This file documents all notable changes to Falcosidekick Helm Chart. The release numbering uses semantic versioning.
Before release 0.1.20, the helm chart can be found in falcosidekick repository.
- Fix the Falco Sidekick WEBUI_URL secret value.
- Align Web UI service port from values.yaml file with Falco Sidekick WEBUI_URL secret value.
- Enhanced the service Monitor to support additional Properties.
- Fix the promql query for prometheusRules: FalcoErrorOutputEventsRateHigh.
- Fix PrometheusRule duplicate alert name
- Fix the labels for the serviceMonitor
- Fix the error with the
NOTES(index of untyped nil Use) when the ingress is enabled to falcosidekick-ui
- Fix ServiceMonitor selector labels
- Fix duplicate component labels
- Fix ServiceMonitor port name and selector labels
- Align README values with the values.yaml file
- Fix a link in the falcosidekick README to the policy report output documentation
- Set Helm recommended labels (
app.kubernetes.io/name,app.kubernetes.io/instance,app.kubernetes.io/version,helm.sh/chart,app.kubernetes.io/part-of,app.kubernetes.io/managed-by) using helpers.tpl
- noop change to the chart itself. Updated makefile.
- Fix the condition for missing cert files
- Support extraArgs in the helm chart
- Fix the behavior with the
AWS IRSAwith a new valueaws.config.useirsa - Add a section in the README to describe how to use a subpath for
Falcosidekick-uiingress - Add a
ServiceMonitorfor prometheus-operator - Add a
PrometheusRulefor prometheus-operator
- noop change just to test the ci
- Fix volume mount when
config.tlsserver.servercrt,config.tlsserver.serverkeyandconfig.tlsserver.cacrtvariables are defined.
- Allow to set (m)TLS Server cryptographic material via
config.tlsserver.servercrt,config.tlsserver.serverkeyandconfig.tlsserver.cacrtvariables or throughconfig.tlsserver.existingSecretvariables.
- Fix the wrong key of the secret for the user
- Allow to set a password
webui.redis.passwordfor Redis forFalcosidekick-UI - The user for
Falcosidekick-UIis now set with an env var from a secret
- Support configuration of revisionHistoryLimit of the deployments
- Update Falcosidekick to 2.28.0
- Add Mutual TLS Client config
- Add TLS Server config
- Add
bracketreplacerconfig - Add
customseveritymaptoalertmanageroutput - Add Drop Event config to
alertmanageroutput - Add
customheaderstoelasticsearchoutput - Add
customheaderstolokioutput - Add
customheaderstografanaoutput - Add
rolearnandexternalidforawsoutputs - Add
methodtowebhookoutput - Add
customattributestogcp.pubsuboutput - Add
regiontopargerdutyoutput - Add
topiccreationandtlstokafkaoutput - Add
Grafana OnCalloutput - Add
Redisoutput - Add
Telegramoutput - Add
N8Noutput - Add
OpenObserveroutput
- Fix interpolation of
SYSLOG_PORT
- Add
webui.allowcorsvalue forFalcosidekick-UI
- Change the docker image for the redis pod for falcosidekick-ui
- Add
affinity,nodeSelectorandtolerationsvalues for the Falcosidekick test-connection pod
- Set extra labels and annotations for
AlertManageronly if they're not empty
- Fix Prometheus extralabels configuration in Falcosidekick
- Fix missing quotes in Falcosidekick-UI ttl argument
- Fix missing space in Falcosidekick-UI ttl argument
- Fix missing space in Falcosidekick-UI arguments
- upgrade Falcosidekick image to 2.27.0
- upgrade Falcosidekick-UI image to 2.1.0
- Add
Yandex Data Streamsoutput - Add
Node-Redoutput - Add
MQTToutput - Add
Zincsearchoutput - Add
Gotifyoutput - Add
Spyderbatoutput - Add
Tektonoutput - Add
TimescaleDBoutput - Add
AWS Security Lakeoutput - Add
config.templatedfieldsto set templated fields - Add
config.slack.channelto overrideSlackchannel - Add
config.alertmanager.extralabelsandconfig.alertmanager.extraannotationsforAlertManageroutput - Add
config.influxdb.token,config.influxdb.organizationandconfig.influxdb.precisionforInfluxDBoutput - Add
config.aws.checkidentityto disallow STS checks - Add
config.smtp.authmechanism,config.smtp.token,config.smtp.identity,config.smtp.traceto manageSMTPauth - Update default doc type for
Elastichsearch - Add
config.loki.user,config.loki.apikeyto manage auth to Grafana Cloud forLokioutput - Add
config.kafka.sasl,config.kafka.async,config.kafka.compression,config.kafka.balancer,config.kafka.clientidto manage auth and communication forKafkaoutput - Add
config.syslog.formatto manage the format ofSyslogpayload - Add
webui.ttlto set TTL of keys in Falcosidekick-UI - Add
webui.loglevelto set log level in Falcosidekick-UI - Add
webui.userto set log user:password in Falcosidekick-UI
- Fix: remove
namespacefromclusterroleandclusterrolebindingmetadata
- Support
storageEnabledforredisto allow ephemeral installs
- Removing unused Kafka config values
- Fixing Syslog's port import in
secrets.yaml
- Add
webui.externalRediswithenabled,urlandportto values to set an external Redis database with RediSearch > v2 for the WebUI - Add
webui.redis.enabledoption to disable the deployment of the database. webui.redis.enabledandwebui.externalRedis.enabledare mutually exclusive
- Upgrade image to fix Panic of
Prometheusoutput whencustomfieldsis set - Add
extralabelsforLokiandPrometheusoutputs to set fields to use as labels - Add
expiresafterforAlertManageroutput
- Support full configuration of
securityContextblocks in falcosidekick and falcosidekick-ui deployments, and redis statefulset.
