From 45ca2a327b64037c111a593f2b07cb33a19322c7 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 10 Sep 2020 16:16:18 +0000 Subject: [PATCH] Deleted etra charts --- LICENSE | 201 ------------ OWNERS | 14 - README.md | 39 --- falco-exporter/CHANGELOG.md | 28 -- falco-exporter/Chart.yaml | 36 --- falco-exporter/README.md | 79 ----- falco-exporter/templates/NOTES.txt | 15 - falco-exporter/templates/_helpers.tpl | 76 ----- falco-exporter/templates/daemonset.yaml | 91 ------ falco-exporter/templates/secret-certs.yaml | 23 -- falco-exporter/templates/service.yaml | 41 --- falco-exporter/templates/serviceaccount.yaml | 12 - falco-exporter/templates/servicemonitor.yaml | 24 -- .../templates/tests/test-connection.yaml | 15 - falco-exporter/values.yaml | 78 ----- falcosidekick/Chart.yaml | 16 - falcosidekick/README.md | 169 ---------- falcosidekick/templates/NOTES.txt | 21 -- falcosidekick/templates/_helpers.tpl | 32 -- falcosidekick/templates/aadpodidentity.yaml | 19 -- falcosidekick/templates/clusterrole.yaml | 20 -- .../templates/clusterrolebinding.yaml | 19 -- falcosidekick/templates/deployment.yaml | 293 ------------------ falcosidekick/templates/ingress.yaml | 39 --- falcosidekick/templates/rbac.yaml | 45 --- falcosidekick/templates/secrets.yaml | 44 --- falcosidekick/templates/service.yaml | 19 -- .../templates/tests/test-connection.yaml | 18 -- falcosidekick/values.yaml | 179 ----------- release.md | 50 --- 30 files changed, 1755 deletions(-) delete mode 100644 LICENSE delete mode 100644 OWNERS delete mode 100644 README.md delete mode 100644 falco-exporter/CHANGELOG.md delete mode 100644 falco-exporter/Chart.yaml delete mode 100644 falco-exporter/README.md delete mode 100644 falco-exporter/templates/NOTES.txt delete mode 100644 falco-exporter/templates/_helpers.tpl delete mode 100644 falco-exporter/templates/daemonset.yaml delete mode 100644 falco-exporter/templates/secret-certs.yaml delete mode 100644 falco-exporter/templates/service.yaml delete mode 100644 falco-exporter/templates/serviceaccount.yaml delete mode 100644 falco-exporter/templates/servicemonitor.yaml delete mode 100644 falco-exporter/templates/tests/test-connection.yaml delete mode 100644 falco-exporter/values.yaml delete mode 100644 falcosidekick/Chart.yaml delete mode 100644 falcosidekick/README.md delete mode 100644 falcosidekick/templates/NOTES.txt delete mode 100644 falcosidekick/templates/_helpers.tpl delete mode 100644 falcosidekick/templates/aadpodidentity.yaml delete mode 100644 falcosidekick/templates/clusterrole.yaml delete mode 100644 falcosidekick/templates/clusterrolebinding.yaml delete mode 100644 falcosidekick/templates/deployment.yaml delete mode 100644 falcosidekick/templates/ingress.yaml delete mode 100644 falcosidekick/templates/rbac.yaml delete mode 100644 falcosidekick/templates/secrets.yaml delete mode 100644 falcosidekick/templates/service.yaml delete mode 100644 falcosidekick/templates/tests/test-connection.yaml delete mode 100644 falcosidekick/values.yaml delete mode 100644 release.md diff --git a/LICENSE b/LICENSE deleted file mode 100644 index 261eeb9e9..000000000 --- a/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/OWNERS b/OWNERS deleted file mode 100644 index 3613e1942..000000000 --- a/OWNERS +++ /dev/null @@ -1,14 +0,0 @@ -approvers: - - leodido - - fntlnz - - kris-nova - - leogr - - nibalizer -reviewers: - - leodido - - fntlnz - - kris-nova - - leogr - - nibalizer - - nestorsalceda - - bencer diff --git a/README.md b/README.md deleted file mode 100644 index fa463a9c6..000000000 --- a/README.md +++ /dev/null @@ -1,39 +0,0 @@ -# Falco Helm Charts - -This GitHub project is the source for our [Helm chart repository](https://v3.helm.sh/docs/topics/chart_repository/). - -The purpose of this repository is to provide a place for maintaining and contributing Charts related to the Falco project, with CI processes in place for managing the releasing of Charts into [our Helm Chart Repository]((https://falcosecurity.github.io/charts)). - -For more information about installing and using Helm, see the -[Helm Docs](https://helm.sh/docs/). - -## Repository Structure - -This GitHub repository contains the source for the packaged and versioned charts released to [https://falcosecurity.github.io/charts](https://falcosecurity.github.io/charts) (our Helm Chart Repository). - -The Charts in this repository are organized into folders: each directory that contains a `Chart.yaml` is a chart. - -The Charts in the `master` branch (with a corresponding [GitHub release](https://github.com/falcosecurity/charts/releases)) match the latest packaged Charts in [our Helm Chart Repository]((https://falcosecurity.github.io/charts)), though there may be previous versions of a Chart available in that Chart Repository. - -## Charts - -Charts currently available are listed below. - -- [falco](falco) -- [falco-exporter](falco-exporter) -- [falcosidekick](falcosidekick) - -## Usage - -### Adding `falcosecurity` repository - -Before installing any chart provided by this repository, add the `falcosecurity` Charts Repository: - -```bash -helm repo add falcosecurity https://falcosecurity.github.io/charts -helm repo update -``` - -### Installing a chart - -Please refer to the instruction provided by the Chart you want to install. For installing Falco via Helm, the documentation is [here](https://github.com/falcosecurity/charts/tree/master/falco#adding-falcosecurity-repository). \ No newline at end of file diff --git a/falco-exporter/CHANGELOG.md b/falco-exporter/CHANGELOG.md deleted file mode 100644 index b74a3cbcd..000000000 --- a/falco-exporter/CHANGELOG.md +++ /dev/null @@ -1,28 +0,0 @@ -# Change Log - -This file documents all notable changes to `falco-exporter` Helm Chart. The release -numbering uses [semantic versioning](http://semver.org). - -## v0.3.2 - -### Minor Changes - -* Fix for additional labels for falco-exporter servicemonitor - -## v0.3.1 - -### Minor Changes - -* Added the support to deploy a Prometheus Service Monitor. Is disables by default. - -## v0.3.0 - -### Major Changes - -* Chart moved to [falcosecurity/charts](https://github.com/falcosecurity/charts) repository -* gRPC over unix socket support (by default) -* Updated falco-exporter version to `0.3.0` - -### Minor Changes - -* README.md and CHANGELOG.md added \ No newline at end of file diff --git a/falco-exporter/Chart.yaml b/falco-exporter/Chart.yaml deleted file mode 100644 index b821abd17..000000000 --- a/falco-exporter/Chart.yaml +++ /dev/null @@ -1,36 +0,0 @@ -apiVersion: v2 -name: falco-exporter -description: Prometheus Metrics Exporter for Falco output events - -# A chart can be either an 'application' or a 'library' chart. -# -# Application charts are a collection of templates that can be packaged into versioned archives -# to be deployed. -# -# Library charts provide useful utilities or functions for the chart developer. They're included as -# a dependency of application charts to inject those utilities and functions into the rendering -# pipeline. Library charts do not define any templates and therefore cannot be deployed. -type: application - -# This is the chart version. This version