From 3204455a0e12a478cf9252da2092a826368a590c Mon Sep 17 00:00:00 2001 From: Thomas Labarussias Date: Wed, 27 Nov 2024 19:56:58 +0100 Subject: [PATCH] upgrade to falcosidekick 2.30.0 Signed-off-by: Thomas Labarussias --- .lycheeignore | 3 +- charts/falcosidekick/CHANGELOG.md | 4 ++ charts/falcosidekick/Chart.yaml | 4 +- charts/falcosidekick/README.md | 37 +++++++++-- charts/falcosidekick/templates/secrets.yaml | 74 +++++++++++++++------ charts/falcosidekick/values.yaml | 69 ++++++++++++++++--- 6 files changed, 151 insertions(+), 40 deletions(-) diff --git a/.lycheeignore b/.lycheeignore index 2dbe57a0a..3fddc1fb3 100644 --- a/.lycheeignore +++ b/.lycheeignore @@ -18,4 +18,5 @@ https://some.url/some/path/ http://localhost:8765/versions https://environmentid.live.dynatrace.com/api https://yourdomain/e/ENVIRONMENTID/api -http://falco-talon:2803 \ No newline at end of file +http://falco-talon:2803 +https://http-intake.logs.datadoghq.com/ \ No newline at end of file diff --git a/charts/falcosidekick/CHANGELOG.md b/charts/falcosidekick/CHANGELOG.md index f9f562d98..b5c6185fb 100644 --- a/charts/falcosidekick/CHANGELOG.md +++ b/charts/falcosidekick/CHANGELOG.md @@ -5,6 +5,10 @@ numbering uses [semantic versioning](http://semver.org). Before release 0.1.20, the helm chart can be found in `falcosidekick` [repository](https://github.com/falcosecurity/falcosidekick/tree/master/deploy/helm/falcosidekick). +## 0.9.0 + +- Ugrade to Falcosidekick 2.30.0 + ## 0.8.9 - Fix customConfig mount path for webui redis diff --git a/charts/falcosidekick/Chart.yaml b/charts/falcosidekick/Chart.yaml index dabc2ee49..74e47acdd 100644 --- a/charts/falcosidekick/Chart.yaml +++ b/charts/falcosidekick/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v1 -appVersion: 2.29.0 +appVersion: 2.30.0 description: Connect Falco to your ecosystem icon: https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png name: falcosidekick -version: 0.8.9 +version: 0.9.0 keywords: - monitoring - security diff --git a/charts/falcosidekick/README.md b/charts/falcosidekick/README.md index d39c7a21d..b0792c6af 100644 --- a/charts/falcosidekick/README.md +++ b/charts/falcosidekick/README.md @@ -181,7 +181,7 @@ The following table lists the main configurable parameters of the Falcosidekick | config.alertmanager.expireafter | string | `""` | if set to a non-zero value, alert expires after that time in seconds (default: 0) | | config.alertmanager.extraannotations | string | `""` | comma separated list of annotations composed of a ':' separated name and value that is added to the Alerts. Example: my_annotation_1:my_value_1, my_annotation_1:my_value_2 | | config.alertmanager.extralabels | string | `""` | comma separated list of labels composed of a ':' separated name and value that is added to the Alerts. Example: my_label_1:my_value_1, my_label_1:my_value_2 | -| config.alertmanager.hostport | string | `""` | AlertManager , if not `empty`, AlertManager is *enabled* | +| config.alertmanager.hostport | string | `""` | Comma separated list of http://{domain or ip}:{port} that will all receive the payload, if not empty, Alertmanager output is enabled | | config.alertmanager.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.alertmanager.mutualtls | bool | `false` | if true, checkcert flag will be ignored (server cert will always be checked) | | config.aws.accesskeyid | string | `""` | AWS Access Key Id (optionnal if you use EC2 Instance Profile) | @@ -236,6 +236,10 @@ The following table lists the main configurable parameters of the Falcosidekick | config.datadog.apikey | string | `""` | Datadog API Key, if not `empty`, Datadog output is *enabled* | | config.datadog.host | string | `""` | Datadog host. Override if you are on the Datadog EU site. Defaults to american site with "" | | config.datadog.