Skip to content

Commit

Permalink
all new output types added, version bumped to v0.3.0, falcosidekick v…
Browse files Browse the repository at this point in the history 
…ersion also bumped to v1.0.0, README updated according to new output types, CHANGELOG also updated with the new changes.

Signed-off-by: Batuhan Apaydın <batuhan.apaydin@trendyol.com>
  • Loading branch information
@developer-guy @poiana
developer-guy authored and poiana committed Apr 7, 2021
1 parent b52c191 commit f63f094
Show file tree
Hide file tree
Showing 5 changed files with 81 additions and 14 deletions.
9 changes: 9 additions & 0 deletions falcosidekick/CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,15 @@ numbering uses [semantic versioning](http://semver.org).

Before release 0.1.20, the helm chart can be found in `falcosidekick` [repository](https://github.com/falcosecurity/falcosidekick/tree/master/deploy/helm/falcosidekick).

## 0.3.0

### Major Changes

* Add `AWS S3` output
* Add `GCP Storage` output
* Add `RabbitMQ` output
* Add `OpenFaas` output

## 0.2.9

### Major Changes
Expand Down
2 changes: 1 addition & 1 deletion falcosidekick/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ appVersion: 2.21.0
description: A simple daemon to help you with falco's outputs
icon: https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png
name: falcosidekick
version: 0.2.9
version: 0.3.0
keywords:
- monitoring
- security
Expand Down
36 changes: 27 additions & 9 deletions falcosidekick/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ Currently available outputs are :
* [**AWS Lambda**](https://aws.amazon.com/lambda/features/)
* [**AWS SQS**](https://aws.amazon.com/sqs/features/)
* [**AWS SNS**](https://aws.amazon.com/sns/features/)
* [**AWS S3**](https://aws.amazon.com/s3/features/)
* [**AWS CloudWatchLogs**](https://aws.amazon.com/cloudwatch/features/)
* **SMTP** (email)
* [**Opsgenie**](https://www.opsgenie.com/)
Expand All @@ -40,12 +41,14 @@ Currently available outputs are :
* [**Azure Event Hubs**](https://azure.microsoft.com/en-in/services/event-hubs/)
* [**Prometheus**](https://prometheus.io/) (for both events and monitoring of `falcosidekick`)
* [**GCP PubSub**](https://cloud.google.com/pubsub)
* [**GCP Storage**](https://cloud.google.com/storage)
* [**Google Chat**](https://workspace.google.com/products/chat/)
* [**Apache Kafka**](https://kafka.apache.org/)
* [**PagerDuty**](https://pagerduty.com/)
* [**Kubeless**](https://kubeless.io/)
* [**Kubeless**](https://kubeless.io/)
* [**OpenFaaS**](https://www.openfaas.com/)
* [**Cloud Events**](https://cloudevents.io/)
* [**RabbitMQ**](https://www.rabbitmq.com)
* [**WebUI**](https://github.com/falcosecurity/falcosidekick-ui) (a Web UI for displaying latest events in real time)