number should be incremented each time you make changes -# to the chart and its templates, including the app version. -version: 0.3.2 - -# This is the version number of the application being deployed. This version number should be -# incremented each time you make changes to the application. -appVersion: 0.3.0 - -keywords: - - monitoring - - security - - alerting - - metric - - troubleshooting - - run-time - -sources: - - https://github.com/falcosecurity/falco-exporter - -maintainers: - - name: leogr - email: me@leonardograsso.com \ No newline at end of file diff --git a/falco-exporter/README.md b/falco-exporter/README.md deleted file mode 100644 index 9b9460093..000000000 --- a/falco-exporter/README.md +++ /dev/null @@ -1,79 +0,0 @@ -# falco-exporter Helm Chart - -[falco-exporter](https://github.com/falcosecurity/falco-exporter) is a Prometheus Metrics Exporter for Falco output events. - -Before using this chart, you need [Falco installed](https://falco.org/docs/installation/) and running with the [gRPC Output](https://falco.org/docs/grpc/) enabled (over Unix socket by default). - -This chart is compatible with the [Falco Chart](https://github.com/falcosecurity/charts/tree/master/falco) version `v1.2.0` or greater. Instructions to enable the gRPC Output in the Falco Helm Chart can be found [here](https://github.com/falcosecurity/charts/tree/master/falco#enabling-grpc). We also strongly recommend using [gRPC over Unix socket](https://github.com/falcosecurity/charts/tree/master/falco#grpc-over-unix-socket-default). - - -## Introduction - -The chart deploys **falco-exporter** as Daemon Set on your the Kubernetes cluster. If a [Prometheus installation](https://github.com/helm/charts/tree/master/stable/prometheus) is running within your cluster, metrics provided by **falco-exporter** will be automatically discovered. - -## Adding `falcosecurity` repository - -Prior to installing the chart, add the `falcosecurity` charts repository: - -```bash -helm repo add falcosecurity https://falcosecurity.github.io/charts -helm repo update -``` - -## Installing the Chart - -To install the chart with the release name `falco-exporter` run: - -```bash -helm install falco-exporter falcosecurity/falco-exporter -``` - -After a few seconds, **falco-exporter** should be running. - -> **Tip**: List all releases using `helm list`, a release is a name used to track a specific deployment - -## Uninstalling the Chart - -To uninstall the `falco-exporter` deployment: - -```bash -helm uninstall falco-exporter -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the main configurable parameters of the chart and their default values. - -| Parameter | Description | Default | -| --- | --- | --- | -| `image.repository` | The image repository to pull from | `falcosecurity/falco-exporter` | -| `image.tag` | The image tag to pull | `0.3.0` | -| `image.pullPolicy` | The image pull policy | `IfNotPresent` | -| `falco.grpcUnixSocketPath` | Unix socket path for connecting to a Falco gRPC server | `unix:///var/run/falco/falco.sock` | -| `falco.grpcTimeout` | The image tag to pull | `2m` | -| `serviceMonitor.enabled` | Enabled deployment of a Prometheus operator Service Monitor | `false` | -| `serviceMonitor.additionalLabels`| Add additional Labels to the Service Monitor | `{}` | -| `serviceMonitor.interval` | Specify a user defined interval for the Service Monitor | `""` | -| `serviceMonitor.scrapeTimeout` | Specify a user defined scrape timeout for the Service Monitor | `""` | - -Please, refer to [values.yaml](./values.yaml) for the full list of configurable parameters. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -helm install falco-exporter --set falco.grpcTimeout=3m falcosecurity/falco-exporter -``` - -Alternatively, a YAML file that specifies the parameters' values can be provided while installing the chart. For example, - -```bash -helm install falco-exporter -f values.yaml falcosecurity/falco-exporter -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - -## Using falco-exporter with Grafana - -See the [Grafana section](https://github.com/falcosecurity/falco-exporter#grafana) in the [falco-exporter](https://github.com/falcosecurity/falco-exporter) documentation. diff --git a/falco-exporter/templates/NOTES.txt b/falco-exporter/templates/NOTES.txt deleted file mode 100644 index 1e219cf01..000000000 --- a/falco-exporter/templates/NOTES.txt +++ /dev/null @@ -1,15 +0,0 @@ -Get the falco-exporter metrics URL by running these commands: -{{- if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "falco-exporter.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT/metrics -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get svc -w {{ template "falco-exporter.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "falco-exporter.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }}/metrics -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "falco-exporter.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:{{ .Values.service.targetPort }}/metrics to use your application" - kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.service.targetPort }} -{{- end }} diff --git a/falco-exporter/templates/_helpers.tpl b/falco-exporter/templates/_helpers.tpl deleted file mode 100644 index d51d87539..000000000 --- a/falco-exporter/templates/_helpers.tpl +++ /dev/null @@ -1,76 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "falco-exporter.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "falco-exporter.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "falco-exporter.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Common labels -*/}} -{{- define "falco-exporter.labels" -}} -{{ include "falco-exporter.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -{{- if not .Values.skipHelm }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} -{{- if not .Values.skipHelm }} -helm.sh/chart: {{ include "falco-exporter.chart" . }} -{{- end }} -{{- end -}} - -{{/* -Selector labels -*/}} -{{- define "falco-exporter.selectorLabels" -}} -app.kubernetes.io/name: {{ include "falco-exporter.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "falco-exporter.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "falco-exporter.fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} - -{{/* -Extract the unixSocket's directory path -*/}} -{{- define "falco-exporter.unixSocketDir" -}} -{{- if .Values.falco.grpcUnixSocketPath -}} -{{- .Values.falco.grpcUnixSocketPath | trimPrefix "unix://" | dir -}} -{{- end -}} -{{- end -}} diff --git a/falco-exporter/templates/daemonset.yaml b/falco-exporter/templates/daemonset.yaml deleted file mode 100644 index 970ea5a77..000000000 --- a/falco-exporter/templates/daemonset.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: {{ include "falco-exporter.fullname" . }} - labels: - {{- include "falco-exporter.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - {{- include "falco-exporter.selectorLabels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "falco-exporter.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "falco-exporter.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} - containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - args: - - /usr/bin/falco-exporter - {{- if .Values.falco.grpcUnixSocketPath }} - - --client-socket={{ .Values.falco.grpcUnixSocketPath }} - {{- else }} - - --client-hostname={{ .Values.falco.grpcHostname }} - - --client-port={{ .Values.falco.grpcPort }} - {{- end }} - - --timeout={{ .Values.falco.grpcTimeout }} - - --listen-address=0.0.0.0:{{ .Values.service.port }} - ports: - - name: metrics - containerPort: {{ .Values.service.targetPort }} - protocol: TCP - livenessProbe: - httpGet: - path: /metrics - port: {{ .Values.service.port }} - readinessProbe: - httpGet: - path: /readiness - port: {{ .Values.service.port }} - resources: - {{- toYaml .Values.resources | nindent 12 }} - volumeMounts: - {{- if .Values.falco.grpcUnixSocketPath }} - - mountPath: {{ include "falco-exporter.unixSocketDir" . }} - name: falco-socket-dir - readOnly: true - {{- else }} - - mountPath: /etc/falco/certs - name: certs-volume - readOnly: true - {{- end }} - volumes: - {{- if .Values.falco.grpcUnixSocketPath }} - - name: falco-socket-dir - hostPath: - path: {{ include "falco-exporter.unixSocketDir" . }} - {{- else }} - - name: certs-volume - secret: - secretName: {{ include "falco-exporter.fullname" . }}-certs - items: - - key: client.key - path: client.key - - key: client.crt - path: client.crt - - key: ca.crt - path: ca.crt - {{- end }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/falco-exporter/templates/secret-certs.yaml b/falco-exporter/templates/secret-certs.yaml deleted file mode 100644 index f5916cd69..000000000 --- a/falco-exporter/templates/secret-certs.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.certs }} -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "falco-exporter.fullname" . }}-certs - labels: - {{- include "falco-exporter.labels" . | nindent 4 }} -type: Opaque -data: -{{- if .Values.certs }} -{{- if and .Values.certs.ca .Values.certs.ca.crt }} - ca.crt: {{ .Values.certs.ca.crt | b64enc | quote }} -{{- end }} -{{- if .Values.certs.client }} -{{- if .Values.certs.client.key }} - client.key: {{ .Values.certs.client.key | b64enc | quote }} -{{- end }} -{{- if .Values.certs.client.crt }} - client.crt: {{ .Values.certs.client.crt | b64enc | quote }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} \ No newline at end of file diff --git a/falco-exporter/templates/service.yaml b/falco-exporter/templates/service.yaml deleted file mode 100644 index 9ad2e6b8b..000000000 --- a/falco-exporter/templates/service.yaml +++ /dev/null @@ -1,41 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "falco-exporter.fullname" . }} -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} - labels: - {{- include "falco-exporter.labels" . | nindent 4 }} -{{- if .Values.service.labels }} -{{ toYaml .Values.service.labels | indent 4 }} -{{- end }} -spec: -{{- if .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} -{{- end }} -{{- if .Values.service.externalIPs }} - externalIPs: -{{ toYaml .Values.service.externalIPs | indent 4 }} -{{- end }} -{{- if .Values.service.loadBalancerIP }} - loadBalancerIP: {{ .Values.service.loadBalancerIP }} -{{- end }} -{{- if .Values.service.loadBalancerSourceRanges }} - loadBalancerSourceRanges: - {{- range $cidr := .Values.service.loadBalancerSourceRanges }} - - {{ $cidr }} - {{- end }} -{{- end }} - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }} - nodePort: {{ .Values.service.nodePort }} - {{- end }} - targetPort: {{ .Values.service.targetPort }} - protocol: TCP - name: metrics - selector: - {{- include "falco-exporter.selectorLabels" . | nindent 4 }} diff --git a/falco-exporter/templates/serviceaccount.yaml b/falco-exporter/templates/serviceaccount.yaml deleted file mode 100644 index 7ce9d0ac4..000000000 --- a/falco-exporter/templates/serviceaccount.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "falco-exporter.serviceAccountName" . }} - labels: - {{- include "falco-exporter.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end -}} diff --git a/falco-exporter/templates/servicemonitor.yaml b/falco-exporter/templates/servicemonitor.yaml deleted file mode 100644 index 698f9e1a3..000000000 --- a/falco-exporter/templates/servicemonitor.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{ if .Values.serviceMonitor.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ include "falco-exporter.fullname" . }} - labels: - {{- include "falco-exporter.labels" . | nindent 4 }} - {{- range $key, $value := .Values.serviceMonitor.additionalLabels }} - {{ $key }}: {{ $value | quote }} - {{- end }} - namespace: {{ .Release.Namespace }} -spec: - endpoints: - - port: metrics - {{- if .Values.serviceMonitor.interval }} - interval: {{ .Values.serviceMonitor.interval }} - {{- end }} - {{- if .Values.serviceMonitor.scrapeTimeout }} - scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} - {{- end }} - selector: - matchLabels: - {{- include "falco-exporter.selectorLabels" . | nindent 6 }} -{{- end }} \ No newline at end of file diff --git a/falco-exporter/templates/tests/test-connection.yaml b/falco-exporter/templates/tests/test-connection.yaml deleted file mode 100644 index c2e1f53c6..000000000 --- a/falco-exporter/templates/tests/test-connection.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "falco-exporter.fullname" . }}-test-connection" - labels: - {{- include "falco-exporter.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "falco-exporter.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/falco-exporter/values.yaml b/falco-exporter/values.yaml deleted file mode 100644 index d2a3f28b9..000000000 --- a/falco-exporter/values.yaml +++ /dev/null @@ -1,78 +0,0 @@ -# Default values for falco-exporter. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -service: - type: ClusterIP - clusterIP: None - port: 9376 - targetPort: 9376 - nodePort: - labels: {} - annotations: - prometheus.io/scrape: "true" - prometheus.io/port: "9376" - -image: - repository: falcosecurity/falco-exporter - tag: 0.3.0 - pullPolicy: IfNotPresent - -imagePullSecrets: [] -nameOverride: "" -fullnameOverride: "" - -falco: - grpcUnixSocketPath: "unix:///var/run/falco/falco.sock" - grpcTimeout: 2m - -serviceAccount: - # Specifies whether a service account should be created - create: true - # Annotations to add to the service account - annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -# Allow falco-exporter to run on Kubernetes 1.6 masters. -tolerations: - - effect: NoSchedule - key: node-role.kubernetes.io/master - -affinity: {} - -serviceMonitor: - # Enable the deployment of a Service Monitor for the Prometheus Operator. - enabled: false - # Specify Additional labels to be added on the Service Monitor. - additionalLabels: {} - # Specify a user defined interval. When not specified Prometheus default interval is used. - interval: "" - # Specify a user defined scrape timeout. When not specified Prometheus default scrape timeout is used. - scrapeTimeout: "" \ No newline at end of file diff --git a/falcosidekick/Chart.yaml b/falcosidekick/Chart.yaml deleted file mode 100644 index 90c1c823d..000000000 --- a/falcosidekick/Chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: v1 -appVersion: 2.14.0 -description: A simple daemon to help you with falco's outputs -icon: https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick.png -name: falcosidekick -version: 0.1.22 -keywords: - - monitoring - - security - - alerting -home: https://github.com/falcosecurity/falcosidekick -sources: - - https://github.com/falcosecurity/falcosidekick -maintainers: - - name: Issif - email: cncf-falco-dev@lists.cncf.io diff --git a/falcosidekick/README.md b/falcosidekick/README.md deleted file mode 100644 index 835f90326..000000000 --- a/falcosidekick/README.md +++ /dev/null @@ -1,169 +0,0 @@ -# Falcosidekick - -![falcosidekick](https://github.com/falcosecurity/falcosidekick/raw/master/imgs/falcosidekick_color.png) - -![release](https://flat.badgen.net/github/release/falcosecurity/falcosidekick/latest?color=green) ![last commit](https://flat.badgen.net/github/last-commit/falcosecurity/falcosidekick) ![licence](https://flat.badgen.net/badge/license/MIT/blue) ![docker pulls](https://flat.badgen.net/docker/pulls/falcosecurity/falcosidekick?icon=docker) - -## Description - -A simple daemon for enhancing available outputs for [Falco](https://sysdig.com/opensource/falco/). It takes a falco's event and forwards it to different outputs. - -It works as a single endpoint for as many as you want `falco` instances : - -![falco_with_falcosidekick](https://github.com/falcosecurity/falcosidekick/raw/master/imgs/falco_with_falcosidekick.png) - -## Outputs - -Currently available outputs are : - -* [**Slack**](https://slack.com) -* [**Rocketchat**](https://rocket.chat/) -* [**Mattermost**](https://mattermost.com/) -* [**Teams**](https://products.office.com/en-us/microsoft-teams/group-chat-software) -* [**Datadog**](https://www.datadoghq.com/) -* [**Discord**](https://www.discord.com/) -* [**AlertManager**](https://prometheus.io/docs/alerting/alertmanager/) -* [**Elasticsearch**](https://www.elastic.co/) -* [**Loki**](https://grafana.com/oss/loki) -* [**NATS**](https://nats.io/) -* [**Influxdb**](https://www.influxdata.com/products/influxdb-overview/) -* [**AWS Lambda**](https://aws.amazon.com/lambda/features/) -* [**AWS SQS**](https://aws.amazon.com/sqs/features/) -* **SMTP** (email) -* [**Opsgenie**](https://www.opsgenie.com/) -* [**StatsD**](https://github.com/statsd/statsd) (for monitoring of `falcosidekick`) -* [**DogStatsD**](https://docs.datadoghq.com/developers/dogstatsd/?tab=go) (for monitoring of `falcosidekick`) -* **Webhook** -* [**Azure Event Hubs**](https://azure.microsoft.com/en-in/services/event-hubs/) - -## Adding `falcosecurity` repository - -Prior to install the chart, add the `falcosecurity` charts repository: - -```bash -helm repo add falcosecurity https://falcosecurity.github.io/charts -helm repo update -``` - -## Installing the Chart - -To install the chart with the release name `falcosidekick` run: - -```bash -helm install falcosidekick falcosecurity/falcosidekick -``` - -After a few seconds, Falcosidekick should be running. - -> **Tip**: List all releases using `helm list`, a release is a name used to track a specific deployment - -## Uninstalling the Chart - -To uninstall the `falcosidekick` deployment: - -```bash -helm uninstall falcosidekick -``` - -The command removes all the Kubernetes components associated with the chart and deletes the release. - -## Configuration - -The following table lists the configurable parameters of the Falcosidekick chart and their default values. - -| Parameter | Description | Default | -| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | -| `replicaCount` | number of running pods | `1` | -| `listenport` | port to listen for daemon | `2801` | -| `debug` | if *true* all outputs will print in stdout the payload they send | `false` | -| `customfields` | a list of comma separated custom fields to add to falco events, syntax is "key:value,key:value" | | -| `checkcert` | check if ssl certificate of the output is valid | `true` | -| `slack.webhookurl` | Slack Webhook URL (ex: https://hooks.slack.com/services/XXXX/YYYY/ZZZZ), if not `empty`, Slack output is *enabled* | | -| `slack.footer` | Slack Footer | https://github.com/falcosecurity/falcosidekick | -| `slack.icon` | Slack icon (avatar) | https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png | -| `slack.username` | Slack username | `falcosidekick` | -| `slack.outputformat` | `all` (default), `text` (only text is displayed in Slack), `fields` (only fields are displayed in Slack) | `all` | -| `slack.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `slack.messageformat` | a Go template to format Slack Text above Attachment, displayed in addition to the output from `slack.outputformat`. If empty, no Text is displayed before Attachment | | -| `rocketchat.webhookurl` | Rocketchat Webhook URL (ex: https://XXXX/hooks/YYYY), if not `empty`, Rocketchat output is *enabled* | | -| `rocketchat.icon` | Rocketchat icon (avatar) | https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png | -| `rocketchat.username` | Rocketchat username | `falcosidekick` | -| `rocketchat.outputformat` | `all` (default), `text` (only text is displayed in Rocketcaht), `fields` (only fields are displayed in Rocketchat) | `all` | -| `rocketchat.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `rockerchat.messageformat` | a Go template to format Rocketchat Text above Attachment, displayed in addition to the output from `slack.outputformat`. If empty, no Text is displayed before Attachment | | -| `mattermost.webhookurl` | Mattermost Webhook URL (ex: https://XXXX/hooks/YYYY), if not `empty`, Mattermost output is *enabled* | | -| `mattermost.footer` | Mattermost Footer | https://github.com/falcosecurity/falcosidekick | -| `mattermost.icon` | Mattermost icon (avatar) | https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png | -| `mattermost.username` | Mattermost username | `falcosidekick` | -| `mattermost.outputformat` | `all` (default), `text` (only text is displayed in Slack), `fields` (only fields are displayed in Mattermost) | `all` | -| `mattermost.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `mattermost.messageformat` | a Go template to format Mattermost Text above Attachment, displayed in addition to the output from `slack.outputformat`. If empty, no Text is displayed before Attachment | | -| `teams.webhookurl` | Teams Webhook URL (ex: https://outlook.office.com/webhook/XXXXXX/IncomingWebhook/YYYYYY"), if not `empty`, Teams output is *enabled* | | -| `teams.activityimage` | Teams section image | https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png | -| `teams.outputformat` | `all` (default), `text` (only text is displayed in Teams), `facts` (only facts are displayed in Teams) | `all` | -| `teams.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `datadog.apikey` | Datadog API Key, if not `empty`, Datadog output is *enabled* | | -| `datadog.host` | Datadog host. Override if you are on the Datadog EU site. Defaults to american site with "https://api.datadoghq.com" | https://api.datadoghq.com | -| `datadog.