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | +| config.datadoglogs.apikey | string | `""` | Datadog API Key, if not empty, Datadog Logs output is enabled | +| config.datadoglogs.host | string | `""` | Datadog host. Override if you are on the Datadog EU site. Defaults to american site with "https://http-intake.logs.datadoghq.com/" | +| config.datadoglogs.minimumpriority | string | `""` | minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) | +| config.datadoglogs.service | string | `""` | The name of the application or service generating the log events. | | config.debug | bool | `false` | DEBUG environment variable | | config.discord.icon | string | `""` | Discord icon (avatar) | | config.discord.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | @@ -247,20 +251,28 @@ The following table lists the main configurable parameters of the Falcosidekick | config.dynatrace.apiurl | string | `""` | Dynatrace API url, use https://ENVIRONMENTID.live.dynatrace.com/api for Dynatrace SaaS and https://YOURDOMAIN/e/ENVIRONMENTID/api for Dynatrace Managed, more info : https://dt-url.net/ej43qge | | config.dynatrace.checkcert | bool | `true` | check if ssl certificate of the output is valid | | config.dynatrace.minimumpriority | string | `""` | minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" | +| config.elasticsearch.apikey | string | `""` | Use this APIKey to authenticate to Elasticsearch if the APIKey is not empty (default: "") | +| config.elasticsearch.batching | object | `{"batchsize":5242880,"enabled":true,"flushinterval":"1s"}` | batching configuration, improves throughput dramatically utilizing _bulk Elasticsearch API | +| config.elasticsearch.batching.batchsize | int | `5242880` | batch size in bytes (default: 5 MB) | +| config.elasticsearch.batching.enabled | bool | `true` | if true enables batching | +| config.elasticsearch.batching.flushinterval | string | `"1s"` | batch fush interval (default: 1s) | | config.elasticsearch.checkcert | bool | `true` | check if ssl certificate of the output is valid | | config.elasticsearch.createindextemplate | bool | `false` | Create an index template (default: false) | | config.elasticsearch.customheaders | string | `""` | a list of comma separated custom headers to add, syntax is "key:value,key:value" | +| config.elasticsearch.enablecompression | bool | `false` | if true enables gzip compression for http requests (default: false) | | config.elasticsearch.flattenfields | bool | `false` | Replace . by _ to avoid mapping conflicts, force to true if createindextemplate==true (default: false) | | config.elasticsearch.hostport | string | `""` | Elasticsearch , if not `empty`, Elasticsearch is *enabled* | | config.elasticsearch.index | string | `"falco"` | Elasticsearch index | +| config.elasticsearch.maxconcurrentrequests | int | `1` | max number of concurrent http requests (default: 1) | | config.elasticsearch.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.elasticsearch.mutualtls | bool | `false` | if true, checkcert flag will be ignored (server cert will always be checked) | | config.elasticsearch.numberofreplicas | int | `3` | Number of replicas set by the index template (default: 3) | | config.elasticsearch.numberofshards | int | `3` | Number of shards set by the index template (default: 3) | -| config.elasticsearch.password | string | `""` | use this password to authenticate to Elasticsearch if the password is not empty | -| config.elasticsearch.suffix | string | `"daily"` | | +| config.elasticsearch.password | string | `""` | Use this password to authenticate to Elasticsearch if the password is not empty | +| config.elasticsearch.pipeline | string | `""` | Optional ingest pipeline name | +| config.elasticsearch.suffix | string | `"daily"` | Date suffix for index rotation : daily, monthly, annually, none | | config.elasticsearch.type | string | `"_doc"` | Elasticsearch document type | -| config.elasticsearch.username | string | `""` | use this username to authenticate to Elasticsearch if the username is not empty | +| config.elasticsearch.username | string | `""` | Use this username to authenticate to Elasticsearch if the username is not empty | | config.existingSecret | string | `""` | Existing secret with configuration | | config.extraArgs | list | `[]` | Extra command-line arguments | | config.extraEnv | list | `[]` | Extra environment variables | @@ -411,6 +423,14 @@ The following table lists the main configurable parameters of the Falcosidekick | config.opsgenie.