From f8a2bf9d1d22078b57bde3939995af47155135a2 Mon Sep 17 00:00:00 2001 From: Aldo Lacuku Date: Fri, 8 Nov 2024 17:05:45 +0100 Subject: [PATCH 1/3] chore(falco/k8smeta): bump plugin version Signed-off-by: Aldo Lacuku --- charts/falco/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/falco/values.yaml b/charts/falco/values.yaml index b795b2cdc..60d4021aa 100644 --- a/charts/falco/values.yaml +++ b/charts/falco/values.yaml @@ -392,7 +392,7 @@ collectors: enabled: false # --pluginRef is the OCI reference for the k8smeta plugin. It could be a full reference such as: # "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.1.0". Or just name + tag: k8smeta:0.1.0. - pluginRef: "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.2.0" + pluginRef: "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.2.1" # -- collectorHostname is the address of the k8s-metacollector. When not specified it will be set to match # k8s-metacollector service. e.x: falco-k8smetacollecto.falco.svc. If for any reason you need to override # it, make sure to set here the address of the k8s-metacollector. From 96ce8aa4f441ed1cc574e89b3b3bf793c0bec722 Mon Sep 17 00:00:00 2001 From: Aldo Lacuku Date: Fri, 8 Nov 2024 17:16:02 +0100 Subject: [PATCH 2/3] chore(falco/test): update unit tests to reflect changes in k8smeta tag Signed-off-by: Aldo Lacuku --- charts/falco/tests/unit/k8smetacollectorDependency_test.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/falco/tests/unit/k8smetacollectorDependency_test.go b/charts/falco/tests/unit/k8smetacollectorDependency_test.go index 65859e672..f06ea4d4e 100644 --- a/charts/falco/tests/unit/k8smetacollectorDependency_test.go +++ b/charts/falco/tests/unit/k8smetacollectorDependency_test.go @@ -543,7 +543,7 @@ func TestFalcoctlRefs(t *testing.T) { refs := artifactConfig["install"].(map[string]interface{})["refs"].([]interface{}) require.Len(t, refs, 2) require.True(t, slices.Contains(refs, "falco-rules:3")) - require.True(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.2.0")) + require.True(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.2.1")) } testCases := []struct { From 5ba6845eae89760a2af023d654c62312af3efe93 Mon Sep 17 00:00:00 2001 From: Aldo Lacuku Date: Fri, 8 Nov 2024 17:16:27 +0100 Subject: [PATCH 3/3] chore(falco/k8smeta): bump chart version Signed-off-by: Aldo Lacuku --- charts/falco/CHANGELOG.md | 3 +++ charts/falco/Chart.yaml | 2 +- charts/falco/README.md | 6 +++--- 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/charts/falco/CHANGELOG.md b/charts/falco/CHANGELOG.md index ad4f9456e..6463802ef 100644 --- a/charts/falco/CHANGELOG.md +++ b/charts/falco/CHANGELOG.md @@ -3,6 +3,9 @@ This file documents all notable changes to Falco Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v4.14.0 +* Bump k8smeta plugin to 0.2.1, see: https://github.com/falcosecurity/plugins/releases/tag/plugins%2Fk8smeta%2Fv0.2.1 + ## v4.13.0 * Expose new config entries for k8smeta plugin:`verbosity` and `hostProc`. diff --git a/charts/falco/Chart.yaml b/charts/falco/Chart.yaml index 95a23a68b..98e162072 100644 --- a/charts/falco/Chart.yaml +++ b/charts/falco/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: falco -version: 4.13.0 +version: 4.14.0 appVersion: "0.39.1" description: Falco keywords: diff --git a/charts/falco/README.md b/charts/falco/README.md index 27ae6b0e2..d3dad5985 100644 --- a/charts/falco/README.md +++ b/charts/falco/README.md @@ -581,7 +581,7 @@ If you use a Proxy in your cluster, the requests between `Falco` and `Falcosidek ## Configuration -The following table lists the main configurable parameters of the falco chart v4.13.0 and their default values. See [values.yaml](./values.yaml) for full list. +The following table lists the main configurable parameters of the falco chart v4.14.0 and their default values. See [values.yaml](./values.yaml) for full list. ## Values @@ -602,11 +602,11 @@ The following table lists the main configurable parameters of the falco chart v4 | collectors.docker.enabled | bool | `true` | Enable Docker support. | | collectors.docker.socket | string | `"/var/run/docker.sock"` | The path of the Docker daemon socket. | | collectors.enabled | bool | `true` | Enable/disable all the metadata collectors. | -| collectors.kubernetes | object | `{"collectorHostname":"","collectorPort":"","enabled":false,"hostProc":"/host","pluginRef":"ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.2.0","verbosity":"info"}` | kubernetes holds the configuration for the kubernetes collector. Starting from version 0.37.0 of Falco, the legacy kubernetes client has been removed. A new standalone component named k8s-metacollector and a Falco plugin have been developed to solve the issues that were present in the old implementation. More info here: https://github.com/falcosecurity/falco/issues/2973 | +| collectors.kubernetes | object | `{"collectorHostname":"","collectorPort":"","enabled":false,"hostProc":"/host","pluginRef":"ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.2.1","verbosity":"info"}` | kubernetes holds the configuration for the kubernetes collector. Starting from version 0.37.0 of Falco, the legacy kubernetes client has been removed. A new standalone component named k8s-metacollector and a Falco plugin have been developed to solve the issues that were present in the old implementation. More info here: https://github.com/falcosecurity/falco/issues/2973 | | collectors.kubernetes.collectorHostname | string | `""` | collectorHostname is the address of the k8s-metacollector. When not specified it will be set to match k8s-metacollector service. e.x: falco-k8smetacollecto.falco.svc. If for any reason you need to override it, make sure to set here the address of the k8s-metacollector. It is used by the k8smeta plugin to connect to the k8s-metacollector. | | collectors.kubernetes.collectorPort | string | `""` | collectorPort designates the port on which the k8s-metacollector gRPC service listens. If not specified the value of the port named `broker-grpc` in k8s-metacollector.service.ports is used. The default values is 45000. It is used by the k8smeta plugin to connect to the k8s-metacollector. | | collectors.kubernetes.enabled | bool | `false` | enabled specifies whether the Kubernetes metadata should be collected using the k8smeta plugin and the k8s-metacollector component. It will deploy the k8s-metacollector external component that fetches Kubernetes metadata and pushes them to Falco instances. For more info see: https://github.com/falcosecurity/k8s-metacollector https://github.com/falcosecurity/charts/tree/master/charts/k8s-metacollector When this option is disabled, Falco falls back to the container annotations to grab the metadata. In such a case, only the ID, name, namespace, labels of the pod will be available. | -| collectors.kubernetes.pluginRef | string | `"ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.2.0"` | pluginRef is the OCI reference for the k8smeta plugin. It could be a full reference such as: "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.1.0". Or just name + tag: k8smeta:0.1.0. | +| collectors.kubernetes.pluginRef | string | `"ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.2.1"` | pluginRef is the OCI reference for the k8smeta plugin. It could be a full reference such as: "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.1.0". Or just name + tag: k8smeta:0.1.0. | | containerSecurityContext | object | `{}` | Set securityContext for the Falco container.For more info see the "falco.securityContext" helper in "pod-template.tpl" | | controller.annotations | object | `{}` | | | controller.daemonset.updateStrategy.type | string | `"RollingUpdate"` | Perform rolling updates by default in the DaemonSet agent ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ |