falco chart value compare
261 lines
global:
image_prefix:
image_tag: ''
pullPolicy: IfNotPresent
team: security
helm:
check_deploy: true
check_deploy_timeout: 800
namespace:
env:
image:
image:
pullPolicy: IfNotPresent
pullPolicy: IfNotPresent
registry:
registry: docker.io
repository: falcosecurity/falco-no-driver
repository: falcosecurity/falco-no-driver
tag: "0.37.1"
tag: ""
imagePullSecrets: []
imagePullSecrets: []
nameOverride: ""
nameOverride: ""
fullnameOverride: ""
fullnameOverride: ""
namespaceOverride:
namespaceOverride: ""
rbac:
podAnnotations: {}
create: true
serviceAccount:
serviceAccount:
create: true
create: false
annotations: {}
annotations: {}
name: ""
name: ""
podAnnotations: {}
podLabels: {}
podLabels: {}
podPriorityClassName: system-node-critical
podPriorityClassName:
podSecurityContext: {}
podSecurityContext: {}
containerSecurityContext: {}
containerSecurityContext: {}
scc:
scc:
create: true
create: true
resources:
resources:
requests:
requests:
cpu: 100m
cpu: 100m
memory: 512Mi
memory: 512Mi
limits:
limits:
cpu: 1000m
cpu: 1000m
memory: 1024Mi
memory: 1024Mi
nodeSelector: {}
nodeSelector: {}
affinity: {}
affinity: {}
tolerations: {}
tolerations:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
healthChecks:
healthChecks:
livenessProbe:
livenessProbe:
initialDelaySeconds: 60
initialDelaySeconds: 60
timeoutSeconds: 5
timeoutSeconds: 5
periodSeconds: 15
periodSeconds: 15
readinessProbe:
readinessProbe:
initialDelaySeconds: 30
initialDelaySeconds: 30
timeoutSeconds: 5
timeoutSeconds: 5
periodSeconds: 15
periodSeconds: 15
tty: false
tty: false
controller:
controller:
kind: daemonset
kind: daemonset
annotations: {}
annotations: {}
daemonset:
daemonset:
updateStrategy:
updateStrategy:
type: RollingUpdate
type: RollingUpdate
deployment:
deployment:
replicas: 1
replicas: 1
services:
services:
mounts:
mounts:
volumes: []
volumes: []
volumeMounts: []
volumeMounts: []
enforceProcMount: false
enforceProcMount: false
driver:
driver:
enabled: true
enabled: true
kind: ebpf
kind: kmod
kmod:
bufSizePreset: 4
dropFailedExit: false
ebpf:
ebpf:
path:
path: "${HOME}/.falco/falco-bpf.o"
hostNetwork: false
hostNetwork: false
leastPrivileged: false
leastPrivileged: false
bufSizePreset: 4
dropFailedExit: false
modernEbpf:
leastPrivileged: false
bufSizePreset: 4
dropFailedExit: false
cpusForEachBuffer: 2
gvisor:
runsc:
path: /home/containerd/usr/local/sbin
root: /run/containerd/runsc
config: /run/containerd/runsc/config.toml
loader:
loader:
enabled: true
enabled: true
initContainer:
initContainer:
image:
image:
pullPolicy: IfNotPresent
pullPolicy: IfNotPresent
registry:
registry: docker.io
repository: falcosecurity/falco-driver-loader
repository: falcosecurity/falco-driver-loader
tag: "0.37.1"
tag: ""
env:
env: []
- name: "DRIVER_CURL_OPTIONS"
value: "--connect-timeout 100000"
args: []
args: []
resources: {}
resources: {}
securityContext: {}
securityContext: {}
gvisor:
enabled: false
runsc:
path: /home/containerd/usr/local/sbin
root: /run/containerd/runsc
config: /run/containerd/runsc/config.toml
collectors:
collectors:
enabled: true
enabled: true
docker:
docker:
enabled: true
enabled: true
socket: /var/run/docker.sock
socket: /var/run/docker.sock
containerd:
containerd:
enabled: true
enabled: true
socket: /run/containerd/containerd.sock
socket: /run/containerd/containerd.sock
crio:
crio:
enabled: false
enabled: true
socket: /run/crio/crio.sock
socket: /run/crio/crio.sock
kubernetes:
kubernetes:
enabled: true
enabled: false
apiAuth: /var/run/secrets/kubernetes.io/serviceaccount/token
pluginRef: "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.1.0"
apiUrl: "https://$(KUBERNETES_SERVICE_HOST)"
collectorHostname: ""
enableNodeFilter: true
collectorPort: ""
extra:
extra:
env: []
env: []
args: []
args: []
initContainers: []
initContainers: []
certs:
certs:
existingSecret: ""
existingSecret: ""
server:
server:
key: ""
key: ""
crt: ""
crt: ""
ca:
ca:
crt: ""
crt: ""
existingClientSecret: ""
client:
key: ""
crt: ""
customRules:
customRules:
coinsrules.yml: |-
{}
coins_rules
falcosidekick:
falcosidekick:
enabled: true
enabled: false
fullfqdn: false
fullfqdn: false
listenPort: 2801
listenPort: ""
replicaCount: 1
webui:
enabled: false
replicaCount: 1
config:
slack:
webhookurl:
outputformat: "all"
minimumpriority: "informational"
messageformat: 'Alert : rule *{{ .Rule }}* triggered in container : *{{ index .OutputFields "container.name" }}*'
customfields:
environment:
sumologic:
receiverURL:
minimumpriority: "informational"
falcoctl:
falcoctl:
image:
image:
pullPolicy: IfNotPresent
pullPolicy: IfNotPresent
registry:
registry: docker.io
repository: falcosecurity/falcoctl
repository: falcosecurity/falcoctl
tag: "0.7.2"
tag: "0.7.2"
artifact:
artifact:
install:
install:
enabled: true
enabled: true
env: {}
env: []
args: ["--verbose"]
args: ["--log-format=json"]
resources: {}
resources: {}
securityContext: {}
securityContext: {}
mounts:
volumeMounts: []
follow:
follow:
enabled: false
enabled: true
env: {}
env: []
args: ["--verbose"]
args: ["--log-format=json"]
resources: {}
resources: {}
securityContext: {}
securityContext: {}
mounts:
volumeMounts: []
config:
config:
indexes:
indexes:
- name: falcosecurity
- name: falcosecurity
url: https://falcosecurity.github.io/falcoctl/index.yaml
url: https://falcosecurity.github.io/falcoctl/index.yaml
artifact:
artifact:
allowedTypes:
allowedTypes:
- rulesfile
- rulesfile
- plugin
install:
install:
resolveDeps: false
resolveDeps: true
refs: [falco-rules:0]
refs: [falco-rules:3]
rulesfilesDir: /rulesfiles
rulesfilesDir: /rulesfiles
pluginsDir: /plugins
pluginsDir: /plugins
follow:
follow:
refs: [falco-rules:0]
refs: [falco-rules:3]
every: 6h
every: 6h
falcoversions: http://localhost:8765/versions
falcoversions: http://localhost:8765/versions
rulesfilesDir: /rulesfiles
rulesfilesDir: /rulesfiles
pluginsDir: /plugins
pluginsDir: /plugins
falco:
falco:
rules_file:
rules_file:
- /etc/falco/falco_rules.yaml
- /etc/falco/falco_rules.yaml
- /etc/falco/falco_rules.local.yaml
- /etc/falco/falco_rules.local.yaml
- /etc/falco/rules.d
- /etc/falco/rules.d
rule_matching: first
outputs_queue:
capacity: 0
load_plugins: []
plugins:
plugins:
- name: k8saudit
- name: k8saudit
library_path: libk8saudit.so
library_path: libk8saudit.so
init_config:
init_config:
maxEventSize: 262144
webhookMaxBatchSize: 12582912
sslCertificate: /etc/falco/falco.pem
open_params: "http://:9765/k8s-audit"
open_params: "http://:9765/k8s-audit"