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.opsgenie.mutualtls | bool | `false` | if true, checkcert flag will be ignored (server cert will always be checked) | | config.opsgenie.region | `us` or `eu` | `""` | region of your domain | +| config.otlp.metrics.checkcert | bool | `true` | Set to false if you want to skip TLS certificate validation (only with https) (default: true) | +| config.otlp.metrics.endpoint | string | `""` | OTLP endpoint, typically in the form http{s}://{domain or ip}:4318/v1/metrics | +| config.otlp.metrics.extraattributes | string | `""` | Comma-separated list of fields to use as labels additionally to source, priority, rule, hostname, tags, k8s_ns_name, k8s_pod_name and custom_fields | +| config.otlp.metrics.extraenvvars | list | `[]` | Extra env vars (override the other settings) (default: "") | +| config.otlp.metrics.headers | string | `""` | List of headers to apply to all outgoing metrics in the form of "some-key=some-value,other-key=other-value" (default: "") | +| config.otlp.metrics.minimumpriority | string | `""` | Minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default: "") | +| config.otlp.metrics.protocol | string | `"grpc"` | OTLP transport protocol to be used for metrics data; it can be "grpc" or "http/protobuf" (default: "grpc") | +| config.otlp.metrics.timeout | int | `1000` | OTLP timeout for outgoing metrics in milliseconds (default: "" which uses SDK default: 10000) | | config.otlp.traces.checkcert | bool | `true` | check if ssl certificate of the output is valid | | config.otlp.traces.duration | int | `1000` | Artificial span duration in milliseconds (default: 1000) | | config.otlp.traces.endpoint | string | `""` | OTLP endpoint in the form of http://{domain or ip}:4318/v1/traces, if not empty, OTLP Traces output is enabled | @@ -419,7 +439,7 @@ The following table lists the main configurable parameters of the Falcosidekick | config.otlp.traces.minimumpriority | string | `""` | minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" | | config.otlp.traces.protocol | string | `""` | OTLP protocol http/json, http/protobuf, grpc (default: "" which uses SDK default: http/json) | | config.otlp.traces.synced | bool | `false` | Set to true if you want traces to be sent synchronously (default: false) | -| config.otlp.traces.timeout | string | `""` | OTLP timeout: timeout value in milliseconds (default: "" which uses SDK default: 10000) | +| config.otlp.traces.timeout | int | `1000` | OTLP timeout: timeout value in milliseconds (default: "" which uses SDK default: 10000) | | config.outputFieldFormat | string | `""` | | | config.pagerduty.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.pagerduty.region | string | `"us"` | Pagerduty Region, can be 'us' or 'eu' | @@ -513,6 +533,7 @@ The following table lists the main configurable parameters of the Falcosidekick | config.tekton.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.telegram.chatid | string | `""` | telegram Identifier of the shared chat | | config.telegram.checkcert | bool | `true` | check if ssl certificate of the output is valid | +| config.telegram.messagethreadid | string | `""` | Telegram individual chats within the group | | config.telegram.minimumpriority | string | `""` | minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" | | config.telegram.token | string | `""` | telegram bot authentication token | | config.templatedfields | string | `""` | a list of escaped comma separated Go templated fields to add to falco events, syntax is "key:template\,key:template" | @@ -543,6 +564,8 @@ The following table lists the main configurable parameters of the Falcosidekick | config.wavefront.flushintervalseconds | int | `1` | Wavefront flush interval in seconds. Defaults to 1 | | config.wavefront.metricname | string | `"falco.alert"` | Metric to be created in Wavefront. Defaults to falco.alert | | config.wavefront.minimumpriority | string | `"debug"` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | +| config.webex.