From cdf345d6521a1370a993dafc6398050a9c797dfd Mon Sep 17 00:00:00 2001 From: Thomas Labarussias Date: Thu, 10 Oct 2024 20:37:45 +0200 Subject: [PATCH] falco-talon: remove all refs to the previous org Signed-off-by: Thomas Labarussias --- .lycheeignore | 3 +- charts/falco-talon/CHANGELOG.md | 4 +++ charts/falco-talon/Chart.yaml | 6 ++-- charts/falco-talon/README.gotmpl | 45 ++++++++++++++++-------- charts/falco-talon/README.md | 59 ++++++++++++++++++++------------ charts/falco-talon/values.yaml | 2 +- 6 files changed, 77 insertions(+), 42 deletions(-) diff --git a/.lycheeignore b/.lycheeignore index 1af3ae273..2dbe57a0a 100644 --- a/.lycheeignore +++ b/.lycheeignore @@ -17,4 +17,5 @@ https://localhost:32765/k8s-audit https://some.url/some/path/ http://localhost:8765/versions https://environmentid.live.dynatrace.com/api -https://yourdomain/e/ENVIRONMENTID/api \ No newline at end of file +https://yourdomain/e/ENVIRONMENTID/api +http://falco-talon:2803 \ No newline at end of file diff --git a/charts/falco-talon/CHANGELOG.md b/charts/falco-talon/CHANGELOG.md index 388a49c06..28cfa7b0b 100644 --- a/charts/falco-talon/CHANGELOG.md +++ b/charts/falco-talon/CHANGELOG.md @@ -3,6 +3,10 @@ This file documents all notable changes to Falco Talon Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## 0.1.2 - 2024-10-14 + +- remove all refs to the previous org + ## 0.1.1 - 2024-10-01 - Use version `0.1.1` diff --git a/charts/falco-talon/Chart.yaml b/charts/falco-talon/Chart.yaml index da061e5d1..c08e87d20 100644 --- a/charts/falco-talon/Chart.yaml +++ b/charts/falco-talon/Chart.yaml @@ -2,15 +2,15 @@ apiVersion: v1 appVersion: 0.1.1 description: React to the events from Falco name: falco-talon -version: 0.1.1 +version: 0.1.2 keywords: - falco - monitoring - security - response-engine -home: https://github.com/falco-talon/falco-talon +home: https://github.com/falcosecurity/falco-talon sources: - - https://github.com/falco-talon/falco-talon + - https://github.com/falcosecurity/falco-talon maintainers: - name: Issif email: issif+github@gadz.org diff --git a/charts/falco-talon/README.gotmpl b/charts/falco-talon/README.gotmpl index d2ef61ca0..3608b4ec1 100644 --- a/charts/falco-talon/README.gotmpl +++ b/charts/falco-talon/README.gotmpl @@ -1,6 +1,6 @@ # Falco Talon -![release](https://flat.badgen.net/github/release/falco-talon/falco-talon/latest?color=green) ![last commit](https://flat.badgen.net/github/last-commit/falco-talon/falco-talon) ![licence](https://flat.badgen.net/badge/license/MIT/blue) ![docker pulls](https://flat.badgen.net/docker/pulls/issif/falco-talon?icon=docker) +![release](https://flat.badgen.net/github/release/falcosecurity/falco-talon/latest?color=green) ![last commit](https://flat.badgen.net/github/last-commit/falcosecurity/falco-talon) ![licence](https://flat.badgen.net/badge/license/Apache2.0/blue) ![docker pulls](https://flat.badgen.net/docker/pulls/issif/falco-talon?icon=docker) ## Description @@ -8,26 +8,41 @@ ## Architecture -`Falco Talon` can receive the `events` from [`Falco`](https://falco.org) or [`Falcosidekick`](https://github.com/falco-talon/falcosidekick): +`Falco Talon` can receive the `events` from [`Falco`](https://falco.org) or [`Falcosidekick`](https://github.com/falcosecurity/falcosidekick): + +```mermaid +flowchart LR + falco + falcosidekick + falco-talon + falco -- event --> falcosidekick + falco -- event --> falco-talon + falcosidekick -- event --> falco-talon + kubernetes -- context --> falco-talon + falco-talon -- action --> aws + falco-talon -- output --> minio + falco-talon -- action --> kubernetes + falco-talon -- notification --> slack +``` ## Documentation The full documentation is available on its own website: [https://docs.falco-talon.org/docs](https://docs.falco-talon.org/docs). -## Helm +## Installation -The helm chart is available in the folder [`deployment/helm`](https://github.com/falco-talon/falco-talon/tree/main/deployment/helm). +```shell +helm repo add falcosecurity https://falcosecurity.github.io/charts +helm repo update +helm install falco-talon falcosecurity/falco-talon -n falco --create-namespace -f values.yaml +``` -Two config files are provided: -* `values.yaml` allows you to configure `Falcon Talon` and the deployment -* `rules.yaml` contains rules to set +### Update the rules -### Install Falco Talon +Update `rules.yaml` then: -```shell -git clone https://github.com/falco-talon/falco-talon.git -cd deployment/helm/ -helm upgrade -i falco-talon . -n falco --create-namespace -f values.yaml +``` +helm upgrade falco-talon falcosecurity/falco-talon -n falco -f values.yaml ``` ### Uninstall Falco Talon @@ -36,16 +51,16 @@ helm upgrade -i falco-talon . -n falco --create-namespace -f values.yaml helm delete falco-talon -n falco ```` -### Configuration +## Configuration {{ template "chart.valuesSection" . }} -## Configure Falcosidekick +## Connect Falcosidekick Once you have installed `Falco Talon` with Helm, you need to connect `Falcosidekick` by adding the flag `--set falcosidekick.config.webhook.address=http://falco-talon:2803` ```shell -helm upgrade -i falco falco-talon/falco --namespace falco \ +helm upgrade -i falco falcosecurity/falco --namespace falco \ --create-namespace \ --set tty=true \ --set falcosidekick.enabled=true \ diff --git a/charts/falco-talon/README.md b/charts/falco-talon/README.md index 354a8ea0c..f5512bd83 100644 --- a/charts/falco-talon/README.md +++ b/charts/falco-talon/README.md @@ -1,6 +1,6 @@ # Falco Talon -![release](https://flat.badgen.net/github/release/falco-talon/falco-talon/latest?color=green) ![last commit](https://flat.badgen.net/github/last-commit/falco-talon/falco-talon) ![licence](https://flat.badgen.net/badge/license/MIT/blue) ![docker pulls](https://flat.badgen.net/docker/pulls/issif/falco-talon?icon=docker) +![release](https://flat.badgen.net/github/release/falcosecurity/falco-talon/latest?color=green) ![last commit](https://flat.badgen.net/github/last-commit/falcosecurity/falco-talon) ![licence](https://flat.badgen.net/badge/license/Apache2.0/blue) ![docker pulls](https://flat.badgen.net/docker/pulls/issif/falco-talon?icon=docker) ## Description @@ -8,26 +8,41 @@ ## Architecture -`Falco Talon` can receive the `events` from [`Falco`](https://falco.org) or [`Falcosidekick`](https://github.com/falco-talon/falcosidekick): +`Falco Talon` can receive the `events` from [`Falco`](https://falco.org) or [`Falcosidekick`](https://github.com/falcosecurity/falcosidekick): + +```mermaid +flowchart LR + falco + falcosidekick + falco-talon + falco -- event --> falcosidekick + falco -- event --> falco-talon + falcosidekick -- event --> falco-talon + kubernetes -- context --> falco-talon + falco-talon -- action --> aws + falco-talon -- output --> minio + falco-talon -- action --> kubernetes + falco-talon -- notification --> slack +``` ## Documentation The full documentation is available on its own website: [https://docs.falco-talon.org/docs](https://docs.falco-talon.org/docs). -## Helm +## Installation -The helm chart is available in the folder [`deployment/helm`](https://github.com/falco-talon/falco-talon/tree/main/deployment/helm). +```shell +helm repo add falcosecurity https://falcosecurity.github.io/charts +helm repo update +helm install falco-talon falcosecurity/falco-talon -n falco --create-namespace -f values.yaml +``` -Two config files are provided: -* `values.yaml` allows you to configure `Falcon Talon` and the deployment -* `rules.yaml` contains rules to set +### Update the rules -### Install Falco Talon +Update `rules.yaml` then: -```shell -git clone https://github.com/falco-talon/falco-talon.git -cd deployment/helm/ -helm upgrade -i falco-talon . -n falco --create-namespace -f values.yaml +``` +helm upgrade falco-talon falcosecurity/falco-talon -n falco -f values.yaml ``` ### Uninstall Falco Talon @@ -36,14 +51,14 @@ helm upgrade -i falco-talon . -n falco --create-namespace -f values.yaml helm delete falco-talon -n falco ```` -### Configuration +## Configuration ## Values | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | affinity | -| config | object | `{"aws":{"accesKey":"","externalId":"","region":"","roleArn":"","secretKey":""},"deduplication":{"leaderElection":true,"timeWindowSeconds":5},"defaultNotifiers":["k8sevents"],"listenAddress":"0.0.0.0","listenPort":2803,"minio":{"accessKey":"","endpoint":"","secretKey":"","useSsl":false},"notifiers":{"elasticsearch":{"createIndexTemplate":true,"numberOfReplicas":1,"numberOfShards":1,"url":""},"loki":{"apiKey":"","customHeaders":[],"hostPort":"","tenant":"","user":""},"slack":{"footer":"https://github.com/falco-talon/falco-talon","format":"long","icon":"https://upload.wikimedia.org/wikipedia/commons/2/26/Circaetus_gallicus_claw.jpg","username":"Falco Talon","webhookUrl":""},"smtp":{"format":"html","from":"","hostPort":"","password":"","tls":false,"to":"","user":""},"webhook":{"url":""}},"otel":{"collectorEndpoint":"","collectorPort":4317,"collectorUseInsecureGrpc":false,"metricsEnabled":false,"tracesEnabled":false},"printAllEvents":false,"rulesFiles":["rules.yaml","rules_override.yaml"],"watchRules":true}` | config of Falco Talon (See https://docs.falco-talon.org/docs/configuration/) | +| config | object | `{"aws":{"accesKey":"","externalId":"","region":"","roleArn":"","secretKey":""},"deduplication":{"leaderElection":true,"timeWindowSeconds":5},"defaultNotifiers":["k8sevents"],"listenAddress":"0.0.0.0","listenPort":2803,"minio":{"accessKey":"","endpoint":"","secretKey":"","useSsl":false},"notifiers":{"elasticsearch":{"createIndexTemplate":true,"numberOfReplicas":1,"numberOfShards":1,"url":""},"loki":{"apiKey":"","customHeaders":[],"hostPort":"","tenant":"","user":""},"slack":{"footer":"https://github.com/falcosecurity/falco-talon","format":"long","icon":"https://upload.wikimedia.org/wikipedia/commons/2/26/Circaetus_gallicus_claw.jpg","username":"Falco Talon","webhookUrl":""},"smtp":{"format":"html","from":"","hostPort":"","password":"","tls":false,"to":"","user":""},"webhook":{"url":""}},"otel":{"collectorEndpoint":"","collectorPort":4317,"collectorUseInsecureGrpc":false,"metricsEnabled":false,"tracesEnabled":false},"printAllEvents":false,"rulesFiles":["rules.yaml","rules_override.yaml"],"watchRules":true}` | config of Falco Talon (See https://docs.falco-talon.org/docs/configuration/) | | config.aws | object | `{"accesKey":"","externalId":"","region":"","roleArn":"","secretKey":""}` | aws | | config.aws.accesKey | string | `""` | access key (if not specified, default access_key from provider credential chain will be used) | | config.aws.externalId | string | `""` | external id | @@ -61,7 +76,7 @@ helm delete falco-talon -n falco | config.minio.endpoint | string | `""` | endpoint | | config.minio.secretKey | string | `""` | secret key | | config.minio.useSsl | bool | `false` | use ssl | -| config.notifiers | object | `{"elasticsearch":{"createIndexTemplate":true,"numberOfReplicas":1,"numberOfShards":1,"url":""},"loki":{"apiKey":"","customHeaders":[],"hostPort":"","tenant":"","user":""},"slack":{"footer":"https://github.com/falco-talon/falco-talon","format":"long","icon":"https://upload.wikimedia.org/wikipedia/commons/2/26/Circaetus_gallicus_claw.jpg","username":"Falco Talon","webhookUrl":""},"smtp":{"format":"html","from":"","hostPort":"","password":"","tls":false,"to":"","user":""},"webhook":{"url":""}}` | notifiers (See https://docs.falco-talon.org/docs/notifiers/list/ for the settings) | +| config.notifiers | object | `{"elasticsearch":{"createIndexTemplate":true,"numberOfReplicas":1,"numberOfShards":1,"url":""},"loki":{"apiKey":"","customHeaders":[],"hostPort":"","tenant":"","user":""},"slack":{"footer":"https://github.com/falcosecurity/falco-talon","format":"long","icon":"https://upload.wikimedia.org/wikipedia/commons/2/26/Circaetus_gallicus_claw.jpg","username":"Falco Talon","webhookUrl":""},"smtp":{"format":"html","from":"","hostPort":"","password":"","tls":false,"to":"","user":""},"webhook":{"url":""}}` | notifiers (See https://docs.falco-talon.org/docs/notifiers/list/ for the settings) | | config.notifiers.elasticsearch | object | `{"createIndexTemplate":true,"numberOfReplicas":1,"numberOfShards":1,"url":""}` | elasticsearch | | config.notifiers.elasticsearch.createIndexTemplate | bool | `true` | create the index template | | config.notifiers.elasticsearch.numberOfReplicas | int | `1` | number of replicas | @@ -73,8 +88,8 @@ helm delete falco-talon -n falco | config.notifiers.loki.hostPort | string | `""` | host:port | | config.notifiers.loki.tenant | string | `""` | tenant | | config.notifiers.loki.user | string | `""` | user | -| config.notifiers.slack | object | `{"footer":"https://github.com/falco-talon/falco-talon","format":"long","icon":"https://upload.wikimedia.org/wikipedia/commons/2/26/Circaetus_gallicus_claw.jpg","username":"Falco Talon","webhookUrl":""}` | slack | -| config.notifiers.slack.footer | string | `"https://github.com/falco-talon/falco-talon"` | footer | +| config.notifiers.slack | object | `{"footer":"https://github.com/falcosecurity/falco-talon","format":"long","icon":"https://upload.wikimedia.org/wikipedia/commons/2/26/Circaetus_gallicus_claw.jpg","username":"Falco Talon","webhookUrl":""}` | slack | +| config.notifiers.slack.footer | string | `"https://github.com/falcosecurity/falco-talon"` | footer | | config.notifiers.slack.format | string | `"long"` | format | | config.notifiers.slack.icon | string | `"https://upload.wikimedia.org/wikipedia/commons/2/26/Circaetus_gallicus_claw.jpg"` | icon | | config.notifiers.slack.username | string | `"Falco Talon"` | username | @@ -96,13 +111,13 @@ helm delete falco-talon -n falco | config.otel.metricsEnabled | bool | `false` | enable otel metrics | | config.otel.tracesEnabled | bool | `false` | enable otel traces | | config.printAllEvents | bool | `false` | print in stdout all received events, not only those which match a rule | -| config.rulesFiles | list | `["rules.yaml","rules_override.yaml"]` | list of rules to load | +| config.rulesFiles | list | `["rules.yaml","rules_override.yaml"]` | list of locale rules to load, they will be concatenated into a single config map | | config.watchRules | bool | `true` | auto reload the rules when the files change | | extraEnv | list | `[{"name":"LOG_LEVEL","value":"warning"}]` | extra env | -| image | object | `{"pullPolicy":"Always","registry":"falco.docker.scarf.sh","repository":"issif/falco-talon","tag":""}` | image parameters | +| image | object | `{"pullPolicy":"Always","registry":"falco.docker.scarf.sh","repository":"falcosecurity/falco-talon","tag":""}` | image parameters | | image.pullPolicy | string | `"Always"` | The image pull policy | | image.registry | string | `"falco.docker.scarf.sh"` | The image registry to pull from | -| image.repository | string | `"issif/falco-talon"` | The image repository to pull from | +| image.repository | string | `"falcosecurity/falco-talon"` | The image repository to pull from | | image.tag | string | `""` | Override the image tag to pull | | imagePullSecrets | list | `[]` | one or more secrets to be used when pulling images | | ingress | object | `{"annotations":{},"enabled":false,"hosts":[{"host":"falco-talon.local","paths":[{"path":"/"}]}],"tls":[]}` | ingress parameters | @@ -139,12 +154,12 @@ helm delete falco-talon -n falco | serviceMonitor.tlsConfig | object | `{}` | tlsConfig specifies TLS (Transport Layer Security) configuration for secure communication when scraping metrics from a service. It allows you to define the details of the TLS connection, such as CA certificate, client certificate, and client key. Currently, the k8s-metacollector does not support TLS configuration for the metrics endpoint. | | tolerations | list | `[]` | tolerations | -## Configure Falcosidekick +## Connect Falcosidekick Once you have installed `Falco Talon` with Helm, you need to connect `Falcosidekick` by adding the flag `--set falcosidekick.config.webhook.address=http://falco-talon:2803` ```shell -helm upgrade -i falco falco-talon/falco --namespace falco \ +helm upgrade -i falco falcosecurity/falco --namespace falco \ --create-namespace \ --set tty=true \ --set falcosidekick.enabled=true \ diff --git a/charts/falco-talon/values.yaml b/charts/falco-talon/values.yaml index 9da04342b..380cba120 100644 --- a/charts/falco-talon/values.yaml +++ b/charts/falco-talon/values.yaml @@ -180,7 +180,7 @@ config: # -- username username: "Falco Talon" # -- footer - footer: "https://github.com/falco-talon/falco-talon" + footer: "https://github.com/falcosecurity/falco-talon" # -- format format: "long" # -- webhook