely only con clusterIP and that parameter is required if we enable the webserver features. https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#url Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Document values and upgrade chart version This is an 1.0.0 version, which means that Helm chart is feature complete in terms of we provide same functionality that daemonset provides. It's time to celebrate! Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Add a section in README for explaining K8s audit event support Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Write the README in a more actionable way Telling all the history about the Falco implementation of Audit Event rules is a bit useless here. It can be found on the awesome Falco documentation. Here I would like to focus a bit more on chart users and show them how to enable Falco with the audit events feature. Signed-off-by: Néstor Salceda <[email protected]> * [stable/falco] Add instructions for choosing the clusterIP address And another option for not recognized resource is that we were using a K8s version previous to v1.13 Signed-off-by: Néstor Salceda <[email protected]>
* Make kernel module dir writable Signed-off-by: Salvatore Mazzarino <[email protected]> * Add CHANGELOG Signed-off-by: Salvatore Mazzarino <[email protected]>
…(#21436) * [stable/falco] add headless service for falco gRPC server Signed-off-by: Leonardo Grasso <[email protected]> * [stable/falco] gRPC certificates configuration Signed-off-by: Leonardo Grasso <[email protected]> * [stable/falco] Update CHANGELOG.md and bump version Signed-off-by: Leonardo Grasso <[email protected]>
* [stable/falco] upgrade agent and rules to 0.21.0 Signed-off-by: Cameron Attard <[email protected]> * [stable/falco] rename SYSDIG_BPF_PROBE to FALCO_BPF_PROBE Signed-off-by: Cameron Attard <[email protected]>
Signed-off-by: usamaahmadkhan <[email protected]>
…27e8c6a6284c90f' Commands run: (from helm/charts) git subtree split --prefix stable/falco/ git co <resulting sha> git co -b falco_split (from falcosecurity/contrib) git subtree add --prefix integrations/helm/ ../charts falco_split git-subtree-dir: integrations/helm git-subtree-mainline: da65d70 git-subtree-split: 5ef70d4 Signed-off-by: Spencer Krum <[email protected]>
|
Thanks for your pull request. Before we can look at it, you'll need to add a 'DCO signoff' to your commits. 📝 Please follow instructions in the contributing guide to update your commits with the DCO Full details of the Developer Certificate of Origin can be found at developercertificate.org. The list of commits missing DCO signoff:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
@nibalizer: There is not a label identifying the kind of this PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
Welcome @nibalizer! It looks like this is your first PR to falcosecurity/contrib 🎉 |
|
/kind wip |
|
This is pulled from https://github.com/helm/charts which is Apache 2.0. License. Re Poiana above: there are six commits it detected without dco signoff. I believe none of these are a cause for concern. Five are from @nestorsalceda and one is extremely trivial. helm/charts#5853 (nestor) |
Then we also need to update the documentation on our website |
|
Sign-off can be also added from other people (just rebase and edit those commits) if @nestorsalceda does not mind :) |
| @@ -0,0 +1,6 @@ | |||
| approvers: | |||
| - bencer | |||
| - nestorsalceda | |||
There was a problem hiding this comment.
It seems @nestorsalceda can't dedicate effort to this atm (sadly) (comment here).
So we should remove him from here, but I strongly think he should be left as a reviewer since he's the author of the Helm.
There was a problem hiding this comment.
Also, in this file we should add other people that expressed the will to maintain and evolve it. Ie., @nibalizer
|
I can incorporate. Are we thinking this goes in |
Not sure. We should also think about how to migrate the current chart from the helm repo to here. Do you have a plan already? |
|
Seems like this should go in the charts repo |
|
Hey - overall this PR looks great - let's get it merged. Can we PR this change to https://github.com/falcosecurity/charts? I just set that repo up and we can begin hosting the charts there. Especially once the unix socket work goes into play :) |
|
Moved to falcosecurity/charts#1 |
This is probably pending discussion in #12 and possibly falco/1184 and #14
Before it does anything it will also need us to make a helm-chart index/repository (static site with a specific file) and a PR into helm/hub to light that up