From 4558db9d17be4bb9b62dee4f0c6c793a83d1a9a9 Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Tue, 26 Mar 2024 17:07:48 +0100 Subject: [PATCH 1/4] update(falco/templates): always add `FALCO_HOSTNAME` env var This env var is consumed by Falco's gRPC servers and passed to libs to populate `evt.hostname`, and used in metrics (possibly other purpose in the future) as well. Signed-off-by: Leonardo Grasso --- charts/falco/templates/pod-template.tpl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/falco/templates/pod-template.tpl b/charts/falco/templates/pod-template.tpl index 5eb57288..a0cc1cbf 100644 --- a/charts/falco/templates/pod-template.tpl +++ b/charts/falco/templates/pod-template.tpl @@ -78,6 +78,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} env: + - name: FALCO_HOSTNAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName - name: FALCO_K8S_NODE_NAME valueFrom: fieldRef: From df76d36fe7d5af8bd71fc20a9b8ada18c1bf7a5c Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Tue, 26 Mar 2024 17:18:57 +0100 Subject: [PATCH 2/4] update(falco/templates): add `HOST_ROOT` env Although HOST_ROOT is already set in all container images consumed by this chart, its default value (i.e. `/host`) is hard-coded in many points across this chart. So for consistency, we also force set it in `env:` for the main container and the initContainer as well. The alternative would be to make it parametric, but since this is just an implementation detail that does not produce a user-facing effect, there's no compelling reason for the user to modify it. Moreover, the hard-coded value works since its usage is consistent across and limited to only containers managed by this chart. Signed-off-by: Leonardo Grasso --- charts/falco/templates/pod-template.tpl | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/falco/templates/pod-template.tpl b/charts/falco/templates/pod-template.tpl index a0cc1cbf..6077a6c1 100644 --- a/charts/falco/templates/pod-template.tpl +++ b/charts/falco/templates/pod-template.tpl @@ -78,6 +78,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} env: + - name: HOST_ROOT + value: /host - name: FALCO_HOSTNAME valueFrom: fieldRef: @@ -375,6 +377,8 @@ spec: name: etc-fs readOnly: true env: + - name: HOST_ROOT + value: /host {{- if .Values.driver.loader.initContainer.env }} {{- include "falco.renderTemplate" ( dict "value" .Values.driver.loader.initContainer.env "context" $) | nindent 4 }} {{- end }} From 56020a30a800a10a94ac5fa6f0dffee5a2fe97ac Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Tue, 26 Mar 2024 17:21:28 +0100 Subject: [PATCH 3/4] update(charts/falco): bump chart version to 4.3.0 Signed-off-by: Leonardo Grasso --- charts/falco/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/falco/Chart.yaml b/charts/falco/Chart.yaml index fbc15ff8..380bbc23 100644 --- a/charts/falco/Chart.yaml +++ b/charts/falco/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: falco -version: 4.2.6 +version: 4.3.0 appVersion: "0.37.1" description: Falco keywords: From 3f4b24549a65fa875a21739dfad9dc04f0fc6f5e Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Tue, 26 Mar 2024 17:42:52 +0100 Subject: [PATCH 4/4] docs(falco): add changelog for 4.3.0 Signed-off-by: Leonardo Grasso --- charts/falco/CHANGELOG.md | 4 ++++ charts/falco/README.md | 2 +- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/falco/CHANGELOG.md b/charts/falco/CHANGELOG.md index a60b547b..da2a8c27 100644 --- a/charts/falco/CHANGELOG.md +++ b/charts/falco/CHANGELOG.md @@ -3,6 +3,10 @@ This file documents all notable changes to Falco Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v4.3.0 + +* `FALCO_HOSTNAME` and `HOST_ROOT` are now set by default in pods configuration. + ## v4.2.6 * bump falcosidekick dependency version to v0.7.17 install latest version through falco chart diff --git a/charts/falco/README.md b/charts/falco/README.md index 3bcdd662..5bedfbfe 100644 --- a/charts/falco/README.md +++ b/charts/falco/README.md @@ -581,7 +581,7 @@ If you use a Proxy in your cluster, the requests between `Falco` and `Falcosidek ## Configuration -The following table lists the main configurable parameters of the falco chart v4.2.5 and their default values. See [values.yaml](./values.yaml) for full list. +The following table lists the main configurable parameters of the falco chart v4.3.0 and their default values. See [values.yaml](./values.yaml) for full list. ## Values