From 3ad5e5ef189af7008b9c4af7f3daff9ca5ad829a Mon Sep 17 00:00:00 2001 From: afreyermuth98 Date: Tue, 10 Sep 2024 17:08:01 +0200 Subject: [PATCH 1/2] :wrench: Add possibility to add annotations to the metrics service --- charts/falco/templates/service.yaml | 2 ++ charts/falco/values.yaml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/charts/falco/templates/service.yaml b/charts/falco/templates/service.yaml index d2093ec22..2f4c5fc15 100644 --- a/charts/falco/templates/service.yaml +++ b/charts/falco/templates/service.yaml @@ -7,6 +7,8 @@ metadata: labels: {{- include "falco.labels" . | nindent 4 }} type: "falco-metrics" + annotations: + {{- include ".Values.metrics.service.annotations" . | nindent 4 }} spec: type: {{ .Values.metrics.service.type }} ports: diff --git a/charts/falco/values.yaml b/charts/falco/values.yaml index bd8f2a61a..d7d55ac4e 100644 --- a/charts/falco/values.yaml +++ b/charts/falco/values.yaml @@ -248,6 +248,8 @@ metrics: # -- type denotes the service type. Setting it to "ClusterIP" we ensure that are accessible # from within the cluster. type: ClusterIP + # -- annotations to add to the service. + annotations: {} # -- ports denotes all the ports on which the Service will listen. ports: # -- metrics denotes a listening service named "metrics". From 14ab8c9443b186529f61b131d2a4e00d278fff3f Mon Sep 17 00:00:00 2001 From: afreyermuth98 Date: Tue, 10 Sep 2024 17:27:08 +0200 Subject: [PATCH 2/2] :wrench: Reviews --- charts/falco/CHANGELOG.md | 4 ++++ charts/falco/Chart.yaml | 2 +- charts/falco/README.md | 8 +++++--- charts/falco/templates/service.yaml | 1 + charts/falco/values.yaml | 2 ++ 5 files changed, 13 insertions(+), 4 deletions(-) diff --git a/charts/falco/CHANGELOG.md b/charts/falco/CHANGELOG.md index f4d7a5004..962ee210a 100644 --- a/charts/falco/CHANGELOG.md +++ b/charts/falco/CHANGELOG.md @@ -3,6 +3,10 @@ This file documents all notable changes to Falco Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v4.8.2 + +* feat(falco): add labels and annotations to the metrics service + ## v4.8.1 * fix(falcosidekick): add support for custom service type for webui redis diff --git a/charts/falco/Chart.yaml b/charts/falco/Chart.yaml index 3ba5991dc..734ce0c46 100644 --- a/charts/falco/Chart.yaml +++ b/charts/falco/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: falco -version: 4.8.1 +version: 4.8.2 appVersion: "0.38.2" description: Falco keywords: diff --git a/charts/falco/README.md b/charts/falco/README.md index 65fe77f79..1df59c08c 100644 --- a/charts/falco/README.md +++ b/charts/falco/README.md @@ -581,7 +581,7 @@ If you use a Proxy in your cluster, the requests between `Falco` and `Falcosidek ## Configuration -The following table lists the main configurable parameters of the falco chart v4.8.1 and their default values. See [values.yaml](./values.yaml) for full list. +The following table lists the main configurable parameters of the falco chart v4.8.2 and their default values. See [values.yaml](./values.yaml) for full list. ## Values @@ -740,7 +740,7 @@ The following table lists the main configurable parameters of the falco chart v4 | image.repository | string | `"falcosecurity/falco-no-driver"` | The image repository to pull from | | image.tag | string | `""` | The image tag to pull. Overrides the image tag whose default is the chart appVersion. | | imagePullSecrets | list | `[]` | Secrets containing credentials when pulling from private/secure registries. | -| metrics | object | `{"convertMemoryToMB":true,"enabled":false,"includeEmptyValues":false,"interval":"1h","kernelEventCountersEnabled":true,"libbpfStatsEnabled":true,"outputRule":false,"resourceUtilizationEnabled":true,"rulesCountersEnabled":true,"service":{"create":true,"ports":{"metrics":{"port":8765,"protocol":"TCP","targetPort":8765}},"type":"ClusterIP"},"stateCountersEnabled":true}` | metrics configures Falco to enable and expose the metrics. | +| metrics | object | `{"convertMemoryToMB":true,"enabled":false,"includeEmptyValues":false,"interval":"1h","kernelEventCountersEnabled":true,"libbpfStatsEnabled":true,"outputRule":false,"resourceUtilizationEnabled":true,"rulesCountersEnabled":true,"service":{"annotations":{},"create":true,"labels":{},"ports":{"metrics":{"port":8765,"protocol":"TCP","targetPort":8765}},"type":"ClusterIP"},"stateCountersEnabled":true}` | metrics configures Falco to enable and expose the metrics. | | metrics.convertMemoryToMB | bool | `true` | convertMemoryToMB specifies whether the memory should be converted to mb. | | metrics.enabled | bool | `false` | enabled specifies whether the metrics should be enabled. | | metrics.includeEmptyValues | bool | `false` | includeEmptyValues specifies whether the empty values should be included in the metrics. | @@ -749,8 +749,10 @@ The following table lists the main configurable parameters of the falco chart v4 | metrics.outputRule | bool | `false` | outputRule enables seamless metrics and performance monitoring, we recommend emitting metrics as the rule "Falco internal: metrics snapshot". This option is particularly useful when Falco logs are preserved in a data lake. Please note that to use this option, the Falco rules config `priority` must be set to `info` at a minimum. | | metrics.resourceUtilizationEnabled | bool | `true` | resourceUtilizationEnabled`: Emit CPU and memory usage metrics. CPU usage is reported as a percentage of one CPU and can be normalized to the total number of CPUs to determine overall usage. Memory metrics are provided in raw units (`kb` for `RSS`, `PSS` and `VSZ` or `bytes` for `container_memory_used`) and can be uniformly converted to megabytes (MB) using the `convert_memory_to_mb` functionality. In environments such as Kubernetes when deployed as daemonset, it is crucial to track Falco's container memory usage. To customize the path of the memory metric file, you can create an environment variable named `FALCO_CGROUP_MEM_PATH` and set it to the desired file path. By default, Falco uses the file `/sys/fs/cgroup/memory/memory.usage_in_bytes` to monitor container memory usage, which aligns with Kubernetes' `container_memory_working_set_bytes` metric. Finally, we emit the overall host CPU and memory usages, along with the total number of processes and open file descriptors (fds) on the host, obtained from the proc file system unrelated to Falco's monitoring. These metrics help assess Falco's usage in relation to the server's workload intensity. | | metrics.rulesCountersEnabled | bool | `true` | rulesCountersEnabled specifies whether the counts for each rule should be emitted. | -| metrics.service | object | `{"create":true,"ports":{"metrics":{"port":8765,"protocol":"TCP","targetPort":8765}},"type":"ClusterIP"}` | service exposes the metrics service to be accessed from within the cluster. ref: https://kubernetes.io/docs/concepts/services-networking/service/ | +| metrics.service | object | `{"annotations":{},"create":true,"labels":{},"ports":{"metrics":{"port":8765,"protocol":"TCP","targetPort":8765}},"type":"ClusterIP"}` | service exposes the metrics service to be accessed from within the cluster. ref: https://kubernetes.io/docs/concepts/services-networking/service/ | +| metrics.service.annotations | object | `{}` | annotations to add to the service. | | metrics.service.create | bool | `true` | create specifies whether a service should be created. | +| metrics.service.labels | object | `{}` | labels to add to the service. | | metrics.service.ports | object | `{"metrics":{"port":8765,"protocol":"TCP","targetPort":8765}}` | ports denotes all the ports on which the Service will listen. | | metrics.service.ports.metrics | object | `{"port":8765,"protocol":"TCP","targetPort":8765}` | metrics denotes a listening service named "metrics". | | metrics.service.ports.metrics.port | int | `8765` | port is the port on which the Service will listen. | diff --git a/charts/falco/templates/service.yaml b/charts/falco/templates/service.yaml index 2f4c5fc15..19e8313a2 100644 --- a/charts/falco/templates/service.yaml +++ b/charts/falco/templates/service.yaml @@ -6,6 +6,7 @@ metadata: namespace: {{ include "falco.namespace" . }} labels: {{- include "falco.labels" . | nindent 4 }} + {{- include ".Values.metrics.service.labels" . | nindent 4 }} type: "falco-metrics" annotations: {{- include ".Values.metrics.service.annotations" . | nindent 4 }} diff --git a/charts/falco/values.yaml b/charts/falco/values.yaml index d7d55ac4e..1e006825d 100644 --- a/charts/falco/values.yaml +++ b/charts/falco/values.yaml @@ -248,6 +248,8 @@ metrics: # -- type denotes the service type. Setting it to "ClusterIP" we ensure that are accessible # from within the cluster. type: ClusterIP + # -- labels to add to the service. + labels: {} # -- annotations to add to the service. annotations: {} # -- ports denotes all the ports on which the Service will listen.