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `discord.webhookurl` | Discord WebhookURL (ex: https://discord.com/api/webhooks/xxxxxxxxxx...), if not empty, Discord output is enabled | | -| `discord.icon` | Discord icon (avatar) | https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png | -| `discord.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `alertmanager.hostport` | AlertManager http://host:port, if not `empty`, AlertManager is *enabled* | | -| `alertmanager.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `elasticsearch.hostport` | Elasticsearch http://host:port, if not `empty`, Elasticsearch is *enabled* | | -| `elasticsearch.index` | Elasticsearch index | `falco` | -| `elasticsearch.type` | Elasticsearch document type | `event` | -| `elasticsearch.suffix` | date suffix for index rotation : `daily`, `monthly`, `annually`, `none` | `daily` | -| `elasticsearch.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `influxdb.hostport` | Influxdb http://host:port, if not `empty`, Influxdb is *enabled* | | -| `influxdb.database` | Influxdb database | `falco` | -| `influxdb.user` | User to use if auth is enabled in Influxdb | | -| `influxdb.password` | Password to use if auth is enabled in Influxdb | | -| `influxdb.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `loki.hostport` | Loki http://host:port, if not `empty`, Loki is *enabled* | | -| `loki.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `nats.hostport` | NATS "nats://host:port", if not `empty`, NATS is *enabled* | | -| `nats.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `aws.accesskeyid` | AWS Access Key Id (optionnal if you use EC2 Instance Profile) | | -| `aws.secretaccesskey` | AWS Secret Access Key (optionnal if you use EC2 Instance Profile) | | -| `aws.region` | AWS Region (optionnal if you use EC2 Instance Profile) | | -| `aws.lambda.functionname` | AWS Lambda Function Name, if not empty, AWS Lambda output is enabled | | -| `aws.lambda.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `aws.sqs.url` | AWS SQS Queue URL, if not empty, AWS SQS output is enabled | | -| `aws.sqs.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `smtp.hostport` | "host:port" address of SMTP server, if not empty, SMTP output is enabled | | -| `smtp.user` | user to access SMTP server | | -| `smtp.password` | password to access SMTP server | | -| `smtp.from` | Sender address (mandatory if SMTP output is enabled) | | -| `smtp.to` | comma-separated list of Recipident addresses, can't be empty (mandatory if SMTP output is enabled) | | -| `smtp.outputformat` | html, text | `html` | -| `smtp.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `opsgenie.apikey` | Opsgenie API Key, if not empty, Opsgenie output is enabled | | -| `opsgenie.region` | (`us` or `eu`) region of your domain | `us` | -| `opsgenie.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `statsd.forwarder` | The address for the StatsD forwarder, in the form http://host:port, if not empty StatsD is enabled | | -| `statsd.namespace` | A prefix for all metrics | `falcosidekick` | -| `dogstatsd.forwarder` | The address for the DogStatsD forwarder, in the form http://host:port, if not empty DogStatsD is enabled | | -| `dogstatsd.namespace` | A prefix for all metrics | `falcosidekick` | -| `dogstatsd.tags` | A comma-separated list of tags to add to all metrics | | -| `webhook.address` | Webhook address, if not empty, Webhook output is enabled | | -| `webhook.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | -| `azure.eventhub.name` | Name of the Hub, if not empty, EventHub is *enabled* | | -| `azure.eventhub.namespace` | Name of the space the Hub is in | | -| `azure.eventhub.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` | - - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - -```bash -helm install falcosidekick --set debug=true falcosecurity/falcosidekick -``` - -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, - -```bash -helm install falcosidekick -f values.yaml falcosecurity/falcosidekick -``` - -> **Tip**: You can use the default [values.yaml](values.yaml) - diff --git a/falcosidekick/templates/NOTES.txt b/falcosidekick/templates/NOTES.txt deleted file mode 100644 index 28a2a302c..000000000 --- a/falcosidekick/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "falcosidekick.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "falcosidekick.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "falcosidekick.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "falcosidekick.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward $POD_NAME {{ .Values.service.port }}:{{ .Values.service.port }} - echo "Visit http://127.0.0.1:{{ .Values.service.port }} to use your application" -{{- end }} diff --git a/falcosidekick/templates/_helpers.tpl b/falcosidekick/templates/_helpers.tpl deleted file mode 100644 index 1375c7716..000000000 --- a/falcosidekick/templates/_helpers.tpl +++ /dev/null @@ -1,32 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "falcosidekick.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "falcosidekick.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "falcosidekick.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/falcosidekick/templates/aadpodidentity.yaml b/falcosidekick/templates/aadpodidentity.yaml deleted file mode 100644 index c394e2906..000000000 --- a/falcosidekick/templates/aadpodidentity.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.config.azure.podIdentityClientID .Values.config.azure.podIdentityName -}} -apiVersion: "aadpodidentity.k8s.io/v1" -kind: AzureIdentity -metadata: - name: falcosidekick -spec: - type: 0 - resourceID: /subscriptions/{{ .Values.config.azure.subscriptionID }}/resourcegroups/{{ .Values.config.azure.resourceGroupName }}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{{ .Values.config.azure.podIdentityName }} - clientID: {{ .Values.config.azure.podIdentityClientID }} ---- -apiVersion: "aadpodidentity.k8s.io/v1" -kind: AzureIdentityBinding -metadata: - name: falcosidekick -spec: - azureIdentity: falcosidekick - selector: {{ include "falcosidekick.fullname" . }} - -{{- end }} \ No newline at end of file diff --git a/falcosidekick/templates/clusterrole.yaml b/falcosidekick/templates/clusterrole.yaml deleted file mode 100644 index c38171c1b..000000000 --- a/falcosidekick/templates/clusterrole.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.podSecurityPolicy.create }} -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: {{ template "falcosidekick.fullname" .}} - labels: - app: {{ template "falcosidekick.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -rules: - - apiGroups: - - extensions - resources: - - podsecuritypolicies - resourceNames: - - {{ template "falcosidekick.fullname" . }} - verbs: - - use -{{- end }} diff --git a/falcosidekick/templates/clusterrolebinding.yaml b/falcosidekick/templates/clusterrolebinding.yaml deleted file mode 100644 index 0a4e4247f..000000000 --- a/falcosidekick/templates/clusterrolebinding.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.podSecurityPolicy.create }} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: {{ template "falcosidekick.fullname" .}} - labels: - app: {{ template "falcosidekick.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -subjects: - - kind: ServiceAccount - name: {{ template "falcosidekick.fullname" .}} - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ template "falcosidekick.fullname" .}} - apiGroup: rbac.authorization.k8s.io -{{- end }} diff --git a/falcosidekick/templates/deployment.yaml b/falcosidekick/templates/deployment.yaml deleted file mode 100644 index 12f14b352..000000000 --- a/falcosidekick/templates/deployment.yaml +++ /dev/null @@ -1,293 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "falcosidekick.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "falcosidekick.name" . }} - helm.sh/chart: {{ include "falcosidekick.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - replicas: {{ .Values.replicaCount }} - selector: - matchLabels: - app.kubernetes.io/name: {{ include "falcosidekick.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ include "falcosidekick.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - {{- if and .Values.config.azure.podIdentityClientID .Values.config.azure.podIdentityName }} - aadpodidbinding: {{ include "falcosidekick.fullname" . }} - {{- end }} - spec: - serviceAccountName: {{ include "falcosidekick.fullname" . }} - {{- if .Values.priorityClassName }} - priorityClassName: "{{ .Values.priorityClassName }}" - {{- end }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - ports: - - name: http - containerPort: 2801 - protocol: TCP - livenessProbe: - httpGet: - path: /ping - port: http - initialDelaySeconds: 10 - periodSeconds: 5 - readinessProbe: - httpGet: - path: /ping - port: http - initialDelaySeconds: 10 - periodSeconds: 5 - env: - - name: DEBUG - value: {{ .Values.config.debug | quote }} - - name: CUSTOMFIELDS - value: {{ .Values.config.customfields | quote }} - {{- if .Values.config.slack.webhookurl }} - - name: SLACK_WEBHOOKURL - valueFrom: - secretKeyRef: - name: {{ include "falcosidekick.fullname" . }} - key: slack-webhookurl - - name: SLACK_OUTPUTFORMAT - value: {{ .Values.config.slack.outputformat | quote }} - - name: SLACK_FOOTER - value: {{ .Values.config.slack.footer | quote }} - - name: SLACK_ICON - value: {{ .Values.config.slack.icon | quote }} - - name: SLACK_USERNAME - value: {{ .Values.config.slack.username | quote }} - - name: SLACK_MINIMUMPRIORITY - value: {{ .Values.config.slack.minimumpriority | quote }} - - name: SLACK_MESSAGEFORMAT - value: {{ .Values.config.slack.messageformat | quote }} - {{- end }} - {{- if .Values.config.rocketchat.webhookurl }} - - name: ROCKETCHAT_WEBHOOKURL - valueFrom: - secretKeyRef: - name: {{ include "falcosidekick.fullname" . }} - key: rocketchat-webhookurl - - name: ROCKETCHAT_OUTPUTFORMAT - value: {{ .Values.config.rocketchat.outputformat | quote }} - - name: ROCKETCHAT_ICON - value: {{ .Values.config.rocketchat.icon | quote }} - - name: ROCKETCHAT_USERNAME - value: {{ .Values.config.rocketchat.username | quote }} - - name: ROCKETCHAT_MINIMUMPRIORITY - value: {{ .Values.config.rocketchat.minimumpriority | quote }} - - name: ROCKETCHAT_MESSAGEFORMAT - value: {{ .Values.config.rocketchat.messageformat | quote }} - {{- end }} - {{- if .Values.config.mattermost.webhookurl }} - - name: MATTERMOST_WEBHOOKURL - valueFrom: - secretKeyRef: - name: {{ include "falcosidekick.fullname" . }} - key: mattermost-webhookurl - - name: MATTERMOST_OUTPUTFORMAT - value: {{ .Values.config.mattermost.outputformat | quote }} - - name: MATTERMOST_FOOTER - value: {{ .Values.config.mattermost.footer | quote }} - - name: MATTERMOST_ICON - value: {{ .Values.config.mattermost.icon | quote }} - - name: MATTERMOST_USERNAME - value: {{ .Values.config.mattermost.username | quote }} - - name: MATTERMOST_MINIMUMPRIORITY - value: {{ .Values.config.mattermost.minimumpriority | quote }} - - name: MATTERMOST_MESSAGEFORMAT - value: {{ .Values.config.mattermost.messageformat | quote }} - {{- end }} - {{- if .Values.config.teams.webhookurl }} - - name: TEAMS_WEBHOOKURL - valueFrom: - secretKeyRef: - name: {{ include "falcosidekick.fullname" . }} - key: teams-webhookurl - - name: TEAMS_OUTPUTFORMAT - value: {{ .Values.config.teams.outputformat | quote }} - - name: TEAMS_ACTIVITYIMAGE - value: {{ .Values.config.teams.activityimage | quote }} - - name: TEAMS_MINIMUMPRIORITY - value: {{ .Values.config.teams.minimumpriority | quote }} - {{- end }} - {{- if .Values.config.datadog.apikey }} - - name: DATADOG_APIKEY - valueFrom: - secretKeyRef: - name: {{ include "falcosidekick.fullname" . }} - key: datadog-apikey - - name: DATADOG_MINIMUMPRIORITY - value: {{ .Values.config.datadog.minimumpriority | quote }} - {{- end }} - {{- if .Values.config.alertmanager.hostport }} - - name: ALERTMANAGER_HOSTPORT - value: {{ .Values.config.alertmanager.hostport | quote }} - - name: ALERTMANAGER_MINIMUMPRIORITY - value: {{ .Values.config.alertmanager.minimumpriority | quote }} - {{- end }} - {{- if .Values.config.elasticsearch.hostport }} - - name: ELASTICSEARCH_HOSTPORT - value: {{ .Values.config.elasticsearch.hostport | quote }} - - name: ELASTICSEARCH_INDEX - value: {{ .Values.config.elasticsearch.index | quote }} - - name: ELASTICSEARCH_TYPE - value: {{ .Values.config.elasticsearch.type | quote }} - - name: ELASTICSEARCH_MINIMUMPRIORITY - value: {{ .Values.config.elasticsearch.minimumpriority | quote }} - {{- end }} - {{- if .Values.config.influxdb.hostport }} - - name: INFLUXDB_HOSTPORT - value: {{ .Values.config.influxdb.hostport | quote }} - - name: INFLUXDB_MINIMUMPRIORITY - value: {{ .Values.config.influxdb.minimumpriority | quote }} - - name: INFLUXDB_DATABASE - value: {{ .Values.config.influxdb.database | quote }} - {{- end }} - {{- if and .Values.config.influxdb.user .Values.config.influxdb.password }} - - name: INFLUXDB_USER - valueFrom: - secretKeyRef: - name: {{ include "falcosidekick.fullname" . }} - key: influxbd-user - - name: INFLUXDB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "falcosidekick.fullname" . }} - key: influxbd-password - {{- end }} - {{- if .Values.config.loki.hostport }} - - name: LOKI_HOSTPORT - value: {{ .Values.config.loki.hostport | quote }} - - name: LOKI_MINIMUMPRIORITY - value: {{ .Values.config.loki.minimumpriority | quote }} - {{ end }} - {{- if .Values.config.nats.hostport }} - - name: NATS_HOSTPORT - value: {{ .Values.config.nats.hostport | quote }} - - name: NATS_MINIMUMPRIORITY - value: {{ .Values.config.nats.minimumpriority | quote }} - {{ end }} - {{- if and .Values.config.aws.accesskeyid .Values.config.influxdb.secretaccesskey .Values.config.aws.region }} - - name: AWS_ACCESSKEYID - valueFrom: - secretKeyRef: - name: {{ include "falcosidekick.fullname" . }} - key: aws-accesskeyid - - name: AWS_SECRETACCESSKEY - valueFrom: - secretKeyRef: - name: {{ include "falcosidekick.fullname" . }} - key: aws-secretaccesskey - - name: AWS_REGION - value: {{ .Values.config.aws.region | quote }} - {{- end }} - {{- if .Values.config.aws.lambda.functionname }} - - name: AWS_LAMBDA_FUNCTIONNAME - value: {{ .Values.config.aws.lambda.functionname | quote }} - - name: AWS_LAMBDA_MINIMUMPRIORITY - value: {{ .Values.config.aws.lambda.minimumpriority | quote }} - {{- end }} - {{- if .Values.config.aws.sqs.url }} - - name: AWS_SQS_URL - value: {{ .Values.config.aws.sqs.functionname | quote }} - - name: AWS_SQS_MINIMUMPRIORITY - value: {{ .Values.config.aws.sqs.minimumpriority | quote }} - {{- end }} - {{- if and .Values.config.smtp.hostport .Values.config.smtp.from .Values.config.smtp.to }} - - name: SMTP_HOSTPORT - value: {{ .Values.config.smtp.hostport | quote }} - - name: SMTP_FROM - value: {{ .Values.config.smtp.from | quote }} - - name: SMTP_TO - value: {{ .Values.config.smtp.to | quote }} - - name: SMTP_OUTPUTFORMAT - value: {{ .Values.config.smtp.outputformat | quote }} - - name: SMTP_MINIMUMPRIORITY - value: {{ .Values.config.smtp.minimumpriority | quote }} - {{- if and .Values.config.smtp.user .Values.config.smtp.password }} - - name: SMTP_USER - valueFrom: - secretKeyRef: - name: {{ include "falcosidekick.fullname" . }} - key: smtp-user - - name: SMTP_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "falcosidekick.fullname" . }} - key: smtp-password - {{- end }} - {{- end }} - {{- if .Values.config.opsgenie.apikey }} - - name: OPSGENIE_APIKEY - valueFrom: - secretKeyRef: - name: {{ include "falcosidekick.fullname" . }} - key: opsgenie-apikey - - name: OPSGENIE_REGION - value: {{ .Values.config.opsgenie.region | quote }} - - name: OPSGENIE_MINIMUMPRIORITY - value: {{ .Values.config.opsgenie.minimumpriority | quote }} - {{- end }} - {{- if .Values.config.statsd.forwarder }} - - name: STATSD_FORWARDER - value: {{ .Values.config.statsd.forwarder | quote }} - - name: STATSD_NAMESPACE - value: {{ .Values.config.statsd.namespace | quote }} - {{- end }} - {{- if .Values.config.statsd.forwarder }} - - name: DOGSTATSD_FORWARDER - value: {{ .Values.config.dogstatsd.forwarder | quote }} - - name: DOGSTATSD_NAMESPACE - value: {{ .Values.config.dogstatsd.namespace | quote }} - - name: DOGSTATSD_TAGS - value: {{ .Values.config.dogstatsd.tags | quote }} - {{- end }} - {{- if .Values.config.webhook.address }} - - name: WEBHOOK_ADDRESS - value: {{ .Values.config.webhook.address | quote }} - - name: WEBHOOK_MINIMUMPRIORITY - value: {{ .Values.config.webhook.minimumpriority | quote }} - {{- end }} - {{- if .Values.config.azure.eventHub.name }} - - name: AZURE_EVENTHUB_NAME - value: {{ .Values.config.azure.eventHub.name | quote }} - - name: AZURE_EVENTHUB_NAMESPACE - value: {{ .Values.config.azure.eventHub.namespace | quote }} - - name: AZURE_EVENTHUB_MINIMUMPRIORITY - value: {{ .Values.config.azure.eventHub.minimumpriority | quote }} - {{- end }} - {{- if .Values.config.discord.webhookurl }} - - name: DISCORD_WEBHOOKURL - valueFrom: - secretKeyRef: - name: {{ include "falcosidekick.fullname" . }} - key: discord-webhookurl - - name: DISCORD_ICON - value: {{ .Values.config.discord.icon | quote }} - - name: DISCORD_MINIMUMPRIORITY - value: {{ .Values.config.discord.minimumpriority | quote }} - {{- end }} - - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/falcosidekick/templates/ingress.yaml b/falcosidekick/templates/ingress.yaml deleted file mode 100644 index 8ba0183a8..000000000 --- a/falcosidekick/templates/ingress.yaml +++ /dev/null @@ -1,39 +0,0 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "falcosidekick.fullname" . -}} -apiVersion: extensions/v1beta1 -kind: Ingress -metadata: - name: {{ $fullName }} - labels: - app.kubernetes.io/name: {{ include "falcosidekick.name" . }} - helm.sh/chart: {{ include "falcosidekick.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - {{- with .Values.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -spec: -{{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} -{{- end }} - rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} - http: - paths: - {{- range .paths }} - - path: {{ . }} - backend: - serviceName: {{ $fullName }} - servicePort: http - {{- end }} - {{- end }} -{{- end }} diff --git a/falcosidekick/templates/rbac.yaml b/falcosidekick/templates/rbac.yaml deleted file mode 100644 index 91be667da..000000000 --- a/falcosidekick/templates/rbac.yaml +++ /dev/null @@ -1,45 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "falcosidekick.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "falcosidekick.name" . }} - helm.sh/chart: {{ include "falcosidekick.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: Role -metadata: - name: {{ include "falcosidekick.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "falcosidekick.name" . }} - helm.sh/chart: {{ include "falcosidekick.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - endpoints - resourceNames: - - {{ include "falcosidekick.fullname" . }} - verbs: - - get ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: RoleBinding -metadata: - name: {{ include "falcosidekick.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "falcosidekick.name" . }} - helm.sh/chart: {{ include "falcosidekick.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "falcosidekick.fullname" . }} -subjects: -- kind: ServiceAccount - name: {{ include "falcosidekick.fullname" . }} diff --git a/falcosidekick/templates/secrets.yaml b/falcosidekick/templates/secrets.yaml deleted file mode 100644 index 0b79092fe..000000000 --- a/falcosidekick/templates/secrets.yaml +++ /dev/null @@ -1,44 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "falcosidekick.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "falcosidekick.name" . }} - helm.sh/chart: {{ include "falcosidekick.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -type: Opaque -data: - {{- if .Values.config.slack.webhookurl }} - slack-webhookurl: "{{ .Values.config.slack.webhookurl | b64enc }}" - {{- end }} - {{- if .Values.config.rocketchat.webhookurl }} - rocketchat-webhookurl: "{{ .Values.config.rocketchat.webhookurl | b64enc }}" - {{- end }} - {{- if .Values.config.mattermost.webhookurl }} - mattermost-webhookurl: "{{ .Values.config.mattermost.webhookurl | b64enc }}" - {{- end }} - {{- if .Values.config.teams.webhookurl }} - teams-webhookurl: "{{ .Values.config.teams.webhookurl | b64enc }}" - {{- end }} - {{- if .Values.config.datadog.apikey }} - datadog-apikey: "{{ .Values.config.datadog.apikey | b64enc }}" - {{- end }} - {{- if and .Values.config.influxdb.user .Values.config.influxdb.password }} - influxdb-user: "{{ .Values.config.influxdb.user | b64enc }}" - influxdb-password: "{{ .Values.config.influxdb.password | b64enc }}" - {{- end }} - {{- if and .Values.config.aws.accesskeyid .Values.config.aws.secretaccesskey }} - aws-accesskeyid: "{{ .Values.config.aws.accesskeyid | b64enc }}" - aws-secretaccesskey: "{{ .Values.config.aws.secretaccesskey | b64enc }}" - {{- end }} - {{- if and .Values.config.smtp.user .Values.config.smtp.password }} - smtp-user: "{{ .Values.config.smtp.user | b64enc }}" - smtp-password: "{{ .Values.config.smtp.password | b64enc }}" - {{- end }} - {{- if .Values.config.opsgenie.apikey }} - opsgenie-apikey: "{{ .Values.config.opsgenie.apikey | b64enc }}" - {{- end }} - {{- if .Values.config.discord.webhookurl }} - discord-webhookurl: "{{ .Values.config.discord.webhookurl | b64enc }}" - {{- end }} \ No newline at end of file diff --git a/falcosidekick/templates/service.yaml b/falcosidekick/templates/service.yaml deleted file mode 100644 index f49b3fd82..000000000 --- a/falcosidekick/templates/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "falcosidekick.fullname" . }} - labels: - app.kubernetes.io/name: {{ include "falcosidekick.name" . }} - helm.sh/chart: {{ include "falcosidekick.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http - selector: - app.kubernetes.io/name: {{ include "falcosidekick.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/falcosidekick/templates/tests/test-connection.yaml b/falcosidekick/templates/tests/test-connection.yaml deleted file mode 100644 index f242aad5c..000000000 --- a/falcosidekick/templates/tests/test-connection.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: "{{ include "falcosidekick.fullname" . }}-test-connection" - labels: - app.kubernetes.io/name: {{ include "falcosidekick.name" . }} - helm.sh/chart: {{ include "falcosidekick.chart" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: - "helm.sh/hook": test-success -spec: - containers: - - name: wget - image: busybox - command: ['wget'] - args: ['{{ include "falcosidekick.fullname" . }}:{{ .Values.service.port }}'] - restartPolicy: Never diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml deleted file mode 100644 index dab5bd12a..000000000 --- a/falcosidekick/values.yaml +++ /dev/null @@ -1,179 +0,0 @@ -# Default values for falcosidekick. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. - -replicaCount: 1 - -image: - repository: falcosecurity/falcosidekick - tag: 2.13.0 - pullPolicy: IfNotPresent - -nameOverride: "" -fullnameOverride: "" - -podSecurityPolicy: - create: false - -priorityClassName: "" - -config: - - debug: false - ## - ## a list of comma separated custom fields to add to falco events, syntax is "key:value,key:value" - customfields: "" - - slack: - webhookurl: "" - footer: "" - icon: "" - username: "" - outputformat: "all" - minimumpriority: "" - messageformat: "" - - rocketchat: - webhookurl: "" - icon: "" - username: "" - outputformat: "all" - minimumpriority: "" - messageformat: "" - - mattermost: - webhookurl: "" - footer: "" - icon: "" - username: "" - outputformat: "all" - minimumpriority: "" - messageformat: "" - - teams: - webhookurl: "" - activityimage: "" - outputformat: "all" - minimumpriority: "" - - datadog: - apikey: "" - minimumpriority: "" - - alertmanager: - hostport: "" - - elasticsearch: - hostport: "" - index: "falco" - type: "event" - minimumpriority: "" - - influxdb: - hostport: "" - database: "falco" - user: "" - password: "" - minimumpriority: "" - - loki: - hostport: "" - minimumpriority: "" - - nats: - hostport: "" - minimumpriority: "" - - aws: - accesskeyid: "" - secretaccesskey: "" - region : "" - lambda: - functionname : "" - minimumpriority: "" - sqs: - url : "" - minimumpriority: "" - - smtp: - hostport: "" - user: "" - password: "" - from: "" - to: "" - outputformat: "html" - minimumpriority: "" - - opsgenie: - aipkey: "" - region: "" - minimumpriority: "" - - statsd: - forwarder: "" - namespace: "falcosidekick." - - dogstatsd: - forwarder: "" - namespace: "falcosidekick." - tags: "" - - webhook: - address: "" - minimumpriority: "" - - webhook: - webhookurl: "" - icon: "" - minimumpriority: "" - - azure: - subscriptionID: "" - resourceGroupName: "" - podIdentityClientID: "" - podIdentityName: "" - eventHub: - namespace: "" - name: "" - minimumpriority: "" - - discord: - webhookurl: "" - icon: "" - minimumpriority: "" - -service: - type: ClusterIP - port: 2801 - -ingress: - enabled: false - annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" - hosts: - - host: falcosidekick.local - paths: [] - - tls: [] - # - secretName: chart-example-tls - # hosts: - # - chart-example.local - -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -nodeSelector: {} - -tolerations: [] - -affinity: {} diff --git a/release.md b/release.md deleted file mode 100644 index 679134c69..000000000 --- a/release.md +++ /dev/null @@ -1,50 +0,0 @@ -# Release Process - -Our release process is automated using [CircleCI](https://app.circleci.com/pipelines/github/falcosecurity/charts), [helm](https://github.com/helm/helm), and [chart-releaser](https://github.com/helm/chart-releaser). You can find the full script [here](.circleci/release.sh) and more details under the [Automation explained](#Automation-explained) section. Finally, the GitHub pages feature is used to host our Helm repo. - -The following process describes how to release just one chart. Since this repository can host multiple charts, the same instructions apply for any of them. - -## Release a chart - -The automated process starts when the `version` field of any of `*/Chart.yaml` file is modified and merged into the `master` branch. - -Thus, to trigger it, the following actions need to happen: - -1. A user creates a PR that increases the `version` field of the `Chart.yaml` (and possibly introduces other useful changes) -2. An approver approves the PR -3. @poiana (our beloved bot) merges the PR into the `master` branch, then the CI starts - -> The approvers may differ depending on the chart. Please, refer to the `OWNERS` file under the specific chart directory. - -Once the CI has done its job, a new tag is live on [GitHub](https://github.com/falcosecurity/falco-exporter/releases), and the site [https://falcosecurity.github.io/charts](https://falcosecurity.github.io/charts) indexes the new chart version. - -## Automation explained - -By convention, we assume that each top-level directory of the [falcosecury/charts](https://github.com/falcosecurity/charts) repository that contains a `Chart.yaml` is a Helm chart source directory. We may extend it also to support those charts that have source files in a different repository. - -The automated release process starts when any modification added to `master` triggers CircleCI. It ends with a GitHub Pages job that publishes the updated index of our Helm repo. - -### CircleCI workflow - -The CI is configured to [install the required tools](.circleci/install_tools.sh) then to runs [.circleci/release.sh](.circleci/release.sh) script. - -The script performs the following actions: - -- for each `*/Chart.yaml` file found: - - extract the `version` and the `name` attributes - - check if a git tag in the form `-` (e.g. `falco-1.1.10`) is already present - - if yes, skip the chart - - otherwise, add the chart to the list of charts to be released -- if the list is empty, the process stops -- for each chart in the resulting list: - - create the chart package (using `helm package`) -- run ([chart-releaser](https://github.com/helm/chart-releaser)) to create a GitHub release and to upload the package for each packaged created by the previous step -- run ([chart-releaser](https://github.com/helm/chart-releaser)) to update the `index.yaml`, then commit and push it to the `gh-pages` branch - -**N.B.** -- The name and the version of the chart are extracted from `Chart.yaml`, thus the directory name is not relevant in this process. -- The above process can release multiple charts simultaneously. - -### GitHub Pages job - -Eventually, the GitHub pages job will publish the updated index to [https://falcosecurity.github.io/charts/index.yaml](https://falcosecurity.github.io/charts/index.yaml), and the process completes. \ No newline at end of file