From 59135f06101d563cadd19b8929bde79b756b8f40 Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Tue, 26 Jul 2022 10:51:17 +0200 Subject: [PATCH 01/16] feat(stmp-sasl): Updates values and secrets for STMP SASL integration. feat(alertmanager-extra-fields): Updates values and secrets for AlertManager extra labels and annotations. In prevision of sidekick version bump. falcosecurity/falcosidekick#341 falcosecurity/falcosidekick#347 Signed-off-by: Lyonel Martinez --- falcosidekick/CHANGELOG.md | 7 +++++++ falcosidekick/Chart.yaml | 2 +- falcosidekick/templates/secrets.yaml | 8 +++++++- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/falcosidekick/CHANGELOG.md b/falcosidekick/CHANGELOG.md index ba3881685..6b4d5574b 100644 --- a/falcosidekick/CHANGELOG.md +++ b/falcosidekick/CHANGELOG.md @@ -5,6 +5,13 @@ numbering uses [semantic versioning](http://semver.org). Before release 0.1.20, the helm chart can be found in `falcosidekick` [repository](https://github.com/falcosecurity/falcosidekick/tree/master/deploy/helm/falcosidekick). +## 0.5.8 + +* Add `alertmanager.extralabels` and `alertmanager.extraannotations` to the values, +as a list of comma separated labels and annotations to add to the AlertManager trigger. +* Add `smtp.autmechanism` and associated fields to be able to use any SASL mechanism. + + ## 0.5.7 * Removing unused Kafka config values diff --git a/falcosidekick/Chart.yaml b/falcosidekick/Chart.yaml index 4c241678e..d85efb08a 100644 --- a/falcosidekick/Chart.yaml +++ b/falcosidekick/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -appVersion: 2.26.0 +appVersion: 2.27.0 description: Connect Falco to your ecosystem icon: https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png name: falcosidekick diff --git a/falcosidekick/templates/secrets.yaml b/falcosidekick/templates/secrets.yaml index 300966e07..6873a9cfe 100644 --- a/falcosidekick/templates/secrets.yaml +++ b/falcosidekick/templates/secrets.yaml @@ -61,6 +61,8 @@ data: ALERTMANAGER_MINIMUMPRIORITY: "{{ .Values.config.alertmanager.minimumpriority | b64enc }}" ALERTMANAGER_MUTUALTLS: "{{ .Values.config.alertmanager.mutualtls | printf "%t" | b64enc }}" ALERTMANAGER_CHECKCERT: "{{ .Values.config.alertmanager.checkcert | printf "%t" | b64enc }}" + ALERTMANAGER_EXTRALABELS: "{{ .Values.config.alertmanager.extralabels | b64enc }}" + ALERTMANAGER_EXTRAANNOTATIONS: "{{ .Values.config.alertmanager.extraannotations | b64enc }}" # InfluxDB Output INFLUXDB_USER: "{{ .Values.config.influxdb.user | b64enc }}" @@ -92,9 +94,13 @@ data: AWS_KINESIS_MINIMUMPRIORITY: "{{ .Values.config.aws.kinesis.minimumpriority | b64enc }}" # SMTP Output + SMTP_HOSTPORT: "{{ .Values.config.smtp.hostport | b64enc }}" + SMTP_AUTHMECHANISM: "{{ .Values.config.smtp.authmechanism | b64enc }}" SMTP_USER: "{{ .Values.config.smtp.user | b64enc }}" SMTP_PASSWORD: "{{ .Values.config.smtp.password | b64enc }}" - SMTP_HOSTPORT: "{{ .Values.config.smtp.hostport | b64enc }}" + SMTP_TOKEN: "{{ .Values.config.smtp.token | b64enc }}" + SMTP_IDENTITY: "{{ .Values.config.smtp.identity | b64enc }}" + SMTP_TRACE: "{{ .Values.config.smtp.trace | b64enc }}" SMTP_FROM: "{{ .Values.config.smtp.from | b64enc }}" SMTP_TO: "{{ .Values.config.smtp.to | b64enc }}" SMTP_OUTPUTFORMAT: "{{ .Values.config.smtp.outputformat | b64enc }}" From ab59bb78037c7f55782516f43e660896ae9d6556 Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Tue, 26 Jul 2022 11:46:49 +0200 Subject: [PATCH 02/16] feat(yandex-datastreams): Updates values and secrets for Yandex datastreams In prevision of sidekick version bump. falcosecurity/falcosidekick#336 Signed-off-by: Lyonel Martinez --- falcosidekick/CHANGELOG.md | 1 + falcosidekick/templates/secrets.yaml | 3 +++ 2 files changed, 4 insertions(+) diff --git a/falcosidekick/CHANGELOG.md b/falcosidekick/CHANGELOG.md index 6b4d5574b..6c4b200b7 100644 --- a/falcosidekick/CHANGELOG.md +++ b/falcosidekick/CHANGELOG.md @@ -10,6 +10,7 @@ Before release 0.1.20, the helm chart can be found in `falcosidekick` [repositor * Add `alertmanager.extralabels` and `alertmanager.extraannotations` to the values, as a list of comma separated labels and annotations to add to the AlertManager trigger. * Add `smtp.autmechanism` and associated fields to be able to use any SASL mechanism. +* Add `yandex.datastreams` and associated fields. ## 0.5.7 diff --git a/falcosidekick/templates/secrets.yaml b/falcosidekick/templates/secrets.yaml index 6873a9cfe..1be524b56 100644 --- a/falcosidekick/templates/secrets.yaml +++ b/falcosidekick/templates/secrets.yaml @@ -269,6 +269,9 @@ data: YANDEX_S3_BUCKET: "{{ .Values.config.yandex.s3.bucket | b64enc}}" YANDEX_S3_PREFIX: "{{ .Values.config.yandex.s3.prefix | b64enc}}" YANDEX_S3_MINIMUMPRIORITY: "{{ .Values.config.yandex.s3.minimumpriority | b64enc}}" + YANDEX_DATASTREAMS_ENDPOINT: "{{ .Values.config.yandex.datastreams.endpoint | b64enc}}" + YANDEX_DATASTREAMS_STREAMNAME: "{{ .Values.config.yandex.datastreams.streamname | b64enc}}" + YANDEX_DATASTREAMS_MINIMUMPRIORITY: "{{ .Values.config.yandex.datastreams.minimumpriority | b64enc}}" # KafkaRest Output KAFKAREST_ADDRESS: "{{ .Values.config.kafkarest.address | b64enc}}" From c9e359a426fe7b3fa53e9495c97666cb09a8afbe Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Tue, 26 Jul 2022 11:58:58 +0200 Subject: [PATCH 03/16] feat(node-red): Updates values and secrets for Node Red In prevision of sidekick version bump. falcosecurity/falcosidekick#337 Signed-off-by: Lyonel Martinez --- falcosidekick/CHANGELOG.md | 1 + falcosidekick/values.yaml | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/falcosidekick/CHANGELOG.md b/falcosidekick/CHANGELOG.md index 6c4b200b7..0cd06faa9 100644 --- a/falcosidekick/CHANGELOG.md +++ b/falcosidekick/CHANGELOG.md @@ -11,6 +11,7 @@ Before release 0.1.20, the helm chart can be found in `falcosidekick` [repositor as a list of comma separated labels and annotations to add to the AlertManager trigger. * Add `smtp.autmechanism` and associated fields to be able to use any SASL mechanism. * Add `yandex.datastreams` and associated fields. +* Add `nodered` and associated fields. ## 0.5.7 diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml index db6e6fcaf..ab04c1288 100644 --- a/falcosidekick/values.yaml +++ b/falcosidekick/values.yaml @@ -324,6 +324,14 @@ config: # -- check if ssl certificate of the output is valid checkcert: true + nodered: + address: "" # Webhook address, if not empty, Webhook output is enabled + user: "" # User if Basic Auth is enabled for 'http in' node in Node-RED + password: "" # Password if Basic Auth is enabled for 'http in' node in Node-RED + customHeaders: "" # Custom headers to add in POST, useful for Authentication | list of comma separated headers to, syntax is "key:value,key:value" + minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) + checkcert: true # check if ssl certificate of the output is valid (default: true) + azure: # -- Azure Subscription ID subscriptionID: "" From 30649144df07a22582c7d5cd999841599bd26423 Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Tue, 26 Jul 2022 12:12:17 +0200 Subject: [PATCH 04/16] feat(mqtt): Updates values and secrets for MQTT In prevision of sidekick version bump. falcosecurity/falcosidekick#338 Signed-off-by: Lyonel Martinez --- falcosidekick/CHANGELOG.md | 1 + falcosidekick/templates/secrets.yaml | 10 ++++++++++ falcosidekick/values.yaml | 22 ++++++++++++++++------ 3 files changed, 27 insertions(+), 6 deletions(-) diff --git a/falcosidekick/CHANGELOG.md b/falcosidekick/CHANGELOG.md index 0cd06faa9..f83d5f16a 100644 --- a/falcosidekick/CHANGELOG.md +++ b/falcosidekick/CHANGELOG.md @@ -12,6 +12,7 @@ as a list of comma separated labels and annotations to add to the AlertManager t * Add `smtp.autmechanism` and associated fields to be able to use any SASL mechanism. * Add `yandex.datastreams` and associated fields. * Add `nodered` and associated fields. +* Add `mqtt` and associated fields. ## 0.5.7 diff --git a/falcosidekick/templates/secrets.yaml b/falcosidekick/templates/secrets.yaml index 1be524b56..1a8187a33 100644 --- a/falcosidekick/templates/secrets.yaml +++ b/falcosidekick/templates/secrets.yaml @@ -43,6 +43,16 @@ data: MATTERMOST_MUTUALTLS: "{{ .Values.config.mattermost.mutualtls | printf "%t" | b64enc }}" MATTERMOST_CHECKCERT: "{{ .Values.config.mattermost.checkcert | printf "%t" | b64enc }}" + # MQTT Output + MQTT_BROKER: "{{ .Values.config.mqtt.broker | b64enc }}" + MQTT_TOPIC: "{{ .Values.config.mqtt.topic | b64enc }}" + MQTT_QOS: "{{ .Values.config.mqtt.qos | toString | b64enc }}" + MQTT_RETAINED: "{{ .Values.config.mqtt.retained | printf "%t" | b64enc }}" + MQTT_USER: "{{ .Values.config.mqtt.user | b64enc }}" + MQTT_PASSWORD: "{{ .Values.config.mqtt.password | b64enc }}" + MQTT_CHECKCERT: "{{ .Values.config.mqtt.checkcert | printf "%t" | b64enc }}" + MQTT_MINIMUMPRIORITY: "{{ .Values.config.mqtt.minimumpriority | b64enc }}" + # Teams Output TEAMS_WEBHOOKURL: "{{ .Values.config.teams.webhookurl | b64enc }}" TEAMS_OUTPUTFORMAT: "{{ .Values.config.teams.outputformat | b64enc }}" diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml index ab04c1288..05a6b549a 100644 --- a/falcosidekick/values.yaml +++ b/falcosidekick/values.yaml @@ -325,12 +325,12 @@ config: checkcert: true nodered: - address: "" # Webhook address, if not empty, Webhook output is enabled - user: "" # User if Basic Auth is enabled for 'http in' node in Node-RED - password: "" # Password if Basic Auth is enabled for 'http in' node in Node-RED - customHeaders: "" # Custom headers to add in POST, useful for Authentication | list of comma separated headers to, syntax is "key:value,key:value" - minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) - checkcert: true # check if ssl certificate of the output is valid (default: true) + address: "" # Webhook address, if not empty, Webhook output is enabled + user: "" # User if Basic Auth is enabled for 'http in' node in Node-RED + password: "" # Password if Basic Auth is enabled for 'http in' node in Node-RED + customHeaders: "" # Custom headers to add in POST, useful for Authentication | list of comma separated headers to, syntax is "key:value,key:value" + minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) + checkcert: true # check if ssl certificate of the output is valid (default: true) azure: # -- Azure Subscription ID @@ -575,6 +575,16 @@ config: # -- minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` minimumpriority: "" + mqtt: + broker: "" # Broker address, can start with tcp:// or ssl://, if not empty, MQTT output is enabled + topic: "falco/events" # Topic for messages (default: falco/events) + qos: 0 # QOS for messages (default: 0) + retained: false # If true, messages are retained (default: false) + user: "" # User if the authentication is enabled in the broker + password: "" # Password if the authentication is enabled in the broker + checkcert: true # check if ssl certificate of the output is valid (default: true) + minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) + service: # -- Service type From 1cbde1400a44cfb37a95149fa702452db52c1be1 Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Wed, 27 Jul 2022 16:30:20 +0200 Subject: [PATCH 05/16] feat(falco-sidekick-ES): Update default value of ES.type In prevision of sidekick version bump. falcosecurity/falcosidekick#349 Signed-off-by: Lyonel Martinez --- falcosidekick/CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/falcosidekick/CHANGELOG.md b/falcosidekick/CHANGELOG.md index f83d5f16a..344ff99b2 100644 --- a/falcosidekick/CHANGELOG.md +++ b/falcosidekick/CHANGELOG.md @@ -13,6 +13,7 @@ as a list of comma separated labels and annotations to add to the AlertManager t * Add `yandex.datastreams` and associated fields. * Add `nodered` and associated fields. * Add `mqtt` and associated fields. +* Update `elasticsearch.type` default value to `_doc` ## 0.5.7 From 44e6986f0c61e9c8ca46d6c2f14fcaa2fdada645 Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Wed, 27 Jul 2022 17:07:30 +0200 Subject: [PATCH 06/16] feat(falco-sidekick-env): Update env value In prevision of sidekick version bump. falcosecurity/falcosidekick#346 Signed-off-by: Lyonel Martinez --- falcosidekick/templates/deployment.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/falcosidekick/templates/deployment.yaml b/falcosidekick/templates/deployment.yaml index 430c8f95a..48d031789 100644 --- a/falcosidekick/templates/deployment.yaml +++ b/falcosidekick/templates/deployment.yaml @@ -78,6 +78,10 @@ spec: name: {{ include "falcosidekick.fullname" . }} {{- end }} env: + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace - name: DEBUG value: {{ .Values.config.debug | quote }} - name: CUSTOMFIELDS From 0fbada23410dbed75074f8fdd498a783c03023fc Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Fri, 29 Jul 2022 18:22:50 +0200 Subject: [PATCH 07/16] feat(falco-sidekick-update): Update values to new helm-docs behavior Signed-off-by: Lyonel Martinez --- falcosidekick/CHANGELOG.md | 1 - falcosidekick/Chart.yaml | 2 +- falcosidekick/values.yaml | 67 ++++++++++++++++++++++++++++---------- 3 files changed, 51 insertions(+), 19 deletions(-) diff --git a/falcosidekick/CHANGELOG.md b/falcosidekick/CHANGELOG.md index 344ff99b2..2692abd5f 100644 --- a/falcosidekick/CHANGELOG.md +++ b/falcosidekick/CHANGELOG.md @@ -15,7 +15,6 @@ as a list of comma separated labels and annotations to add to the AlertManager t * Add `mqtt` and associated fields. * Update `elasticsearch.type` default value to `_doc` - ## 0.5.7 * Removing unused Kafka config values diff --git a/falcosidekick/Chart.yaml b/falcosidekick/Chart.yaml index d85efb08a..71579062b 100644 --- a/falcosidekick/Chart.yaml +++ b/falcosidekick/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 2.27.0 description: Connect Falco to your ecosystem icon: https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png name: falcosidekick -version: 0.5.7 +version: 0.5.8 keywords: - monitoring - security diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml index 05a6b549a..050fcceee 100644 --- a/falcosidekick/values.yaml +++ b/falcosidekick/values.yaml @@ -145,6 +145,10 @@ config: mutualtls: false # -- check if ssl certificate of the output is valid checkcert: true + # -- list of comma separated custom labels to add to AlertManager trigger. Syntax is "label:value,label:value" + extralabels: "" + # -- list of comma separated custom annotations to add to AlertManager trigger. Syntax is "label:value,label:value" + extraannotations: "" # elasticsearch: # -- Elasticsearch , if not `empty`, Elasticsearch is *enabled* @@ -152,7 +156,7 @@ config: # -- Elasticsearch index index: "falco" # -- Elasticsearch document type - type: "event" + type: "_doc" # -- minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` minimumpriority: "" # -- if true, checkcert flag will be ignored (server cert will always be checked) @@ -273,10 +277,18 @@ config: smtp: # -- "host:port" address of SMTP server, if not empty, SMTP output is *enabled* hostport: "" - # -- user to access SMTP server + # -- SASL Mechanisms : plain, oauthbearer, external, anonymous or "" (disable SASL). Default: plain + authmechanism: "plain" + # -- User to access SMTP server with Plain Mechanism user: "" - # -- password to access SMTP server + # -- Password to access SMTP server with Plain Mechanism password: "" + # -- OAuthBearer token for OAuthBearer Mechanism + token: "" + # -- Identity string for Plain and External Mechanisms + identity: "" + # -- Trace string for Anonymous Mechanism + trace: "" # -- Sender address (mandatory if SMTP output is *enabled*) from: "" # -- comma-separated list of Recipident addresses, can't be empty (mandatory if SMTP output is *enabled*) @@ -325,12 +337,18 @@ config: checkcert: true nodered: - address: "" # Webhook address, if not empty, Webhook output is enabled - user: "" # User if Basic Auth is enabled for 'http in' node in Node-RED - password: "" # Password if Basic Auth is enabled for 'http in' node in Node-RED - customHeaders: "" # Custom headers to add in POST, useful for Authentication | list of comma separated headers to, syntax is "key:value,key:value" - minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) - checkcert: true # check if ssl certificate of the output is valid (default: true) + # -- Webhook address, if not empty, Webhook output is enabled + address: "" + # -- User if Basic Auth is enabled for 'http in' node in Node-RED + user: "" + # -- Password if Basic Auth is enabled for 'http in' node in Node-RED + password: "" + # -- Custom headers to add in POST, useful for Authentication | list of comma separated headers to, syntax is "key:value,key:value" + customHeaders: "" + # -- minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) + minimumpriority: "" + # -- check if ssl certificate of the output is valid (default: true) + checkcert: true azure: # -- Azure Subscription ID @@ -526,6 +544,13 @@ config: prefix: "" # -- minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` minimumpriority: "" + datastreams: + # -- Yandex Data Streams endpoint + endpoint: "https://yds.serverless.yandexcloud.net" + # -- Stream name in format /${region}/${folder_id}/${ydb_id}/${stream_name} + streamname: "" + # -- minimum priority of event for using this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` + minimumpriority: "" kafkarest: # -- The full URL to the topic (example "http://kafkarest:8082/topics/test") @@ -576,14 +601,22 @@ config: minimumpriority: "" mqtt: - broker: "" # Broker address, can start with tcp:// or ssl://, if not empty, MQTT output is enabled - topic: "falco/events" # Topic for messages (default: falco/events) - qos: 0 # QOS for messages (default: 0) - retained: false # If true, messages are retained (default: false) - user: "" # User if the authentication is enabled in the broker - password: "" # Password if the authentication is enabled in the broker - checkcert: true # check if ssl certificate of the output is valid (default: true) - minimumpriority: "" # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) + # -- Broker address, can start with tcp:// or ssl://, if not empty, MQTT output is enabled + broker: "" # + # -- Topic for messages (default: falco/events) + topic: "falco/events" + # -- QOS for messages (default: 0) + qos: 0 + # -- If true, messages are retained (default: false) + retained: false + # -- User if the authentication is enabled in the broker + user: "" + # -- Password if the authentication is enabled in the broker + password: "" + # -- Check if ssl certificate of the output is valid (default: true) + checkcert: true + # -- Minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) + minimumpriority: "" service: From cb226766bf389c7ba4071796c73909f6d76b812c Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Fri, 29 Jul 2022 18:36:04 +0200 Subject: [PATCH 08/16] feat(falco-sidekick-update): bump sidekick version Signed-off-by: Lyonel Martinez --- falcosidekick/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml index 050fcceee..61c566919 100644 --- a/falcosidekick/values.yaml +++ b/falcosidekick/values.yaml @@ -11,7 +11,7 @@ image: # -- The image repository to pull from repository: falcosecurity/falcosidekick # -- The image tag to pull - tag: 2.26.0 + tag: 2.27.0 # -- The image pull policy pullPolicy: IfNotPresent From 6f5ccdc6666d22443eaddfea379002065c9441cb Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Mon, 8 Aug 2022 10:15:23 +0200 Subject: [PATCH 09/16] feat(falco-sidekick-update): Readme update + Docs from falcosecurtiy/falcosidekick#353 Signed-off-by: Lyonel Martinez --- falcosidekick/README.md | 34 ++++++++++++++++++++++++++++------ falcosidekick/values.yaml | 2 +- 2 files changed, 29 insertions(+), 7 deletions(-) diff --git a/falcosidekick/README.md b/falcosidekick/README.md index c87a624b5..bef1edf4b 100644 --- a/falcosidekick/README.md +++ b/falcosidekick/README.md @@ -148,6 +148,8 @@ The following table lists the main configurable parameters of the Falcosidekick | config.alertmanager.checkcert | bool | `true` | check if ssl certificate of the output is valid | | config.alertmanager.endpoint | string | `"/api/v1/alerts"` | alertmanager endpoint on which falcosidekick posts alerts, choice is: `"/api/v1/alerts" or "/api/v2/alerts" , default is "/api/v1/alerts"` | | config.alertmanager.expireafter | string | `""` | if set to a non-zero value, alert expires after that time in seconds (default: 0) | +| config.alertmanager.extraannotations | string | `""` | list of comma separated custom annotations to add to AlertManager trigger. Syntax is "label:value,label:value" | +| config.alertmanager.extralabels | string | `""` | list of comma separated custom labels to add to AlertManager trigger. Syntax is "label:value,label:value" | | config.alertmanager.hostport | string | `""` | AlertManager , if not `empty`, AlertManager is *enabled* | | config.alertmanager.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.alertmanager.mutualtls | bool | `false` | if true, checkcert flag will be ignored (server cert will always be checked) | @@ -186,7 +188,7 @@ The following table lists the main configurable parameters of the Falcosidekick | config.cloudevents.address | string | `""` | CloudEvents consumer http address, if not empty, CloudEvents output is *enabled* | | config.cloudevents.extension | string | `""` | Extensions to add in the outbound Event, useful for routing | | config.cloudevents.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | -| config.customfields | string | `""` | a list of escaped comma separated custom fields to add to falco events, syntax is "key:value\,key:value" | +| config.customfields | string | `""` | a list of escaped comma separated custom fields to add to falco events. If the value starts with % the relative env var is used. The syntax is "key:value\,key:value". | | config.datadog.apikey | string | `""` | Datadog API Key, if not `empty`, Datadog output is *enabled* | | config.datadog.host | string | `""` | Datadog host. Override if you are on the Datadog EU site. Defaults to american site with "" | | config.datadog.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | @@ -203,7 +205,7 @@ The following table lists the main configurable parameters of the Falcosidekick | config.elasticsearch.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.elasticsearch.mutualtls | bool | `false` | if true, checkcert flag will be ignored (server cert will always be checked) | | config.elasticsearch.password | string | `""` | use this password to authenticate to Elasticsearch if the password is not empty | -| config.elasticsearch.type | string | `"event"` | Elasticsearch document type | +| config.elasticsearch.type | string | `"_doc"` | Elasticsearch document type | | config.elasticsearch.username | string | `""` | use this username to authenticate to Elasticsearch if the username is not empty | | config.existingSecret | string | `""` | Existing secret with configuration | | config.extraEnv | list | `[]` | Extra environment variables | @@ -275,11 +277,25 @@ The following table lists the main configurable parameters of the Falcosidekick | config.mattermost.outputformat | string | `"all"` | `all` (default), `text` (only text is displayed in Slack), `fields` (only fields are displayed in Mattermost) | | config.mattermost.username | string | `""` | Mattermost username | | config.mattermost.webhookurl | string | `""` | Mattermost Webhook URL (ex: ), if not `empty`, Mattermost output is *enabled* | +| config.mqtt.broker | string | `""` | Broker address, can start with tcp:// or ssl://, if not empty, MQTT output is enabled | +| config.mqtt.checkcert | bool | `true` | Check if ssl certificate of the output is valid (default: true) | +| config.mqtt.minimumpriority | string | `""` | Minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) | +| config.mqtt.password | string | `""` | Password if the authentication is enabled in the broker | +| config.mqtt.qos | int | `0` | QOS for messages (default: 0) | +| config.mqtt.retained | bool | `false` | If true, messages are retained (default: false) | +| config.mqtt.topic | string | `"falco/events"` | Topic for messages (default: falco/events) | +| config.mqtt.user | string | `""` | User if the authentication is enabled in the broker | | config.mutualtlsfilespath | string | `"/etc/certs"` | folder which will used to store client.crt, client.key and ca.crt files for mutual tls (default: "/etc/certs") | | config.nats.checkcert | bool | `true` | check if ssl certificate of the output is valid | | config.nats.hostport | string | `""` | NATS "nats://host:port", if not `empty`, NATS is *enabled* | | config.nats.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.nats.mutualtls | bool | `false` | if true, checkcert flag will be ignored (server cert will always be checked) | +| config.nodered.address | string | `""` | Webhook address, if not empty, Webhook output is enabled | +| config.nodered.checkcert | bool | `true` | check if ssl certificate of the output is valid (default: true) | +| config.nodered.customHeaders | string | `""` | Custom headers to add in POST, useful for Authentication | list of comma separated headers to, syntax is "key:value,key:value" | +| config.nodered.minimumpriority | string | `""` | minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) | +| config.nodered.password | string | `""` | Password if Basic Auth is enabled for 'http in' node in Node-RED | +| config.nodered.user | string | `""` | User if Basic Auth is enabled for 'http in' node in Node-RED | | config.openfaas.checkcert | bool | `true` | check if ssl certificate of the output is valid | | config.openfaas.functionname | string | `""` | Name of OpenFaaS function, if not empty, OpenFaaS is *enabled* | | config.openfaas.functionnamespace | string | `"openfaas-fn"` | Namespace of OpenFaaS function, "openfaas-fn" (default) | @@ -319,13 +335,17 @@ The following table lists the main configurable parameters of the Falcosidekick | config.slack.outputformat | string | `"all"` | `all` (default), `text` (only text is displayed in Slack), `fields` (only fields are displayed in Slack) | | config.slack.username | string | `""` | Slack username | | config.slack.webhookurl | string | `""` | Slack Webhook URL (ex: ), if not `empty`, Slack output is *enabled* | +| config.smtp.authmechanism | string | `"plain"` | SASL Mechanisms : plain, oauthbearer, external, anonymous or "" (disable SASL). Default: plain | | config.smtp.from | string | `""` | Sender address (mandatory if SMTP output is *enabled*) | | config.smtp.hostport | string | `""` | "host:port" address of SMTP server, if not empty, SMTP output is *enabled* | +| config.smtp.identity | string | `""` | Identity string for Plain and External Mechanisms | | config.smtp.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.smtp.outputformat | string | `"html"` | html, text | -| config.smtp.password | string | `""` | password to access SMTP server | +| config.smtp.password | string | `""` | Password to access SMTP server with Plain Mechanism | | config.smtp.to | string | `""` | comma-separated list of Recipident addresses, can't be empty (mandatory if SMTP output is *enabled*) | -| config.smtp.user | string | `""` | user to access SMTP server | +| config.smtp.token | string | `""` | OAuthBearer token for OAuthBearer Mechanism | +| config.smtp.trace | string | `""` | Trace string for Anonymous Mechanism | +| config.smtp.user | string | `""` | User to access SMTP server with Plain Mechanism | | config.stan.checkcert | bool | `true` | check if ssl certificate of the output is valid | | config.stan.clientid | string | `""` | Client ID, if not empty, STAN output is *enabled* | | config.stan.clusterid | string | `""` | Cluster name, if not empty, STAN output is *enabled* | @@ -356,6 +376,9 @@ The following table lists the main configurable parameters of the Falcosidekick | config.webhook.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.webhook.mutualtls | bool | `false` | if true, checkcert flag will be ignored (server cert will always be checked) | | config.yandex.accesskeyid | string | `""` | yandex access key | +| config.yandex.datastreams.endpoint | string | `"https://yds.serverless.yandexcloud.net"` | Yandex Data Streams endpoint | +| config.yandex.datastreams.minimumpriority | string | `""` | minimum priority of event for using this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | +| config.yandex.datastreams.streamname | string | `""` | Stream name in format /${region}/${folder_id}/${ydb_id}/${stream_name} | | config.yandex.region | string | `""` | yandex storage region (default: ru-central-1) | | config.yandex.s3.bucket | string | `""` | Yandex storage, bucket name | | config.yandex.s3.endpoint | string | `""` | yandex storage endpoint (default: https://storage.yandexcloud.net) | @@ -368,7 +391,7 @@ The following table lists the main configurable parameters of the Falcosidekick | image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | | image.registry | string | `"docker.io"` | The image registry to pull from | | image.repository | string | `"falcosecurity/falcosidekick"` | The image repository to pull from | -| image.tag | string | `"2.26.0"` | The image tag to pull | +| image.tag | string | `"2.27.0"` | The image tag to pull | | imagePullSecrets | list | `[]` | Secrets for the registry | | ingress.annotations | object | `{}` | Ingress annotations | | ingress.enabled | bool | `false` | Whether to create the ingress | @@ -438,7 +461,6 @@ The following table lists the main configurable parameters of the Falcosidekick | webui.tolerations | list | `[]` | Tolerations for pod assignment | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. - > **Tip**: You can use the default [values.yaml](values.yaml) ## Metrics diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml index 61c566919..bc1125321 100644 --- a/falcosidekick/values.yaml +++ b/falcosidekick/values.yaml @@ -53,7 +53,7 @@ config: extraEnv: [] # -- DEBUG environment variable debug: false - # -- a list of escaped comma separated custom fields to add to falco events, syntax is "key:value\,key:value" + # -- a list of escaped comma separated custom fields to add to falco events. If the value starts with % the relative env var is used. The syntax is "key:value\,key:value". customfields: "" # -- folder which will used to store client.crt, client.key and ca.crt files for mutual tls (default: "/etc/certs") From f1bb24be4c908b6b075b9a8e5155c5fcb7209119 Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Thu, 25 Aug 2022 16:39:18 +0200 Subject: [PATCH 10/16] feat(falco-sidekick-update): Readme update + Docs from falcosecurtiy/falcosidekick#356 Signed-off-by: Lyonel Martinez --- falcosidekick/README.md | 2 +- falcosidekick/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/falcosidekick/README.md b/falcosidekick/README.md index bef1edf4b..c8faac5c6 100644 --- a/falcosidekick/README.md +++ b/falcosidekick/README.md @@ -262,7 +262,7 @@ The following table lists the main configurable parameters of the Falcosidekick | config.kubeless.namespace | string | `""` | Namespace of Kubeless function (mandatory) | | config.kubeless.port | int | `8080` | Port of service of Kubeless function. Default is `8080` | | config.loki.checkcert | bool | `true` | check if ssl certificate of the output is valid | -| config.loki.endpoint | string | `"/api/prom/push"` | Loki endpoint URL path, default is "/api/prom/push" more info: | +| config.loki.endpoint | string | `"/loki/api/v1/push"` | Loki endpoint URL path, default is "/loki/api/v1/push" more info : https://grafana.com/docs/loki/latest/api/#post-apiprompush | | config.loki.extralabels | string | `""` | comma separated list of fields to use as labels additionally to rule, source, priority, tags and custom_fields | | config.loki.hostport | string | `""` | Loki , if not `empty`, Loki is *enabled* | | config.loki.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml index bc1125321..1e43c878f 100644 --- a/falcosidekick/values.yaml +++ b/falcosidekick/values.yaml @@ -187,8 +187,8 @@ config: loki: # -- Loki , if not `empty`, Loki is *enabled* hostport: "" - # -- Loki endpoint URL path, default is "/api/prom/push" more info: - endpoint: "/api/prom/push" + # -- Loki endpoint URL path, default is "/loki/api/v1/push" more info : https://grafana.com/docs/loki/latest/api/#post-apiprompush + endpoint: "/loki/api/v1/push" # -- Loki tenant, if not `empty`, Loki tenant is *enabled* tenant: "" # -- comma separated list of fields to use as labels additionally to rule, source, priority, tags and custom_fields From 844960a0743ccea022c02b9235113820b8197c97 Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Thu, 25 Aug 2022 16:55:24 +0200 Subject: [PATCH 11/16] feat(templated-fields): Values/docs/config update to add templated fields from falcosecurtiy/falcosidekick#356 Signed-off-by: Lyonel Martinez --- falcosidekick/README.md | 1 + falcosidekick/templates/deployment.yaml | 2 ++ falcosidekick/values.yaml | 2 ++ 3 files changed, 5 insertions(+) diff --git a/falcosidekick/README.md b/falcosidekick/README.md index c8faac5c6..ace256031 100644 --- a/falcosidekick/README.md +++ b/falcosidekick/README.md @@ -362,6 +362,7 @@ The following table lists the main configurable parameters of the Falcosidekick | config.teams.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.teams.outputformat | string | `"all"` | `all` (default), `text` (only text is displayed in Teams), `facts` (only facts are displayed in Teams) | | config.teams.webhookurl | string | `""` | Teams Webhook URL (ex: "), if not `empty`, Teams output is *enabled* | +| config.templatedfields | string | `""` | a list of comma separated templated fields to add to falco events and metrics, it uses Go template + output_fields values. The syntax is "key:value,key:value". | | config.wavefront.batchsize | int | `10000` | Wavefront batch size. If empty uses the default 10000. Only used when endpointtype is 'direct' | | config.wavefront.endpointhost | string | `""` | Wavefront endpoint address (only the host). If not empty, with endpointhost, Wavefront output is *enabled* | | config.wavefront.endpointmetricport | int | `2878` | Port to send metrics. Only used when endpointtype is 'proxy' | diff --git a/falcosidekick/templates/deployment.yaml b/falcosidekick/templates/deployment.yaml index 48d031789..5d79f6c60 100644 --- a/falcosidekick/templates/deployment.yaml +++ b/falcosidekick/templates/deployment.yaml @@ -86,6 +86,8 @@ spec: value: {{ .Values.config.debug | quote }} - name: CUSTOMFIELDS value: {{ .Values.config.customfields | quote }} + - name: TEMPLATEDFIELDS + value: {{ .Values.config.templatedfields | quote }} - name: MUTUALTLSFILESPATH value: {{ .Values.config.mutualtlsfilespath | quote }} {{- if .Values.config.extraEnv }} diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml index 1e43c878f..07d5ff944 100644 --- a/falcosidekick/values.yaml +++ b/falcosidekick/values.yaml @@ -55,6 +55,8 @@ config: debug: false # -- a list of escaped comma separated custom fields to add to falco events. If the value starts with % the relative env var is used. The syntax is "key:value\,key:value". customfields: "" + # -- a list of comma separated templated fields to add to falco events and metrics, it uses Go template + output_fields values. The syntax is "key:value,key:value". + templatedfields: "" # -- folder which will used to store client.crt, client.key and ca.crt files for mutual tls (default: "/etc/certs") mutualtlsfilespath: "/etc/certs" From 237069e28cd342d336965eaa7a04ef18d3c86b1e Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Tue, 13 Sep 2022 16:22:38 +0200 Subject: [PATCH 12/16] feat(slack-channel): Values/docs/config update to add Slack channel option from falcosecurtiy/falcosidekick#366 Signed-off-by: Lyonel Martinez --- falcosidekick/README.md | 1 + falcosidekick/templates/secrets.yaml | 1 + falcosidekick/values.yaml | 2 ++ 3 files changed, 4 insertions(+) diff --git a/falcosidekick/README.md b/falcosidekick/README.md index ace256031..692ddd06c 100644 --- a/falcosidekick/README.md +++ b/falcosidekick/README.md @@ -328,6 +328,7 @@ The following table lists the main configurable parameters of the Falcosidekick | config.rocketchat.outputformat | string | `"all"` | `all` (default), `text` (only text is displayed in Rocketcaht), `fields` (only fields are displayed in Rocketchat) | | config.rocketchat.username | string | `""` | Rocketchat username | | config.rocketchat.webhookurl | string | `""` | Rocketchat Webhook URL (ex: ), if not `empty`, Rocketchat output is *enabled* | +| config.slack.channel | string | `""` | Slack Channel | | config.slack.footer | string | `""` | Slack Footer | | config.slack.icon | string | `""` | Slack icon (avatar) | | config.slack.messageformat | string | `""` | a Go template to format Slack Text above Attachment, displayed in addition to the output from `slack.outputformat`. If empty, no Text is displayed before Attachment | diff --git a/falcosidekick/templates/secrets.yaml b/falcosidekick/templates/secrets.yaml index 1a8187a33..b10a3f5d9 100644 --- a/falcosidekick/templates/secrets.yaml +++ b/falcosidekick/templates/secrets.yaml @@ -15,6 +15,7 @@ type: Opaque data: # Slack Output SLACK_WEBHOOKURL: "{{ .Values.config.slack.webhookurl | b64enc }}" + SLACK_CHANNEL: "{{ .Values.config.slack.channel | b64enc }}" SLACK_OUTPUTFORMAT: "{{ .Values.config.slack.outputformat | b64enc }}" SLACK_FOOTER: "{{ .Values.config.slack.footer | b64enc }}" SLACK_ICON: "{{ .Values.config.slack.icon | b64enc }}" diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml index 07d5ff944..cdcf3ce35 100644 --- a/falcosidekick/values.yaml +++ b/falcosidekick/values.yaml @@ -65,6 +65,8 @@ config: slack: # -- Slack Webhook URL (ex: ), if not `empty`, Slack output is *enabled* webhookurl: "" + # -- Slack Channel + channel: "" # -- Slack Footer footer: "" # -- Slack icon (avatar) From 7ec97b6be5a89eed94956c8c2c9d602b3ac11bfe Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Tue, 13 Sep 2022 16:45:53 +0200 Subject: [PATCH 13/16] feat(gotify): Values/docs/config update to add Gotify output from falcosecurtiy/falcosidekick#362 Signed-off-by: Lyonel Martinez --- falcosidekick/README.md | 9 +++++++-- falcosidekick/templates/secrets.yaml | 6 ++++++ falcosidekick/values.yaml | 17 +++++++++++++++-- 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/falcosidekick/README.md b/falcosidekick/README.md index 692ddd06c..32ff688a2 100644 --- a/falcosidekick/README.md +++ b/falcosidekick/README.md @@ -232,6 +232,11 @@ The following table lists the main configurable parameters of the Falcosidekick | config.googlechat.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.googlechat.outputformat | string | `"all"` | `all` (default), `text` (only text is displayed in Google chat) | | config.googlechat.webhookurl | string | `""` | Google Chat Webhook URL (ex: ), if not `empty`, Google Chat output is *enabled* | +| config.gotify.checkcert | bool | `true` | Check if ssl certificate of the output is valid (default: true) | +| config.gotify.format | string | `"markdown"` | Gotify Format of the messages (plaintext, markdown, json) | +| config.gotify.hostport | string | `""` | Gotify Host and port http://{domain or ip}:{port}, if not empty, Gotify output is *enabled* | +| config.gotify.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | +| config.gotify.token | string | `""` | Gotify API Token | | config.grafana.allfieldsastags | bool | `false` | if true, all custom fields are added as tags (default: false) | | config.grafana.apikey | string | `""` | API Key to authenticate to Grafana, if not empty, Grafana output is *enabled* | | config.grafana.checkcert | bool | `true` | check if ssl certificate of the output is valid | @@ -279,7 +284,7 @@ The following table lists the main configurable parameters of the Falcosidekick | config.mattermost.webhookurl | string | `""` | Mattermost Webhook URL (ex: ), if not `empty`, Mattermost output is *enabled* | | config.mqtt.broker | string | `""` | Broker address, can start with tcp:// or ssl://, if not empty, MQTT output is enabled | | config.mqtt.checkcert | bool | `true` | Check if ssl certificate of the output is valid (default: true) | -| config.mqtt.minimumpriority | string | `""` | Minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) | +| config.mqtt.minimumpriority | string | `""` | Minimum priority of event for using this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.mqtt.password | string | `""` | Password if the authentication is enabled in the broker | | config.mqtt.qos | int | `0` | QOS for messages (default: 0) | | config.mqtt.retained | bool | `false` | If true, messages are retained (default: false) | @@ -293,7 +298,7 @@ The following table lists the main configurable parameters of the Falcosidekick | config.nodered.address | string | `""` | Webhook address, if not empty, Webhook output is enabled | | config.nodered.checkcert | bool | `true` | check if ssl certificate of the output is valid (default: true) | | config.nodered.customHeaders | string | `""` | Custom headers to add in POST, useful for Authentication | list of comma separated headers to, syntax is "key:value,key:value" | -| config.nodered.minimumpriority | string | `""` | minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) | +| config.nodered.minimumpriority | string | `""` | minimum priority of event for using this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.nodered.password | string | `""` | Password if Basic Auth is enabled for 'http in' node in Node-RED | | config.nodered.user | string | `""` | User if Basic Auth is enabled for 'http in' node in Node-RED | | config.openfaas.checkcert | bool | `true` | check if ssl certificate of the output is valid | diff --git a/falcosidekick/templates/secrets.yaml b/falcosidekick/templates/secrets.yaml index b10a3f5d9..afadaf316 100644 --- a/falcosidekick/templates/secrets.yaml +++ b/falcosidekick/templates/secrets.yaml @@ -143,6 +143,12 @@ data: GCP_CLOUDRUN_JWT: "{{ .Values.config.gcp.cloudrun.jwt | b64enc }}" GCP_CLOUDRUN_MINIMUMPRIORITY: "{{ .Values.config.gcp.cloudrun.minimumpriority | b64enc }}" + GOTIFY_HOSTPORT: "{{ .Values.config.googlechat.webhookurl | b64enc }}" + GOTIFY_TOKEN: "{{ .Values.config.gotify.token | b64enc }}" + GOTIFY_FORMAT: "{{ .Values.config.gotify.format | b64enc }}" + GOTIFY_CHECKCERT: "{{ .Values.config.gotify.checkcert | b64enc }}" + GOTIFY_MINIMUMPRIORITY: "{{ .Values.config.gotify.minimumpriority | b64enc }}" + # GoogleChat Output GOOGLECHAT_WEBHOOKURL: "{{ .Values.config.googlechat.webhookurl | b64enc }}" GOOGLECHAT_OUTPUTFORMAT: "{{ .Values.config.googlechat.outputformat | b64enc }}" diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml index cdcf3ce35..9d3c06e41 100644 --- a/falcosidekick/values.yaml +++ b/falcosidekick/values.yaml @@ -349,7 +349,7 @@ config: password: "" # -- Custom headers to add in POST, useful for Authentication | list of comma separated headers to, syntax is "key:value,key:value" customHeaders: "" - # -- minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) + # -- minimum priority of event for using this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` minimumpriority: "" # -- check if ssl certificate of the output is valid (default: true) checkcert: true @@ -619,9 +619,22 @@ config: password: "" # -- Check if ssl certificate of the output is valid (default: true) checkcert: true - # -- Minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default) + # -- Minimum priority of event for using this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` minimumpriority: "" + gotify: + # -- Gotify Host and port http://{domain or ip}:{port}, if not empty, Gotify output is *enabled* + hostport: "" + # -- Gotify API Token + token: "" + # -- Gotify Format of the messages (plaintext, markdown, json) + format: "markdown" + # -- Check if ssl certificate of the output is valid (default: true) + checkcert: true + # -- minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` + minimumpriority: "" + + service: # -- Service type From 8333a8f8066aee6bbba13ea8d8ff483ede5419aa Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Tue, 13 Sep 2022 16:52:59 +0200 Subject: [PATCH 14/16] feat(gotify): Values/docs/config update to update Influxdb output from falcosecurtiy/falcosidekick#359 Signed-off-by: Lyonel Martinez --- falcosidekick/README.md | 6 +++++- falcosidekick/templates/secrets.yaml | 4 ++++ falcosidekick/values.yaml | 10 +++++++++- 3 files changed, 18 insertions(+), 2 deletions(-) diff --git a/falcosidekick/README.md b/falcosidekick/README.md index 32ff688a2..baa691e5b 100644 --- a/falcosidekick/README.md +++ b/falcosidekick/README.md @@ -245,12 +245,16 @@ The following table lists the main configurable parameters of the Falcosidekick | config.grafana.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.grafana.mutualtls | bool | `false` | if true, checkcert flag will be ignored (server cert will always be checked) | | config.grafana.panelid | string | `""` | annotations are scoped to a specific panel. Optionnal. | +| config.influxdb.bucket | string | `"falco"` | Influxdb Metrics bucket | | config.influxdb.checkcert | bool | `true` | check if ssl certificate of the output is valid | -| config.influxdb.database | string | `"falco"` | Influxdb database | +| config.influxdb.database | string | `"falco"` | Influxdb database (api v1 only) | | config.influxdb.hostport | string | `""` | Influxdb , if not `empty`, Influxdb is *enabled* | | config.influxdb.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.influxdb.mutualtls | bool | `false` | if true, checkcert flag will be ignored (server cert will always be checked) | +| config.influxdb.organization | string | `""` | Influxdb organization | | config.influxdb.password | string | `""` | Password to use if auth is *enabled* in Influxdb | +| config.influxdb.precision | string | `"ns"` | Influxdb Write precision | +| config.influxdb.token | string | `""` | Influxdb Token | | config.influxdb.user | string | `""` | User to use if auth is *enabled* in Influxdb | | config.kafka.hostport | string | `""` | The Host:Port of the Kafka (ex: kafka:9092). if not empty, Kafka output is *enabled* | | config.kafka.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | diff --git a/falcosidekick/templates/secrets.yaml b/falcosidekick/templates/secrets.yaml index afadaf316..3f2f2827d 100644 --- a/falcosidekick/templates/secrets.yaml +++ b/falcosidekick/templates/secrets.yaml @@ -78,9 +78,13 @@ data: # InfluxDB Output INFLUXDB_USER: "{{ .Values.config.influxdb.user | b64enc }}" INFLUXDB_PASSWORD: "{{ .Values.config.influxdb.password | b64enc }}" + INFLUXDB_ORGANIZATION: "{{ .Values.config.influxdb.organization | b64enc }}" + INFLUXDB_TOKEN: "{{ .Values.config.influxdb.token | b64enc }}" INFLUXDB_HOSTPORT: "{{ .Values.config.influxdb.hostport | b64enc }}" INFLUXDB_MINIMUMPRIORITY: "{{ .Values.config.influxdb.minimumpriority | b64enc }}" INFLUXDB_DATABASE: "{{ .Values.config.influxdb.database | b64enc }}" + INFLUXDB_BUCKET: "{{ .Values.config.influxdb.bucket | b64enc }}" + INFLUXDB_PRECISION: "{{ .Values.config.influxdb.precision | b64enc }}" INFLUXDB_MUTUALTLS: "{{ .Values.config.influxdb.mutualtls | printf "%t" | b64enc }}" INFLUXDB_CHECKCERT: "{{ .Values.config.influxdb.checkcert | printf "%t" | b64enc }}" diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml index 9d3c06e41..12a765aeb 100644 --- a/falcosidekick/values.yaml +++ b/falcosidekick/values.yaml @@ -175,8 +175,16 @@ config: influxdb: # -- Influxdb , if not `empty`, Influxdb is *enabled* hostport: "" - # -- Influxdb database + # -- Influxdb database (api v1 only) database: "falco" + # -- Influxdb organization + organization: "" + # -- Influxdb Metrics bucket + bucket: "falco" + # -- Influxdb Write precision + precision: "ns" + # -- Influxdb Token + token: "" # -- User to use if auth is *enabled* in Influxdb user: "" # -- Password to use if auth is *enabled* in Influxdb From 321791f70a27500698a2a7f954e66684d56ac482 Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Tue, 13 Sep 2022 16:58:30 +0200 Subject: [PATCH 15/16] feat(zincsearch): Values/docs/config update to add zincsearch output from falcosecurtiy/falcosidekick#360 Signed-off-by: Lyonel Martinez --- falcosidekick/README.md | 6 ++++++ falcosidekick/templates/secrets.yaml | 9 +++++++++ falcosidekick/values.yaml | 14 ++++++++++++++ 3 files changed, 29 insertions(+) diff --git a/falcosidekick/README.md b/falcosidekick/README.md index baa691e5b..9dc87e122 100644 --- a/falcosidekick/README.md +++ b/falcosidekick/README.md @@ -396,6 +396,12 @@ The following table lists the main configurable parameters of the Falcosidekick | config.yandex.s3.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | | config.yandex.s3.prefix | string | `""` | name of prefix, keys will have format: s3:////YYYY-MM-DD/YYYY-MM-DDTHH:mm:ss.s+01:00.json | | config.yandex.secretaccesskey | string | `""` | yandex secret access key | +| config.zincsearch.checkcert | bool | `true` | check if ssl certificate of the output is valid | +| config.zincsearch.hostport | string | `""` | Zincsearch , if not `empty`, Zincsearch is *enabled* | +| config.zincsearch.index | string | `"falco"` | Zincsearch index | +| config.zincsearch.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` | +| config.zincsearch.password | string | `""` | use this password to authenticate to Zincsearch | +| config.zincsearch.username | string | `""` | use this username to authenticate to Zincsearch | | extraVolumeMounts | list | `[]` | Extra volume mounts for sidekick deployment | | extraVolumes | list | `[]` | Extra volumes for sidekick deployment | | fullnameOverride | string | `""` | Override the name | diff --git a/falcosidekick/templates/secrets.yaml b/falcosidekick/templates/secrets.yaml index 3f2f2827d..336c47fc3 100644 --- a/falcosidekick/templates/secrets.yaml +++ b/falcosidekick/templates/secrets.yaml @@ -147,6 +147,7 @@ data: GCP_CLOUDRUN_JWT: "{{ .Values.config.gcp.cloudrun.jwt | b64enc }}" GCP_CLOUDRUN_MINIMUMPRIORITY: "{{ .Values.config.gcp.cloudrun.minimumpriority | b64enc }}" + # Gotify Output GOTIFY_HOSTPORT: "{{ .Values.config.googlechat.webhookurl | b64enc }}" GOTIFY_TOKEN: "{{ .Values.config.gotify.token | b64enc }}" GOTIFY_FORMAT: "{{ .Values.config.gotify.format | b64enc }}" @@ -169,6 +170,14 @@ data: ELASTICSEARCH_USERNAME: "{{ .Values.config.elasticsearch.username | b64enc }}" ELASTICSEARCH_PASSWORD: "{{ .Values.config.elasticsearch.password | b64enc }}" + # Zincsearcj Output + ZINC_HOSTPORT: "{{ .Values.config.zincsearch.hostport | b64enc }}" + ZINC_INDEX: "{{ .Values.config.zincsearch.index | b64enc }}" + ZINC_MINIMUMPRIORITY: "{{ .Values.config.zincsearch.minimumpriority | b64enc }}" + ZINC_CHECKCERT: "{{ .Values.config.zincsearch.checkcert | printf "%t" | b64enc }}" + ZINC_USERNAME: "{{ .Values.config.zincsearch.username | b64enc }}" + ZINC_PASSWORD: "{{ .Values.config.zincsearch.password | b64enc }}" + # Loki Output LOKI_HOSTPORT: "{{ .Values.config.loki.hostport | b64enc }}" LOKI_ENDPOINT: "{{ .Values.config.loki.endpoint | b64enc }}" diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml index 12a765aeb..893a59c60 100644 --- a/falcosidekick/values.yaml +++ b/falcosidekick/values.yaml @@ -172,6 +172,20 @@ config: # -- use this password to authenticate to Elasticsearch if the password is not empty password: "" + zincsearch: + # -- Zincsearch , if not `empty`, Zincsearch is *enabled* + hostport: "" + # -- Zincsearch index + index: "falco" + # -- minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` + minimumpriority: "" + # -- check if ssl certificate of the output is valid + checkcert: true + # -- use this username to authenticate to Zincsearch + username: "" + # -- use this password to authenticate to Zincsearch + password: "" + influxdb: # -- Influxdb , if not `empty`, Influxdb is *enabled* hostport: "" From 2a0e514e52a90066c82aa33cce4c457f1a01be6a Mon Sep 17 00:00:00 2001 From: Lyonel Martinez Date: Tue, 13 Sep 2022 17:04:55 +0200 Subject: [PATCH 16/16] feat(changelog): Update changelog Signed-off-by: Lyonel Martinez --- falcosidekick/CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/falcosidekick/CHANGELOG.md b/falcosidekick/CHANGELOG.md index 2692abd5f..7652ca077 100644 --- a/falcosidekick/CHANGELOG.md +++ b/falcosidekick/CHANGELOG.md @@ -14,6 +14,10 @@ as a list of comma separated labels and annotations to add to the AlertManager t * Add `nodered` and associated fields. * Add `mqtt` and associated fields. * Update `elasticsearch.type` default value to `_doc` +* Add `zincsearch` and associated fields. +* Add `gotify` and associated fields. +* Add `slack.channel` options. +* Update `inluxdb` to add `bucket`, `organization`, `precision` and `token` options ## 0.5.7