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | +| config.webex.webhookurl | string | `""` | Webex WebhookURL, if not empty, Webex output is enabled | | config.webhook.address | string | `""` | Webhook address, if not empty, Webhook output is *enabled* | | config.webhook.checkcert | bool | `true` | check if ssl certificate of the output is valid | | config.webhook.customHeaders | string | `""` | a list of comma separated custom headers to add, syntax is "key:value\,key:value" | @@ -570,11 +593,11 @@ The following table lists the main configurable parameters of the Falcosidekick | extraVolumeMounts | list | `[]` | Extra volume mounts for sidekick deployment | | extraVolumes | list | `[]` | Extra volumes for sidekick deployment | | fullnameOverride | string | `""` | Override the name | -| image | object | `{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"falcosecurity/falcosidekick","tag":"2.29.0"}` | number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10) revisionHistoryLimit: 1 | +| image | object | `{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"falcosecurity/falcosidekick","tag":"2.30.0"}` | number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10) revisionHistoryLimit: 1 | | image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | image.registry | string | `"docker.io"` | The image registry to pull from | | image.repository | string | `"falcosecurity/falcosidekick"` | The image repository to pull from | -| image.tag | string | `"2.29.0"` | The image tag to pull | +| image.tag | string | `"2.30.0"` | The image tag to pull | | imagePullSecrets | list | `[]` | Secrets for the registry | | ingress.annotations | object | `{}` | Ingress annotations | | ingress.enabled | bool | `false` | Whether to create the ingress | diff --git a/charts/falcosidekick/templates/secrets.yaml b/charts/falcosidekick/templates/secrets.yaml index 1335ff784..70d9da771 100644 --- a/charts/falcosidekick/templates/secrets.yaml +++ b/charts/falcosidekick/templates/secrets.yaml @@ -54,11 +54,17 @@ data: TEAMS_ACTIVITYIMAGE: "{{ .Values.config.teams.activityimage | b64enc }}" TEAMS_MINIMUMPRIORITY: "{{ .Values.config.teams.minimumpriority | b64enc }}" - # Datadog Output + # Datadog (Events) Output DATADOG_APIKEY: "{{ .Values.config.datadog.apikey | b64enc }}" DATADOG_HOST: "{{ .Values.config.datadog.host | b64enc }}" DATADOG_MINIMUMPRIORITY: "{{ .Values.config.datadog.minimumpriority | b64enc }}" + # Datadog Logs Output + DATADOGLOGS_APIKEY: "{{ .Values.config.datadoglogs.apikey | b64enc }}" + DATADOGLOGS_HOST: "{{ .Values.config.datadoglogs.host | b64enc }}" + DATADOGLOGS_SERVICE: "{{ .Values.config.datadoglogs.service | b64enc }}" + DATADOGLOGS_MINIMUMPRIORITY: "{{ .Values.config.datadoglogs.minimumpriority | b64enc }}" + # AlertManager Output ALERTMANAGER_HOSTPORT: "{{ .Values.config.alertmanager.hostport | b64enc }}" ALERTMANAGER_ENDPOINT: "{{ .Values.config.alertmanager.endpoint | b64enc }}" @@ -179,17 +185,24 @@ data: ELASTICSEARCH_HOSTPORT: "{{ .Values.config.elasticsearch.hostport | b64enc }}" ELASTICSEARCH_INDEX: "{{ .Values.config.elasticsearch.index | b64enc }}" ELASTICSEARCH_TYPE: "{{ .Values.config.elasticsearch.type | b64enc }}" + ELASTICSEARCH_PIPELINE: "{{ .Values.config.elasticsearch.pipeline | b64enc }}" ELASTICSEARCH_SUFFIX: "{{ .Values.config.elasticsearch.suffix | b64enc }}" - ELASTICSEARCH_MINIMUMPRIORITY: "{{ .Values.config.elasticsearch.minimumpriority | b64enc }}" - ELASTICSEARCH_MUTUALTLS: "{{ .Values.config.elasticsearch.mutualtls | printf "%t" | b64enc }}" - ELASTICSEARCH_CHECKCERT: "{{ .Values.config.elasticsearch.checkcert | printf "%t" | b64enc }}" + ELASTICSEARCH_APIKEY: "{{ .Values.config.elasticsearch.apikey | b64enc }}" ELASTICSEARCH_USERNAME: "{{ .Values.config.elasticsearch.username | b64enc }}" ELASTICSEARCH_PASSWORD: "{{ .Values.config.elasticsearch.password | b64enc }}" ELASTICSEARCH_FLATTENFIELDS: "{{ .Values.config.elasticsearch.flattenfields | printf "%t" | b64enc }}" ELASTICSEARCH_CREATEINDEXTEMPLATE: "{{ .Values.config.elasticsearch.createindextemplate | printf "%t" | b64enc }}" + ELASTICSEARCH_ENABLECOMPRESSION: "{{ .Values.config.elasticsearch.enablecompression | printf "%t" | b64enc }}" + ELASTICSEARCH_MAXCONCURRENTREQUESTS: "{{ .Values.config.elasticsearch.maxconcurrentrequests | toString | b64enc }}" + ELASTICSEARCH_BATCHING_ENABLED: "{{ .Values.config.elasticsearch.batching.enabled | printf "%t" | b64enc }}" + ELASTICSEARCH_BATCHING_BATCHSIZE: "{{ .Values.config.elasticsearch.batching.batchsize | toString | b64enc }}" + ELASTICSEARCH_BATCHING_FLUSHINTERVAL: "{{ .Values.config.elasticsearch.batching.flushinterval | b64enc }}" ELASTICSEARCH_NUMBEROFSHARDS: "{{ .Values.config.elasticsearch.numberofshards | toString | b64enc }}" ELASTICSEARCH_NUMBEROFREPLICAS: "{{ .Values.config.elasticsearch.numberofreplicas | toString | b64enc }}" ELASTICSEARCH_CUSTOMHEADERS: "{{ .Values.config.elasticsearch.customheaders | b64enc }}" + ELASTICSEARCH_MUTUALTLS: "{{ .Values.config.elasticsearch.mutualtls | printf "%t" | b64enc }}" + ELASTICSEARCH_CHECKCERT: "{{ .Values.config.elasticsearch.checkcert | printf "%t" | b64enc }}" + ELASTICSEARCH_MINIMUMPRIORITY: "{{ .Values.config.elasticsearch.minimumpriority | b64enc }}" # Loki Output LOKI_HOSTPORT: "{{ .Values.config.loki.hostport | b64enc }}" @@ -220,11 +233,11 @@ data: STAN_MUTUALTLS: "{{ .Values.config.stan.mutualtls | printf "%t" | b64enc }}" STAN_CHECKCERT: "{{ .Values.config.stan.checkcert | printf "%t" | b64enc }}" - # Statsd + # Statsd Output STATSD_FORWARDER: "{{ .Values.config.statsd.forwarder | b64enc }}" STATSD_NAMESPACE: "{{ .Values.config.statsd.namespace | b64enc }}" - # Dogstatsd + # Dogstatsd Output DOGSTATSD_FORWARDER: "{{ .Values.config.dogstatsd.forwarder | b64enc }}" DOGSTATSD_NAMESPACE: "{{ .Values.config.dogstatsd.namespace | b64enc }}" DOGSTATSD_TAGS: "{{ .Values.config.dogstatsd.tags | b64enc }}" @@ -270,7 +283,7 @@ data: KUBELESS_MUTUALTLS: "{{ .Values.config.kubeless.mutualtls | printf "%t" | b64enc }}" KUBELESS_CHECKCERT: "{{ .Values.config.kubeless.checkcert | printf "%t" | b64enc }}" - # OpenFaaS + # OpenFaaS Output OPENFAAS_GATEWAYNAMESPACE: "{{ .Values.config.openfaas.gatewaynamespace | b64enc }}" OPENFAAS_GATEWAYSERVICE: "{{ .Values.config.openfaas.gatewayservice | b64enc }}" OPENFAAS_FUNCTIONNAME: "{{ .Values.config.openfaas.functionname | b64enc }}" @@ -346,14 +359,14 @@ data: KAFKAREST_MUTUALTLS: "{{ .Values.config.kafkarest.mutualtls | printf "%t" | b64enc}}" KAFKAREST_CHECKCERT: "{{ .Values.config.kafkarest.checkcert | printf "%t" | b64enc}}" - # Syslog + # Syslog Output SYSLOG_HOST: "{{ .Values.config.syslog.host | b64enc}}" SYSLOG_PORT: "{{ .Values.config.syslog.port | toString | b64enc}}" SYSLOG_PROTOCOL: "{{ .Values.config.syslog.protocol | b64enc}}" SYSLOG_FORMAT: "{{ .Values.config.syslog.format | b64enc}}" SYSLOG_MINIMUMPRIORITY: "{{ .Values.config.syslog.minimumpriority | b64enc}}" - # Zoho Cliq + # Zoho Cliq Output CLIQ_WEBHOOKURL: "{{ .Values.config.cliq.webhookurl | b64enc}}" CLIQ_ICON: "{{ .Values.config.cliq.icon | b64enc}}" CLIQ_USEEMOJI: "{{ .Values.config.cliq.useemoji | printf "%t" | b64enc}}" @@ -361,14 +374,14 @@ data: CLIQ_MESSAGEFORMAT: "{{ .Values.config.cliq.messageformat | b64enc}}" CLIQ_MINIMUMPRIORITY: "{{ .Values.config.cliq.minimumpriority | b64enc}}" - # Policy Reporter + # Policy Reporter Output POLICYREPORT_ENABLED: "{{ .Values.config.policyreport.enabled | printf "%t"| b64enc}}" POLICYREPORT_KUBECONFIG: "{{ .Values.config.policyreport.kubeconfig | b64enc}}" POLICYREPORT_MAXEVENTS: "{{ .Values.config.policyreport.maxevents | toString | b64enc}}" POLICYREPORT_PRUNEBYPRIORITY: "{{ .Values.config.policyreport.prunebypriority | printf "%t" | b64enc}}" POLICYREPORT_MINIMUMPRIORITY: "{{ .Values.config.policyreport.minimumpriority | b64enc}}" - # Node Red + # Node Red Output NODERED_ADDRESS: "{{ .Values.config.nodered.address | b64enc}}" NODERED_USER: "{{ .Values.config.nodered.user | b64enc}}" NODERED_PASSWORD: "{{ .Values.config.nodered.password | b64enc}}" @@ -376,7 +389,7 @@ data: NODERED_CHECKCERT: "{{ .Values.config.nodered.checkcert | printf "%t" | b64enc}}" NODERED_MINIMUMPRIORITY: "{{ .Values.config.nodered.minimumpriority | b64enc}}" - # MQTT + # MQTT Output MQTT_BROKER: "{{ .Values.config.mqtt.broker | b64enc}}" MQTT_TOPIC: "{{ .Values.config.mqtt.topic | b64enc}}" MQTT_QOS: "{{ .Values.config.mqtt.qos | toString | b64enc}}" @@ -386,7 +399,7 @@ data: MQTT_CHECKCERT: "{{ .Values.config.mqtt.checkcert | printf "%t" | b64enc}}" MQTT_MINIMUMPRIORITY: "{{ .Values.config.mqtt.minimumpriority | b64enc}}" - # Zincsearch + # Zincsearch Output ZINCSEARCH_HOSTPORT: "{{ .Values.config.zincsearch.hostport | b64enc}}" ZINCSEARCH_INDEX: "{{ .Values.config.zincsearch.index | b64enc}}" ZINCSEARCH_USERNAME: "{{ .Values.config.zincsearch.username | b64enc}}" @@ -394,19 +407,19 @@ data: ZINCSEARCH_CHECKCERT: "{{ .Values.config.zincsearch.checkcert | printf "%t" | b64enc}}" ZINCSEARCH_MINIMUMPRIORITY: "{{ .Values.config.zincsearch.minimumpriority | b64enc}}" - # Gotify + # Gotify Output GOTIFY_HOSTPORT: "{{ .Values.config.gotify.hostport | b64enc}}" GOTIFY_TOKEN: "{{ .Values.config.gotify.token | b64enc}}" GOTIFY_FORMAT: "{{ .Values.config.gotify.format | b64enc}}" GOTIFY_CHECKCERT: "{{ .Values.config.gotify.checkcert | printf "%t" | b64enc}}" GOTIFY_MINIMUMPRIORITY: "{{ .Values.config.gotify.minimumpriority | b64enc}}" - # Tekton + # Tekton Output TEKTON_EVENTLISTENER: "{{ .Values.config.tekton.eventlistener | b64enc}}" TEKTON_CHECKCERT: "{{ .Values.config.tekton.checkcert | printf "%t" | b64enc}}" TEKTON_MINIMUMPRIORITY: "{{ .Values.config.tekton.minimumpriority | b64enc}}" - # Spyderbat + # Spyderbat Output SPYDERBAT_ORGUID: "{{ .Values.config.spyderbat.orguid | b64enc}}" SPYDERBAT_APIKEY: "{{ .Values.config.spyderbat.apikey | b64enc}}" SPYDERBAT_APIURL: "{{ .Values.config.spyderbat.apiurl | b64enc}}" @@ -414,7 +427,7 @@ data: SPYDERBAT_SOURCEDESCRIPTION: "{{ .Values.config.spyderbat.sourcedescription | b64enc}}" SPYDERBAT_MINIMUMPRIORITY: "{{ .Values.config.spyderbat.minimumpriority | b64enc}}" - # TimescaleDB + # TimescaleDB Output TIMESCALEDB_HOST: "{{ .Values.config.timescaledb.host | b64enc}}" TIMESCALEDB_PORT: "{{ .Values.config.timescaledb.port | toString | b64enc}}" TIMESCALEDB_USER: "{{ .Values.config.timescaledb.user | b64enc}}" @@ -434,6 +447,7 @@ data: # TELEGRAM Output TELEGRAM_TOKEN: "{{ .Values.config.telegram.token | b64enc}}" TELEGRAM_CHATID: "{{ .Values.config.telegram.chatid | b64enc}}" + TELEGRAM_MESSAGE_THREAD_ID: "{{ .Values.config.telegram.messagethreadid | b64enc}}" TELEGRAM_MINIMUMPRIORITY: "{{ .Values.config.telegram.minimumpriority | b64enc}}" TELEGRAM_CHECKCERT: "{{ .Values.config.telegram.checkcert | printf "%t" | b64enc}}" @@ -455,13 +469,13 @@ data: OPENOBSERVE_STREAMNAME: "{{ .Values.config.openobserve.streamname | b64enc}}" OPENOBSERVE_MINIMUMPRIORITY: "{{ .Values.config.openobserve.minimumpriority | b64enc}}" - # Dynatrace + # Dynatrace Output DYNATRACE_APITOKEN: "{{ .Values.config.dynatrace.apitoken | b64enc}}" DYNATRACE_APIURL: "{{ .Values.config.dynatrace.apiurl | b64enc}}" DYNATRACE_CHECKCERT: "{{ .Values.config.dynatrace.checkcert | printf "%t" | b64enc}}" DYNATRACE_MINIMUMPRIORITY: "{{ .Values.config.dynatrace.minimumpriority | b64enc}}" - # OTLP Traces + # OTLP Traces Output OTLP_TRACES_ENDPOINT: "{{ .Values.config.otlp.traces.endpoint | b64enc}}" OTLP_TRACES_PROTOCOL: "{{ .Values.config.otlp.traces.protocol | b64enc}}" OTLP_TRACES_TIMEOUT: "{{ .Values.config.otlp.traces.timeout | toString | b64enc}}" @@ -470,8 +484,19 @@ data: OTLP_TRACES_DURATION: "{{ .Values.config.otlp.traces.duration | toString | b64enc}}" OTLP_TRACES_CHECKCERT: "{{ .Values.config.otlp.traces.checkcert | printf "%t" | b64enc}}" OTLP_TRACES_MINIMUMPRIORITY: "{{ .Values.config.otlp.traces.minimumpriority | b64enc}}" + # OTLP Metrics Output + OTLP_METRICS_ENDPOINT: "{{ .Values.config.otlp.metrics.endpoint | b64enc}}" + OTLP_METRICS_PROTOCOL: "{{ .Values.config.otlp.metrics.protocol | b64enc}}" + OTLP_METRICS_TIMEOUT: "{{ .Values.config.otlp.metrics.timeout | toString | b64enc}}" + OTLP_METRICS_HEADERS: "{{ .Values.config.otlp.metrics.headers | b64enc}}" + OTLP_METRICS_EXTRAATTRIBUTES: "{{ .Values.config.otlp.metrics.extraattributes | b64enc}}" + {{- range $key, $value := .Values.config.otlp.metrics.extraenvvars }} + {{ $key }}: "{{ $value | b64enc }}" + {{- end }} + OTLP_METRICS_CHECKCERT: "{{ .Values.config.otlp.metrics.checkcert | printf "%t" | b64enc}}" + OTLP_METRICS_MINIMUMPRIORITY: "{{ .Values.config.otlp.metrics.minimumpriority | b64enc}}" - # Sumologic + # Sumologic Output SUMOLOGIC_RECEIVERURL: "{{ .Values.config.sumologic.receiverURL | b64enc}}" SUMOLOGIC_SOURCECATEGORY: "{{ .Values.config.sumologic.sourceCategory | b64enc}}" SUMOLOGIC_SOURCEHOST: "{{ .Values.config.sumologic.sourceHost | b64enc}}" @@ -479,7 +504,7 @@ data: SUMOLOGIC_CHECKCERT: "{{ .Values.config.sumologic.checkcert | printf "%t" | b64enc}}" SUMOLOGIC_MINIMUMPRIORITY: "{{ .Values.config.sumologic.minimumpriority | b64enc}}" - # Quickwit + # Quickwit Output QUICKWIT_HOSTPORT: "{{ .Values.config.quickwit.hostport | b64enc}}" QUICKWIT_APIENDPOINT: "{{ .Values.config.quickwit.apiendpoint | b64enc}}" QUICKWIT_INDEX: "{{ .Values.config.quickwit.index | b64enc}}" @@ -490,7 +515,12 @@ data: QUICKWIT_MUTUALTLS: "{{ .Values.config.quickwit.mutualtls | printf "%t" | b64enc}}" QUICKWIT_MINIMUMPRIORITY: "{{ .Values.config.quickwit.minimumpriority | b64enc}}" - # Talon + # Webex Output + WEBEX_WEBHOOKURL: "{{ .Values.config.webex.webhookurl | b64enc}}" + WEBEX_CHECKCERT: "{{ .Values.config.webex.checkcert | printf "%t" | b64enc}}" + WEBEX_MINIMUMPRIORITY: "{{ .Values.config.webex.minimumpriority | b64enc}}" + + # Talon Output TALON_ADDRESS: "{{ .Values.config.talon.address | b64enc}}" TALON_CHECKCERT: "{{ .Values.config.talon.checkcert | printf "%t" | b64enc}}" TALON_MINIMUMPRIORITY: "{{ .Values.config.talon.minimumpriority | b64enc}}" diff --git a/charts/falcosidekick/values.yaml b/charts/falcosidekick/values.yaml index 9ee46da42..4ef0e6b5e 100644 --- a/charts/falcosidekick/values.yaml +++ b/charts/falcosidekick/values.yaml @@ -14,7 +14,7 @@ image: # -- The image repository to pull from repository: falcosecurity/falcosidekick # -- The image tag to pull - tag: 2.29.0 + tag: 2.30.0 # -- The image pull policy pullPolicy: IfNotPresent @@ -240,13 +240,23 @@ config: datadog: # -- Datadog API Key, if not `empty`, Datadog output is *enabled* apikey: "" + # -- Datadog host. Override if you are on the Datadog EU site. Defaults to american site with "" + host: "" # -- minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` minimumpriority: "" - # -- Datadog host. Override if you are on the Datadog EU site. Defaults to american site with "" + + datadoglogs: + # -- Datadog API Key, if not empty, Datadog Logs output is enabled + apikey: "" + # -- Datadog host. Override if you are on the Datadog EU site. Defaults to american site with "https://http-intake.logs.datadoghq.com/" host: "" + # -- The name of the application or service generating the log events. + service: "" + # -- minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) + minimumpriority: "" alertmanager: - # -- AlertManager , if not `empty`, AlertManager is *enabled* + # -- Comma separated list of http://{domain or ip}:{port} that will all receive the payload, if not empty, Alertmanager output is enabled hostport: "" # -- alertmanager endpoint on which falcosidekick posts alerts, choice is: `"/api/v1/alerts" or "/api/v2/alerts" , default is "/api/v1/alerts"` endpoint: "/api/v1/alerts" @@ -276,11 +286,15 @@ config: index: "falco" # -- Elasticsearch document type type: "_doc" - # date suffix for index rotation : daily, monthly, annually, none + # -- Optional ingest pipeline