falcosecurity / charts

Community managed Helm charts for running Falco with Kubernetes
Apache License 2.0
242 stars 286 forks source link

falco-exporter: "for" is missing in #717

Closed jkleinlercher closed 3 months ago

jkleinlercher commented 3 months ago

Describe the bug

Run the falco-exporter chart with

helm template . --set serviceMonitor.enabled=true --set prometheusRules.enabled=true -s templates/prometheusrule.yaml 

ends in this exception:

Error: YAML parse error on falco-exporter/templates/prometheusrule.yaml: error converting YAML to JSON: yaml: line 45: could not find expected ':'
helm.go:84: [debug] error converting YAML to JSON: yaml: line 45: could not find expected ':'
YAML parse error on falco-exporter/templates/prometheusrule.yaml

reason:

in https://github.com/falcosecurity/charts/blob/467c2a270db887cc7324a71300d23f59604a6375/charts/falco-exporter/templates/prometheusrule.yaml#L54 the "for" key is missing.

How to reproduce it

Run the falco-exporter chart with

helm template . --set serviceMonitor.enabled=true --set prometheusRules.enabled=true -s templates/prometheusrule.yaml 

Expected behaviour

it should render a k8s manifest like this:

# Source: falco-exporter/templates/prometheusrule.yaml
apiVersion: monitoring.coreos.com/v1
kind: PrometheusRule
metadata:
  name: release-name-falco-exporter
  labels:
    app.kubernetes.io/name: falco-exporter
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/version: "0.8.3"
    app.kubernetes.io/managed-by: Helm
    helm.sh/chart: falco-exporter-0.12.0
spec:
  groups:
  - name: falco-exporter
    rules:
    - alert: FalcoExporterAbsent
      expr: absent(up{job="release-name-falco-exporter"})
      for: 10m
      annotations:
        summary: Falco Exporter has dissapeared from Prometheus service discovery.
        description: No metrics are being scraped from falco. No events will trigger any alerts.
      labels:
        severity: critical
    - alert: FalcoWarningEventsRateHigh
      annotations:
        summary: Falco is experiencing high rate of warning events
        description: A high rate of warning events are being detected by Falco
      expr: rate(falco_events{priority="4"}[5m]) > 0
      for: 15m
      labels:
        severity: warning
    - alert: FalcoErrorEventsRateHigh
      annotations:
        summary: Falco is experiencing high rate of error events
        description: A high rate of error events are being detected by Falco
      expr: rate(falco_events{priority="3"}[5m]) > 0
      for: 15m
      labels:
        severity: warning
    - alert: FalcoCriticalEventsRateHigh
      annotations:
        summary: Falco is experiencing high rate of critical events
        description: A high rate of critical events are being detected by Falco
      expr: rate(falco_events{priority="2"}[5m]) > 0
      for: 15m
      labels:
        severity: critical
    - alert: FalcoAlertEventsRateHigh
      annotations:
        summary: Falco is experiencing high rate of alert events
        description: A high rate of alert events are being detected by Falco
      expr: rate(falco_events{priority="1"}[5m]) > 0
      for: 5m
      labels:
        severity: critical
    - alert: FalcoEmergencyEventsRateHigh
      annotations:
        summary: Falco is experiencing high rate of emergency events
        description: A high rate of emergency events are being detected by Falco
      expr: rate(falco_events{priority="0"}[1m]) > 0
      for: 1m
      labels:
        severity: critical

Screenshots

Environment

Additional context

jkleinlercher commented 3 months ago

will get fixed by https://github.com/falcosecurity/charts/pull/712 already

alacuku commented 3 months ago

Hey @jkleinlercher, I'm waiting for @jochbru to rebase its PR. Once done, I'll merge it.

jochbru commented 3 months ago

Rebase is done @alacuku, sorry for the wait.

alacuku commented 3 months ago

Thanks @jochbru. The fix has been merged!

alacuku commented 3 months ago

/close

poiana commented 3 months ago

@alacuku: Closing this issue.

In response to [this](https://github.com/falcosecurity/charts/issues/717#issuecomment-2244712012): >/close Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.