From 15529f525e1dde99f24835df8eacf49596738a9f Mon Sep 17 00:00:00 2001 From: Ildar Valiullin Date: Mon, 20 Jun 2022 21:06:45 +0300 Subject: [PATCH] added Yandex Data Streams support Signed-off-by: Ildar Valiullin --- falcosidekick/Chart.yaml | 2 +- falcosidekick/README.md | 102 ++++++++++++++------------- falcosidekick/templates/secrets.yaml | 3 + falcosidekick/values.yaml | 6 +- 4 files changed, 62 insertions(+), 51 deletions(-) diff --git a/falcosidekick/Chart.yaml b/falcosidekick/Chart.yaml index cb0557312..a66f1bcfb 100644 --- a/falcosidekick/Chart.yaml +++ b/falcosidekick/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 2.26.0 description: Connect Falco to your ecosystem icon: https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png name: falcosidekick -version: 0.5.4 +version: 0.5.5 keywords: - monitoring - security diff --git a/falcosidekick/README.md b/falcosidekick/README.md index 7023d0c8e..5d24c1c81 100644 --- a/falcosidekick/README.md +++ b/falcosidekick/README.md @@ -77,6 +77,7 @@ It works as a single endpoint for as many as you want `Falco` instances : - [**Kafka Rest Proxy**](https://docs.confluent.io/platform/current/kafka-rest/index.html) - [**RabbitMQ**](https://www.rabbitmq.com/) - [**Azure Event Hubs**](https://azure.microsoft.com/en-in/services/event-hubs/) +- [**Yandex Data Streams**](https://cloud.yandex.com/en/docs/data-streams/) ### Email @@ -88,6 +89,7 @@ It works as a single endpoint for as many as you want `Falco` instances : - [**WebUI**](https://github.com/falcosecurity/falcosidekick-ui) (a Web UI for displaying latest events in real time) ### Other + - [**Policy Report**](https://github.com/kubernetes-sigs/wg-policy-prototypes/tree/master/policy-report/falco-adapter) ## Adding `falcosecurity` repository @@ -149,16 +151,16 @@ The following table lists the main configurable parameters of the Falcosidekick | `config.checkcert` | check if ssl certificate of the output is valid | `true` | | `config.alertmanager.checkcert` | check if ssl certificate of the output is valid | `true` | | `config.alertmanager.endpoint` | alertmanager endpoint on which falcosidekick posts alerts, choice is: `"/api/v1/alerts" or "/api/v2/alerts" , default is "/api/v1/alerts"` | `"/api/v1/alerts"` | -| `config.alertmanager.hostport` | AlertManager , if not `empty`, AlertManager is *enabled* | `""` | +| `config.alertmanager.hostport` | AlertManager , if not `empty`, AlertManager is _enabled_ | `""` | | `config.alertmanager.expiresafter` | if set to a non-zero value, alert expires after that time in seconds (default: 0) | `"0"` | | `config.alertmanager.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.alertmanager.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | -| `config.aws.cloudwatchlogs.loggroup` | AWS CloudWatch Logs Group name, if not empty, CloudWatch Logs output is *enabled* | `""` | +| `config.aws.cloudwatchlogs.loggroup` | AWS CloudWatch Logs Group name, if not empty, CloudWatch Logs output is _enabled_ | `""` | | `config.aws.cloudwatchlogs.logstream` | AWS CloudWatch Logs Stream name, if empty, Falcosidekick will try to create a log stream | `debug` | | `config.aws.cloudwatchlogs.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.aws.kinesis.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | -| `config.aws.kinesis.streamname` | AWS Kinesis Stream Name, if not empty, Kinesis output is *enabled* | `""` | -| `config.aws.lambda.functionname` | AWS Lambda Function Name, if not empty, AWS Lambda output is *enabled* | `""` | +| `config.aws.kinesis.streamname` | AWS Kinesis Stream Name, if not empty, Kinesis output is _enabled_ | `""` | +| `config.aws.lambda.functionname` | AWS Lambda Function Name, if not empty, AWS Lambda output is _enabled_ | `""` | | `config.aws.lambda.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.aws.accesskeyid` | AWS Access Key Id (optionnal if you use EC2 Instance Profile) | `""` | | `config.aws.region` | AWS Region (optionnal if you use EC2 Instance Profile) | `""` | @@ -169,11 +171,11 @@ The following table lists the main configurable parameters of the Falcosidekick | `config.aws.secretaccesskey` | AWS Secret Access Key (optionnal if you use EC2 Instance Profile) | `""` | | `config.aws.sns.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.aws.sns.rawjson` | Send RawJSON from `falco` or parse it to AWS SNS | `false` | -| `config.aws.sns.topicarn` | AWS SNS TopicARN, if not empty, AWS SNS output is *enabled* | `""` | +| `config.aws.sns.topicarn` | AWS SNS TopicARN, if not empty, AWS SNS output is _enabled_ | `""` | | `config.aws.sqs.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | -| `config.aws.sqs.url` | AWS SQS Queue URL, if not empty, AWS SQS output is *enabled* | `""` | +| `config.aws.sqs.url` | AWS SQS Queue URL, if not empty, AWS SQS output is _enabled_ | `""` | | `config.azure.eventHub.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | -| `config.azure.eventHub.name` | Name of the Hub, if not empty, EventHub is *enabled* | `""` | +| `config.azure.eventHub.name` | Name of the Hub, if not empty, EventHub is _enabled_ | `""` | | `config.azure.eventHub.namespace` | Name of the space the Hub is in | `""` | | `config.azure.podIdentityClientID` | Azure Identity Client ID | `""` | | `config.azure.podIdentityName` | Azure Identity name | `""` | @@ -184,21 +186,21 @@ The following table lists the main configurable parameters of the Falcosidekick | `config.cliq.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.cliq.outputformat` | `all` (default), `text` (only text is displayed in Cliq), `fields` (only fields are displayed in Cliq) | `all` | | `config.cliq.useemoji` | Prefix message text with an emoji | `true` | -| `config.cliq.webhookurl` | Zoho Cliq Channel URL (ex: ), if not empty, Cliq Chat output is *enabled* | `""` | -| `config.cloudevents.address` | CloudEvents consumer http address, if not empty, CloudEvents output is *enabled* | `""` | +| `config.cliq.webhookurl` | Zoho Cliq Channel URL (ex: ), if not empty, Cliq Chat output is _enabled_ | `""` | +| `config.cloudevents.address` | CloudEvents consumer http address, if not empty, CloudEvents output is _enabled_ | `""` | | `config.cloudevents.extension` | Extensions to add in the outbound Event, useful for routing | `""` | | `config.cloudevents.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | -| `config.datadog.apikey` | Datadog API Key, if not `empty`, Datadog output is *enabled* | | +| `config.datadog.apikey` | Datadog API Key, if not `empty`, Datadog output is _enabled_ | | | `config.datadog.host` | Datadog host. Override if you are on the Datadog EU site. Defaults to american site with "" | `https://api.datadoghq.com` | | `config.datadog.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.discord.icon` | Discord icon (avatar) | `` | | `config.discord.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | -| `config.discord.webhookurl` | Discord WebhookURL (ex: ...), if not empty, Discord output is *enabled* | `""` | -| `config.dogstatsd.forwarder` | The address for the DogStatsD forwarder, in the form , if not empty DogStatsD is *enabled* | `""` | +| `config.discord.webhookurl` | Discord WebhookURL (ex: ...), if not empty, Discord output is _enabled_ | `""` | +| `config.dogstatsd.forwarder` | The address for the DogStatsD forwarder, in the form , if not empty DogStatsD is _enabled_ | `""` | | `config.dogstatsd.namespace` | A prefix for all metrics | `falcosidekick` | | `config.dogstatsd.tags` | A comma-separated list of tags to add to all metrics | `""` | | `config.elasticsearch.checkcert` | check if ssl certificate of the output is valid | `true` | -| `config.elasticsearch.hostport` | Elasticsearch , if not `empty`, Elasticsearch is *enabled* | `""` | +| `config.elasticsearch.hostport` | Elasticsearch , if not `empty`, Elasticsearch is _enabled_ | `""` | | `config.elasticsearch.index` | Elasticsearch index | `falco` | | `config.elasticsearch.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.elasticsearch.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | @@ -206,7 +208,7 @@ The following table lists the main configurable parameters of the Falcosidekick | `config.elasticsearch.type` | Elasticsearch document type | `event` | | `config.elasticsearch.username` | use this username to authenticate to Elasticsearch if the username is not empty | `""` | | `config.fission.checkcert` | check if ssl certificate of the output is valid | `true` | -| `config.fission.function` | Name of Fission function, if not empty, Fission is *enabled* | `""` | +| `config.fission.function` | Name of Fission function, if not empty, Fission is _enabled_ | `""` | | `config.fission.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.fission.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | | `config.fission.routernamespace` | Namespace of Fission Router | `fission` | @@ -227,23 +229,23 @@ The following table lists the main configurable parameters of the Falcosidekick | `config.googlechat.messageformat` | a Go template to format Google Chat Text above Attachment, displayed in addition to the output from `config.googlechat.outputformat`. If empty, no Text is displayed before Attachment | `""` | | `config.googlechat.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.googlechat.outputformat` | `all` (default), `text` (only text is displayed in Google chat) | `all` | -| `config.googlechat.webhookurl` | Google Chat Webhook URL (ex: ), if not `empty`, Google Chat output is *enabled* | `""` | +| `config.googlechat.webhookurl` | Google Chat Webhook URL (ex: ), if not `empty`, Google Chat output is _enabled_ | `""` | | `config.grafana.allfieldsastags` | if true, all custom fields are added as tags | `false` | -| `config.grafana.apikey` | API Key to authenticate to Grafana, if not empty, Grafana output is *enabled* | `""` | +| `config.grafana.apikey` | API Key to authenticate to Grafana, if not empty, Grafana output is _enabled_ | `""` | | `config.grafana.checkcert` | check if ssl certificate of the output is valid | `true` | | `config.grafana.dashboardid` | annotations are scoped to a specific dashboard. Optionnal. | `""` | -| `config.grafana.hostport` | or ip}:{port}, if not empty, Grafana output is *enabled* | `""` | +| `config.grafana.hostport` | or ip}:{port}, if not empty, Grafana output is _enabled_ | `""` | | `config.grafana.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.grafana.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | | `config.grafana.panelid` | annotations are scoped to a specific panel. Optionnal. | `""` | | `config.influxdb.checkcert` | check if ssl certificate of the output is valid | `true` | | `config.influxdb.database` | Influxdb database | `falco` | -| `config.influxdb.hostport` | Influxdb , if not `empty`, Influxdb is *enabled* | `""` | +| `config.influxdb.hostport` | Influxdb , if not `empty`, Influxdb is _enabled_ | `""` | | `config.influxdb.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.influxdb.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | -| `config.influxdb.password` | Password to use if auth is *enabled* in Influxdb | `""` | -| `config.influxdb.user` | User to use if auth is *enabled* in Influxdb | `""` | -| `config.kafka.hostport` | The Host:Port of the Kafka (ex: kafka:9092). if not empty, Kafka output is *enabled* | `""` | +| `config.influxdb.password` | Password to use if auth is _enabled_ in Influxdb | `""` | +| `config.influxdb.user` | User to use if auth is _enabled_ in Influxdb | `""` | +| `config.kafka.hostport` | The Host:Port of the Kafka (ex: kafka:9092). if not empty, Kafka output is _enabled_ | `""` | | `config.kafka.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.kafka.partition` | a Go template to format Google Chat Text above Attachment, displayed in addition to the output from `config.googlechat.outputformat`. If empty, no Text is displayed before Attachment | `"0"` | | `config.kafka.topic` | `all` (default), `text` (only text is displayed in Google chat) | `all` | @@ -253,18 +255,18 @@ The following table lists the main configurable parameters of the Falcosidekick | `config.kafkarest.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | | `config.kafkarest.version` | Kafka Rest Proxy API version 2 | `2` | | `config.kubeless.checkcert` | check if ssl certificate of the output is valid | `true` | -| `config.kubeless.function` | Name of Kubeless function, if not empty, EventHub is *enabled* | `""` | +| `config.kubeless.function` | Name of Kubeless function, if not empty, EventHub is _enabled_ | `""` | | `config.kubeless.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.kubeless.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | | `config.kubeless.namespace` | Namespace of Kubeless function (mandatory) | `""` | | `config.kubeless.port` | Port of service of Kubeless function. Default is `8080` | `8080` | | `config.loki.checkcert` | check if ssl certificate of the output is valid | `true` | | `config.loki.endpoint` | Loki endpoint URL path, default is "/api/prom/push" more info: | `""` | -| `config.loki.hostport` | Loki , if not `empty`, Loki is *enabled* | `""` | +| `config.loki.hostport` | Loki , if not `empty`, Loki is _enabled_ | `""` | | `config.loki.extralabels` | comma separated list of fields to use as labels additionally to rule, source, priority, tags and custom_fields | `""` | | `config.loki.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.loki.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | -| `config.loki.tenant` | Loki tenant, if not `empty`, Loki tenant is *enabled* | `""` | +| `config.loki.tenant` | Loki tenant, if not `empty`, Loki tenant is _enabled_ | `""` | | `config.prometheus.extralabels` | comma separated list of fields to use as labels additionally to rule, source, priority, tags and custom_fields | `""` | | `config.mattermost.checkcert` | check if ssl certificate of the output is valid | `true` | | `config.mattermost.footer` | Mattermost Footer | `` | @@ -274,35 +276,35 @@ The following table lists the main configurable parameters of the Falcosidekick | `config.mattermost.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | | `config.mattermost.outputformat` | `all` (default), `text` (only text is displayed in Slack), `fields` (only fields are displayed in Mattermost) | `all` | | `config.mattermost.username` | Mattermost username | `falcosidekick` | -| `config.mattermost.webhookurl` | Mattermost Webhook URL (ex: ), if not `empty`, Mattermost output is *enabled* | `""` | +| `config.mattermost.webhookurl` | Mattermost Webhook URL (ex: ), if not `empty`, Mattermost output is _enabled_ | `""` | | `config.mutualtlsfilespath` | folder which will used to store client.crt, client.key and ca.crt files for mutual tls | `/etc/certs` | | `config.nats.checkcert` | check if ssl certificate of the output is valid | `true` | -| `config.nats.hostport` | NATS "nats://host:port", if not `empty`, NATS is *enabled* | `""` | +| `config.nats.hostport` | NATS "nats://host:port", if not `empty`, NATS is _enabled_ | `""` | | `config.nats.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.nats.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | -| `config.openfaas.checkcert` | check if ssl certificate of the output is valid | `true` | | `openfaas` -| `config.openfaas.functionname` | Name of OpenFaaS function, if not empty, OpenFaaS is *enabled* | `""` | +| `config.openfaas.checkcert` | check if ssl certificate of the output is valid | `true` | | `openfaas` | +| `config.openfaas.functionname` | Name of OpenFaaS function, if not empty, OpenFaaS is _enabled_ | `""` | | `config.openfaas.functionnamespace` | Namespace of OpenFaaS function, "openfaas-fn" (default) | `openfaas-fn` | | `config.openfaas.gatewaynamespace` | Namespace of OpenFaaS Gateway, "openfaas" (default) | `openfaas` | | `config.openfaas.gatewayport` | Port of service of OpenFaaS Gateway Default is `8080` | `8080` | | `config.openfaas.gatewayservice` | Service of OpenFaaS Gateway, "gateway" (default) | `gateway` | | `config.openfaas.