## Adding `falcosecurity` repository
Expand Down Expand Up @@ -168,7 +171,10 @@ The following table lists the main configurable parameters of the Falcosidekick
| `config.aws.sns.rawjson` | Send RawJSON from `falco` or parse it to AWS SNS | |
| `config.aws.sns.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` |
| `config.aws.sqs.url` | AWS SQS Queue URL, if not empty, AWS SQS output is enabled | |
| `config.aws.sqs.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` |
| `config.aws.sqs.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` |
| `config.aws.s3.bucket` | AWS S3, bucket name | `falcosidekick` |
| `config.aws.s3.prefix` | AWS S3, name of prefix, keys will have format: s3://<bucket>/<prefix>/YYYY-MM-DD/YYYY-MM-DDTHH:mm:ss.s+01:00.json | |
| `config.aws.s3.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug`
| `config.smtp.hostport` | "host:port" address of SMTP server, if not empty, SMTP output is enabled | |
| `config.smtp.user` | user to access SMTP server | |
| `config.smtp.password` | password to access SMTP server | |
Expand All @@ -194,6 +200,9 @@ The following table lists the main configurable parameters of the Falcosidekick
| `config.gcp.pubsub.projectid` | ID of the GCP project | |
| `config.gcp.pubsub.topic` | Name of the Pub/Sub topic | |
| `config.gcp.eventhub.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` |
| `config.gcp.storage.prefix` | Name of prefix, keys will have format: gs://<bucket>/<prefix>/YYYY-MM-DD/YYYY-MM-DDTHH:mm:ss.s+01:00.json | |
| `config.gcp.storage.bucket` | The name of the bucket | |
| `config.gcp.storage.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` |
| `config.googlechat.webhookurl` | Google Chat Webhook URL (ex: https://chat.googleapis.com/v1/spaces/XXXXXX/YYYYYY), if not `empty`, Google Chat output is *enabled* | |
| `config.googlechat.outputformat` | `all` (default), `text` (only text is displayed in Google chat) | `all` |
| `config.googlechat.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` |
Expand All @@ -207,13 +216,22 @@ The following table lists the main configurable parameters of the Falcosidekick
| `config.pagerduty.assignee` | A list of comma separated users to assign. Cannot be provided if pagerduty.escalationpolicy is already specified | |
| `config.pagerduty.escalationpolicy` | Escalation policy to assign. Cannot be provided if pagerduty.escalationpolicy is already specified | |
| `config.pagerduty.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` |
| `kubeless.function` | Name of Kubeless function, if not empty, EventHub is *enabled* | |
| `kubeless.namespace` | Namespace of Kubeless function (mandatory) | |
| `kubeless.port` | Port of service of Kubeless function. Default is `8080` | |
| `kubeless.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` |
| `cloudevents.address` | CloudEvents consumer http address, if not empty, CloudEvents output is *enabled* | |
| `cloudevents.extension` | Extensions to add in the outbound Event, useful for routing | |
| `cloudevents.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` |
| `config.kubeless.function` | Name of Kubeless function, if not empty, EventHub is *enabled* | |
| `config.kubeless.namespace` | Namespace of Kubeless function (mandatory) | |
| `config.kubeless.port` | Port of service of Kubeless function. Default is `8080` | |
| `config.kubeless.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` |
| `config.openfaas.gatewayservice` | Service of OpenFaaS Gateway, "gateway" (default) | |
| `config.openfaas.gatewaynamespace` | Namespace of OpenFaaS Gateway, "openfaas" (default) | |
| `config.openfaas.gatewayport` | Port of service of OpenFaaS Gateway Default is `8080` | |
| `config.openfaas.functionname` | Name of OpenFaaS function, if not empty, OpenFaaS is enabled | |
| `config.openfaas.functionnamespace` | Namespace of OpenFaaS function, "openfaas-fn" (default) |
| `config.openfaas.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` |
| `config.cloudevents.address` | CloudEvents consumer http address, if not empty, CloudEvents output is *enabled* | |
| `config.cloudevents.extension` | Extensions to add in the outbound Event, useful for routing | |
| `config.cloudevents.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` |
| `config.rabbitmq.url` | Rabbitmq URL, if not empty, Rabbitmq output is *enabled* | |
| `config.rabbitmq.queue` | Rabbitmq Queue name | |
| `config.rabbitmq.minimumpriority` | minimum priority of event for using use this output, order is `emergency|alert|critical|error|warning|notice|informational|debug or ""` | `debug` |
| `webui.enabled` | enable Falcosidekick-UI | `false` |

Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
Expand Down
21 changes: 20 additions & 1 deletion falcosidekick/templates/secrets.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,9 @@ data:
AWS_SNS_MINIMUMPRIORITY: "{{ .Values.config.aws.sns.minimumpriority | b64enc }}"
AWS_SQS_URL: "{{ .Values.config.aws.sqs.url | b64enc }}"
AWS_SQS_MINIMUMPRIORITY: "{{ .Values.config.aws.sqs.minimumpriority | b64enc }}"
AWS_S3_BUCKET: "{{ .Values.config.aws.s3.bucket | b64enc }}"
AWS_S3_PREFIX: "{{ .Values.config.aws.s3.prefix | b64enc }}"
AWS_S3_MINIMUMPRIORITY: "{{ .Values.config.aws.s3.minimumpriority | b64enc }}"

# SMTP Output
SMTP_USER: "{{ .Values.config.smtp.user | b64enc }}"
Expand All @@ -100,6 +103,9 @@ data:
GCP_PUBSUB_PROJECTID: "{{ .Values.config.gcp.pubsub.projectid | b64enc }}"
GCP_PUBSUB_TOPIC: "{{ .Values.config.gcp.pubsub.topic | b64enc }}"
GCP_PUBSUB_MINIMUMPRIORITY: "{{ .Values.config.gcp.pubsub.minimumpriority | b64enc }}"
GCP_STORAGE_BUCKET: "{{ .Values.config.gcp.storage.bucket | b64enc }}"
GCP_STORAGE_PREFIX: "{{ .Values.config.gcp.storage.prefix | b64enc }}"
GCP_STORAGE_MINIMUMPRIORITY: "{{ .Values.config.gcp.storage.minimumpriority | b64enc }}"

# GoogleChat Output
GOOGLECHAT_WEBHOOKURL: "{{ .Values.config.googlechat.webhookurl | b64enc }}"
Expand Down Expand Up @@ -163,12 +169,25 @@ data:
KUBELESS_NAMESPACE: "{{ .Values.config.kubeless.namespace | b64enc }}"
KUBELESS_PORT: "{{ .Values.config.kubeless.port | toString | b64enc }}"
KUBELESS_MINIMUMPRIORITY: "{{ .Values.config.kubeless.minimumpriority | b64enc }}"


# OpenFaaS
OPENFAAS_GATEWAYNAMESPACE: "{{ .Values.config.openfaas.gatewaynamespace | b64enc }}"
OPENFAAS_GATEWAYSERVICE: "{{ .Values.config.openfaas.gatewayservice | b64enc }}"
OPENFAAS_FUNCTIONNAME: "{{ .Values.config.openfaas.functionname | b64enc }}"
OPENFAAS_FUNCTIONNAMESPACE: "{{ .Values.config.openfaas.functionnamespace | b64enc }}"
OPENFAAS_GATEWAYPORT: "{{ .Values.config.openfaas.gatewayport | toString | b64enc }}"
OPENFAAS_MINIMUMPRIORITY: "{{ .Values.config.openfaas.minimumpriority | b64enc }}"

# Cloud Events Output
CLOUDEVENTS_ADDRESS: "{{ .Values.config.cloudevents.address | b64enc }}"
CLOUDEVENTS_EXTENSION: "{{ .Values.config.cloudevents.extension | b64enc }}"
CLOUDEVENTS_MINIMUMPRIORITY: "{{ .Values.config.cloudevents.minimumpriority | b64enc }}"

# RabbitMQ Output
RABBITMQ_URL: "{{ .Values.config.rabbitmq.url | b64enc}}"
RABBITMQ_QUEUE: "{{ .Values.config.rabbitmq.queue | b64enc}}"
RABBITMQ_MINIMUMPRIORITY: "{{ .Values.config.rabbitmq.minimumpriority | b64enc}}"

# WebUI Output
{{- if .Values.webui.enabled -}}
{{ $weburl := printf "http://%s-ui:2802" (include "falcosidekick.fullname" .) }}
Expand Down
Loading

0 comments on commit f63f094

Please sign in to comment.