- Update Falcosidekick-UI image (fix wrong redirect to localhost when an ingress is used)
- Support
ingressClassNamefield in falcosidekick ingresses.
- Add
Policy Reportoutput - Add
Syslogoutput - Add
AWS Kinesisoutput - Add
Zoho Cliqoutput - Support IRSA for AWS authentication
- Upgrade Falcosidekick-UI to v2.0.1
- Allow to set custom Labels for pods
- Allow additional service-ui annotations
- Fix output after chart installation when ingress is enable
- Support
annotationblock in service
- Fix: Added the rule to use the podsecuritypolicy
- Fix: Added
ServiceAccountNameto the UI deployment
- Removes duplicate
Fissionkeys from secret
- Support Ingress API version
networking.k8s.io/v1, seeingress.hostsandwebui.ingress.hostsin values.yaml for a breaking change in thepathparameter
- Fix: Remove the value for bucket of
Yandex S3, it enabled the output by default
- Fix: set correct new image 2.24.0
- Add
Fissionoutput
- Add
Grafanaoutput - Add
Yandex Cloud S3output - Add
Kafka RESToutput
- Docker image is now available on AWS ECR Public Gallery (
--set image.registry=public.ecr.aws)
- Enable extra volumes and volumemounts for
falcosidekickvia values
- Add AWS configuration field
config.aws.rolearn
- Make image registries for
falcosidekickandfalcosidekick-uiconfigurable
- Fix table formatting in
README.md
- Add missing
imagePullSecretsinfalcosidekick/templates/deployment-ui.yaml
- Add
GCP Cloud Runoutput - Add
GCP Cloud Functionsoutput - Add
Wavefrontoutput - Allow MutualTLS for some outputs
- Add basic auth for Elasticsearch output
- Fix table formatting in
README.md - Fix
config.azure.eventHubparameter name inREADME.md
- Point to the correct name of aadpodidentnity
- Fix link to Falco in the
README.md
- Bump up version (
v1.0.1) of image forfalcosidekick-ui
- Set default values for
OpenFaaSoutput type parameters - Fixes of documentation
- Add config checksum annotation to deployment pods to restart pods on config change
- Fix statsd config options in the secret to make them match the docs
- Fix for
s3.bucket, it should be empty
- Add
AWS S3output - Add
GCP Storageoutput - Add
RabbitMQoutput - Add
OpenFaasoutput
- Updated falcosidekuck-ui default image version to
v0.2.0
- Fixed to specify
kafka.hostPortinstead ofkafka.url
- Fixed missing hyphen in podidentity
- Fix repo and tag for
uiimage
- Add
CLOUDEVENTSoutput - Add
WEBUIoutput
- Add details about syntax for adding
custom_fields
- Add
DATADOG_HOSTto secret
- Allow additional pod annotations
- Remove namespace condition in aad-pod-identity
- Add
Kubelessoutput
- Add
PagerDutyoutput
- Add option to use an existing secret
- Add option to add extra environment variables
- Add
Stanoutput
- Use the Existing secret resource and add all possible variables to there, and make it simpler to read and less error-prone in the deployment resource
- Fix aws keys not being added to the deployment
- Fix helm test
- Update image to use release 2.19.1
- New outputs can be set :
Kafka,AWS CloudWatchLogs
- Fixed GCP Pub/Sub values references in
deployment.yaml
- Support release namespace configuration
- New outputs can be set :
Googlechat
- New output can be set :
GCP PubSub - Custom Headers can be set for
Webhookoutput - Fix typo
aipKeyfor OpsGenie output
- Fix falcosidekick configuration table to use full path of configuration properties in the
README.md
- New output can be set :
AWS SNS - Metrics in
prometheusformat can be scrapped from/metricsURI
- Replace extensions apiGroup/apiVersion because of deprecation
- Allow the creation of a PodSecurityPolicy, disabled by default
- Allow the configuration of the Pod securityContext, set default runAsUser and fsGroup values
- Remove duplicated
webhookblock invalues.yaml
- fake release for triggering CI for auto-publishing
- Add
imagePullSecrets
- Fix
Azure Indentitycase sensitive value
- New outputs can be set :
Azure Event Hubs,Discord
- Fix wrong port name in output
- New outputs can be set :
Mattermost,Rocketchat
- Add Pod Security Policy
- Fix wrong value reference for Elasticsearch output in deployment.yaml
- New output can be set :
DogStatsD
- New output can be set :
StatsD
- New output can be set :
Opsgenie
- New output can be set :
NATS
Falcosidekickand its chart are now part offalcosecurityorganization
- Use more recent image with
Golang1.14
- New output can be set :
Loki
- New output can be set :
SMTP
- New outputs can be set :
AWS Lambda,AWS SQS,Teams
- Initial release of Falcosidekick Helm Chart