name + pipeline: "" + # -- Date suffix for index rotation : daily, monthly, annually, none suffix: "daily" - # -- use this username to authenticate to Elasticsearch if the username is not empty + # -- Use this APIKey to authenticate to Elasticsearch if the APIKey is not empty (default: "") + apikey: "" + # -- Use this username to authenticate to Elasticsearch if the username is not empty username: "" - # -- use this password to authenticate to Elasticsearch if the password is not empty + # -- Use this password to authenticate to Elasticsearch if the password is not empty password: "" # -- Replace . by _ to avoid mapping conflicts, force to true if createindextemplate==true (default: false) flattenfields: false @@ -296,6 +310,18 @@ config: mutualtls: false # -- check if ssl certificate of the output is valid checkcert: true + # -- if true enables gzip compression for http requests (default: false) + enablecompression: false + # -- max number of concurrent http requests (default: 1) + maxconcurrentrequests: 1 + # -- batching configuration, improves throughput dramatically utilizing _bulk Elasticsearch API + batching: + # -- if true enables batching + enabled: true + # -- batch size in bytes (default: 5 MB) + batchsize: 5242880 + # -- batch fush interval (default: 1s) + flushinterval: 1s # -- minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` minimumpriority: "" @@ -914,6 +940,8 @@ config: token: "" # -- telegram Identifier of the shared chat chatid: "" + # -- Telegram individual chats within the group + messagethreadid: "" # -- check if ssl certificate of the output is valid checkcert: true # -- minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" @@ -972,7 +1000,7 @@ config: # -- OTLP protocol http/json, http/protobuf, grpc (default: "" which uses SDK default: http/json) protocol: "" # -- OTLP timeout: timeout value in milliseconds (default: "" which uses SDK default: 10000) - timeout: "" + timeout: 1000 # -- OTLP headers: list of headers to apply to all outgoing traces in the form of "some-key=some-value,other-key=other-value" (default: "") headers: "" # -- Set to true if you want traces to be sent synchronously (default: false) @@ -983,10 +1011,29 @@ config: extraenvvars: {} # OTEL_EXPORTER_OTLP_TRACES_TIMEOUT: 10000 # OTEL_EXPORTER_OTLP_TIMEOUT: 10000 + # -- check if ssl certificate of the output is valid + checkcert: true # -- minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" minimumpriority: "" - # -- check if ssl certificate of the output is valid + metrics: + # -- OTLP endpoint, typically in the form http{s}://{domain or ip}:4318/v1/metrics + endpoint: "" + # -- OTLP transport protocol to be used for metrics data; it can be "grpc" or "http/protobuf" (default: "grpc") + protocol: "grpc" + # -- OTLP timeout for outgoing metrics in milliseconds (default: "" which uses SDK default: 10000) + timeout: 1000 + # -- List of headers to apply to all outgoing metrics in the form of "some-key=some-value,other-key=other-value" (default: "") + headers: "" + # -- Extra env vars (override the other settings) (default: "") + extraenvvars: [] + # - OTEL_EXPORTER_OTLP_METRICS_TIMEOUT: 10000 + # - OTEL_EXPORTER_OTLP_TIMEOUT: 10000 + # -- Comma-separated list of fields to use as labels additionally to source, priority, rule, hostname, tags, k8s_ns_name, k8s_pod_name and custom_fields + extraattributes: "" + # -- Set to false if you want to skip TLS certificate validation (only with https) (default: true) checkcert: true + # -- Minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default: "") + minimumpriority: "" sumologic: # -- Sumologic HTTP Source URL, if not empty, Sumologic output is enabled @@ -1022,6 +1069,12 @@ config: # -- check if ssl certificate of the output is valid checkcert: true + webex: + # -- Webex WebhookURL, if not empty, Webex output is enabled + webhookurl: "" + # -- minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` + minimumpriority: "" + talon: # -- Talon address, if not empty, Talon output is enabled address: ""