- name: cloudtrail
- name: cloudtrail
library_path: libcloudtrail.so
library_path: libcloudtrail.so
- name: json
- name: json
library_path: libjson.so
library_path: libjson.so
init_config: ""
init_config: ""
load_plugins: []
watch_config_files: true
watch_config_files: true
time_format_iso_8601: false
time_format_iso_8601: false
json_output: true
priority: debug
json_output: false
json_include_output_property: true
json_include_output_property: true
json_include_tags_property: true
json_include_tags_property: true
Text moved to lines 239-242
log_stderr: true
log_syslog: true
log_level: info
libs_logger:
enabled: false
severity: debug
priority: informational
buffered_outputs: false
buffered_outputs: false
Text moved to lines 248-255
syscall_event_drops:
threshold: .1
actions:
- log
- alert
rate: .03333
max_burst: 1
simulate_drops: false
syscall_event_timeouts:
max_consecutives: 1000
syscall_buf_size_preset: 4
modern_bpf:
cpus_for_each_syscall_buffer: 2
output_timeout: 2000
outputs:
outputs:
rate: 1
rate: 0
max_burst: 1000
max_burst: 1000
stdout_output:
enabled: true
syslog_output:
syslog_output:
enabled: true
enabled: true
file_output:
file_output:
enabled: false
enabled: false
keep_alive: false
keep_alive: false
filename: ./events.txt
filename: ./events.txt
stdout_output:
http_output:
enabled: true
enabled: false
url: ""
user_agent: "falcosecurity/falco"
insecure: false
ca_cert: ""
ca_bundle: ""
ca_path: "/etc/falco/certs/"
mtls: false
client_cert: "/etc/falco/certs/client/client.crt"
client_key: "/etc/falco/certs/client/client.key"
echo: false
compress_uploads: false
keep_alive: false
Text moved with changes from lines 243-250 (88.8% similarity)
program_output:
enabled: false
keep_alive: false
program: "jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/XXX"
grpc_output:
enabled: false
grpc:
enabled: false
bind_address: "unix:///run/falco/falco.sock"
threadiness: 0
webserver:
webserver:
enabled: true
enabled: true
threadiness: 0
threadiness: 0
listen_port: 8765
listen_port: 8765
k8s_healthz_endpoint: /healthz
k8s_healthz_endpoint: /healthz
ssl_enabled: false
ssl_enabled: false
ssl_certificate: /etc/falco/falco.pem
ssl_certificate: /etc/falco/falco.pem
Text moved with changes to lines 222-229 (88.8% similarity)
Text moved from lines 203-206
program_output:
log_stderr: true
enabled: false
log_syslog: true
keep_alive: false
log_level: info
program: "jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/XXX"
libs_logger:
http_output:
enabled: false
url: ""
user_agent: "falcosecurity/falco"
grpc:
enabled: false
enabled: false
bind_address: "unix:///run/falco/falco.sock"
severity: debug
threadiness: 0
output_timeout: 2000
grpc_output:
syscall_event_timeouts:
max_consecutives: 1000
Text moved from lines 211-218
syscall_event_drops:
threshold: .1
actions:
- log
- alert
rate: .03333
max_burst: 1
simulate_drops: false
metrics:
enabled: false
enabled: false
metadata_download:
interval: 1h
max_mb: 100
output_rule: true
chunk_wait_us: 1000
resource_utilization_enabled: true
watch_freq_sec: 1
state_counters_enabled: true
kernel_event_counters_enabled: true
libbpf_stats_enabled: true
convert_memory_to_mb: true
include_empty_values: false
base_syscalls:
custom_set: []
repair: false