search

falcosecurity / charts

Community managed Helm charts for running Falco with Kubernetes
Apache License 2.0
245 stars 290 forks source link

Enable Elasticsearch Pipeline Configuration via Helm Values in Falco Sidekick #748

Open asfalots opened 2 months ago

asfalots commented 2 months ago

Motivation The current Falco Sidekick Helm chart does not support configuring Elasticsearch pipeline settings in the values.yaml file, even though this feature is already supported in Falco (as seen in the documentation). The missing configuration in the secret.yaml prevents the seamless integration of Elasticsearch pipeline settings.

Feature

Add the ability to configure Elasticsearch pipeline settings in the values.yaml and secret.yaml files of the Falco Sidekick Helm chart.

Alternatives

Currently, the only workaround is to manually edit the secret.yaml file after deploying the chart, which is not ideal and prevent using gitops approach like with ArgoCD

Additional context

A pull request has been prepared and will be submitted to address this feature request.

Issif commented 2 months ago

Hi,

The pipeline has been integrated in the master branch, but not released in a tagged version yet (it will be in the 2.30.0), this is why it's not available in the Helm values.

It's possible anyway to use it, by changing the image tag to latest and by setting extraEnv.

falcosidekick:
    image:
        tag: latest
    config:
        extraEnv:
            - name: ELASTICSEARCH_PIPELINE
              value: xxxxx

I don't have any ETA for now.

asfalots commented 2 months ago

Thanks, I missed the extraEnv in the documentation. At least the PR is ready for 2.30 :-)