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | -| `config.openfaas.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | | `openfaas` -| `config.opsgenie.apikey` | Opsgenie API Key, if not empty, Opsgenie output is *enabled* | `""` | +| `config.openfaas.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | | `openfaas` | +| `config.opsgenie.apikey` | Opsgenie API Key, if not empty, Opsgenie output is _enabled_ | `""` | | `config.opsgenie.checkcert` | check if ssl certificate of the output is valid | `true` | | `config.opsgenie.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.opsgenie.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | | `config.opsgenie.region` | (`us` or `eu`) region of your domain | `us` | | `config.pagerduty.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | -| `config.pagerduty.routingkey` | Pagerduty Routing Key, if not empty, Pagerduty output is *enabled* | `""` | -| `config.policyreport.enabled` | if true; policyreport output is *enabled* | `false` | +| `config.pagerduty.routingkey` | Pagerduty Routing Key, if not empty, Pagerduty output is _enabled_ | `""` | +| `config.policyreport.enabled` | if true; policyreport output is _enabled_ | `false` | | `config.policyreport.kubeconfig` | Kubeconfig file to use (only if falcosidekick is running outside the cluster) | `~/.kube/config` | | `config.policyreport.maxevents` | the max number of events that can be in a policyreport | `1000` | | `config.policyreport.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.policyreport.prunebypriority` | if true; the events with lowest severity are pruned first, in FIFO order | `false` | | `config.rabbitmq.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.rabbitmq.queue` | Rabbitmq Queue name | `""` | -| `config.rabbitmq.url` | Rabbitmq URL, if not empty, Rabbitmq output is *enabled* | `""` | +| `config.rabbitmq.url` | Rabbitmq URL, if not empty, Rabbitmq output is _enabled_ | `""` | | `config.rockerchat.checkcert` | check if ssl certificate of the output is valid | `true` | | `config.rockerchat.messageformat` | a Go template to format Rocketchat Text above Attachment, displayed in addition to the output from `slack.outputformat`. If empty, no Text is displayed before Attachment | `""` | | `config.rockerchat.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | @@ -310,57 +312,60 @@ The following table lists the main configurable parameters of the Falcosidekick | `config.rocketchat.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.rocketchat.outputformat` | `all` (default), `text` (only text is displayed in Rocketcaht), `fields` (only fields are displayed in Rocketchat) | `all` | | `config.rocketchat.username` | Rocketchat username | `falcosidekick` | -| `config.rocketchat.webhookurl` | Rocketchat Webhook URL (ex: ), if not `empty`, Rocketchat output is *enabled* | `""` | +| `config.rocketchat.webhookurl` | Rocketchat Webhook URL (ex: ), if not `empty`, Rocketchat output is _enabled_ | `""` | | `config.slack.footer` | Slack Footer | `` | | `config.slack.icon` | Slack icon (avatar) | `` | | `config.slack.messageformat` | a Go template to format Slack Text above Attachment, displayed in addition to the output from `slack.outputformat`. If empty, no Text is displayed before Attachment | `""` | | `config.slack.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.slack.outputformat` | `all` (default), `text` (only text is displayed in Slack), `fields` (only fields are displayed in Slack) | `all` | | `config.slack.username` | Slack username | `falcosidekick` | -| `config.slack.webhookurl` | Slack Webhook URL (ex: ), if not `empty`, Slack output is *enabled* | `""` | -| `config.smtp.from` | Sender address (mandatory if SMTP output is *enabled*) | `""` | -| `config.smtp.hostport` | "host:port" address of SMTP server, if not empty, SMTP output is *enabled* | `""` | +| `config.slack.webhookurl` | Slack Webhook URL (ex: ), if not `empty`, Slack output is _enabled_ | `""` | +| `config.smtp.from` | Sender address (mandatory if SMTP output is _enabled_) | `""` | +| `config.smtp.hostport` | "host:port" address of SMTP server, if not empty, SMTP output is _enabled_ | `""` | | `config.smtp.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.smtp.outputformat` | html, text | `html` | | `config.smtp.password` | password to access SMTP server | `""` | -| `config.smtp.to` | comma-separated list of Recipident addresses, can't be empty (mandatory if SMTP output is *enabled*) | `""` | +| `config.smtp.to` | comma-separated list of Recipident addresses, can't be empty (mandatory if SMTP output is _enabled_) | `""` | | `config.smtp.user` | user to access SMTP server | `""` | | `config.stan.checkcert` | check if ssl certificate of the output is valid | `true` | -| `config.stan.clientid` | Client ID, if not empty, STAN output is *enabled* | `""` | -| `config.stan.clusterid` | Cluster name, if not empty, STAN output is *enabled* | `debug` | -| `config.stan.hostport` | Stan nats://{domain or ip}:{port}, if not empty, STAN output is *enabled* | `""` | +| `config.stan.clientid` | Client ID, if not empty, STAN output is _enabled_ | `""` | +| `config.stan.clusterid` | Cluster name, if not empty, STAN output is _enabled_ | `debug` | +| `config.stan.hostport` | Stan nats://{domain or ip}:{port}, if not empty, STAN output is _enabled_ | `""` | | `config.stan.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.stan.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `false` | -| `config.statsd.forwarder` | The address for the StatsD forwarder, in the form , if not empty StatsD is *enabled* | `""` | +| `config.statsd.forwarder` | The address for the StatsD forwarder, in the form , if not empty StatsD is _enabled_ | `""` | | `config.statsd.namespace` | A prefix for all metrics | `falcosidekick` | -| `config.syslog.host` | Syslog Host, if not empty, Syslog output is *enabled* | `""` | +| `config.syslog.host` | Syslog Host, if not empty, Syslog output is _enabled_ | `""` | | `config.syslog.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.syslog.port` | Syslog endpoint port number | `""` | | `config.syslog.protocol` | Syslog transport protocol. It can be either "tcp" or "udp" | `tcp` | | `config.teams.activityimage` | Teams section image | `` | | `config.teams.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.teams.outputformat` | `all` (default), `text` (only text is displayed in Teams), `facts` (only facts are displayed in Teams) | `all` | -| `config.teams.webhookurl` | Teams Webhook URL (ex: "), if not `empty`, Teams output is *enabled* | `""` | +| `config.teams.webhookurl` | Teams Webhook URL (ex: "), if not `empty`, Teams output is _enabled_ | `""` | | `config.wavefront.batchsize` | Wavefront batch size. If empty uses the default 10000. Only used when endpointtype is 'direct' | `10000` | -| `config.wavefront.endpointhost` | Wavefront endpoint address (only the host). If not empty, with endpointhost, Wavefront output is *enabled* | `""` | +| `config.wavefront.endpointhost` | Wavefront endpoint address (only the host). If not empty, with endpointhost, Wavefront output is _enabled_ | `""` | | `config.wavefront.endpointmetricport` | Port to send metrics. Only used when endpointtype is 'proxy' | `2878` | | `config.wavefront.endpointtoken` | Wavefront token. Must be used only when endpointtype is 'direct' | `""` | -| `config.wavefront.endpointtype` | Wavefront endpoint type, must be 'direct' or 'proxy'. If not empty, with endpointhost, Wavefront output is *enabled* | `""` | +| `config.wavefront.endpointtype` | Wavefront endpoint type, must be 'direct' or 'proxy'. If not empty, with endpointhost, Wavefront output is _enabled_ | `""` | | `config.wavefront.flushintervalseconds` | Wavefront flush interval in seconds. Defaults to 1 | `1` | | `config.wavefront.metricname` | Metric to be created in Wavefront. Defaults to falco.alert | `falco.alert` | | `config.wavefront.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | -| `config.webhook.address` | Webhook address, if not empty, Webhook output is *enabled* | `""` | +| `config.webhook.address` | Webhook address, if not empty, Webhook output is _enabled_ | `""` | | `config.webhook.checkcert` | check if ssl certificate of the output is valid | `true` | | `config.webhook.customHeaders` | a list of comma separated custom headers to add, syntax is "key:value\,key:value" | `""` | | `config.webhook.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.webhook.mutualtls` | if true, checkcert flag will be ignored (server cert will always be checked) | `""` | | `config.yandex.accesskeyid` | yandex access key | `""` | +| `config.yandex.secretaccesskey` | yandex secret access key | `""` | | `config.yandex.region` | yandex storage region | `ru-central-1` | | `config.yandex.s3.bucket` | Yandex storage, bucket name | `falcosidekick` | | `config.yandex.s3.endpoint` | yandex storage endpoint (default: ) | `""` | | `config.yandex.s3.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `config.yandex.s3.prefix` | name of prefix, keys will have format: s3:////YYYY-MM-DD/YYYY-MM-DDTHH:mm:ss.s+01:00.json | `""` | -| `config.yandex.secretaccesskey` | yandex secret access key | `""` | +| `config.yandex.datastreams.endpoint` | Yandex Data Streams endpoint (default: ) | `""` | +| `config.yandex.datastreams.streamname` | stream name in format /${region}/${folder_id}/${ydb_id}/${stream_name} | `""` | +| `config.yandex.datastreams.minimumpriority` | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | `debug` | | `affinity` | Affinity for the Sidekick pods | `{}` | | `extraVolumeMounts` | Extra volume mounts for sidekick deployment | `[]` | | `extraVolumes` | Extra volumes for sidekick deployment | `[]` | @@ -432,7 +437,6 @@ The following table lists the main configurable parameters of the Falcosidekick | `webui.redis.storageSize` | Size of the PVC for the redis pod | `1Gi` | | `webui.redis.tolerations` | Tolerations for pod assignment | `[]` | - Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, > **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/falcosidekick/templates/secrets.yaml b/falcosidekick/templates/secrets.yaml index f900bedc3..041269cbb 100644 --- a/falcosidekick/templates/secrets.yaml +++ b/falcosidekick/templates/secrets.yaml @@ -264,6 +264,9 @@ data: YANDEX_S3_BUCKET: "{{ .Values.config.yandex.s3.bucket | b64enc}}" YANDEX_S3_PREFIX: "{{ .Values.config.yandex.s3.prefix | b64enc}}" YANDEX_S3_MINIMUMPRIORITY: "{{ .Values.config.yandex.s3.minimumpriority | b64enc}}" + YANDEX_DATASTREAMS_ENDPOINT: "{{ .Values.config.yandex.datastreams.endpoint | b64enc}}" + YANDEX_DATASTREAMS_STREAMNAME: "{{ .Values.config.yandex.datastreams.streamname | b64enc}}" + YANDEX_DATASTREAMS_MINIMUMPRIORITY: "{{ .Values.config.yandex.datastreams.minimumpriority | b64enc}}" # KafkaRest Output KAFKAREST_ADDRESS: "{{ .Values.config.kafkarest.address | b64enc}}" diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml index c65ec9496..55c351140 100644 --- a/falcosidekick/values.yaml +++ b/falcosidekick/values.yaml @@ -308,7 +308,11 @@ config: endpoint: "" # yandex storage endpoint (default: https://storage.yandexcloud.net) bucket: "" # Yandex storage, bucket name prefix: "" # name of prefix, keys will have format: s3:////YYYY-MM-DD/YYYY-MM-DDTHH:mm:ss.s+01:00.json - minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|erro + minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug + datastreams: + endpoint: "" # Yandex Data Streams endpoint (default: https://yds.serverless.yandexcloud.net) + streamname: "" # stream name in format /${region}/${folder_id}/${ydb_id}/${stream_name} + minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug kafkarest: address: "" # The full URL to the topic (example "http://kafkarest:8082/topics/test")