Merge pull request #284 from akash4sh/main

Add falco-exporter chart

Author: akash4sh

charts/falco-exporter/CHANGELOG.md

@@ -0,0 +1,231 @@
+# Change Log
+
+This file documents all notable changes to `falco-exporter` Helm Chart. The release
+numbering uses [semantic versioning](http://semver.org).
+
+## v0.11.0
+
+* updated grafana dashboard
+
+## v0.10.1
+
+* Enhanced the service Monitor to support additional Properties.
+
+## v0.10.0
+
+* added ability to set the grafana folder annotation name
+
+## v0.9.11
+
+* fix dead links in README.md
+
+## v0.9.10
+
+* update configuration values in README.md
+* introduce helm docs for the chart
+
+## v0.9.9
+
+* update tolerations
+
+## v0.9.8
+
+* add annotation for set of folder's grafana-chart
+
+## v0.9.7
+
+* noop change just to test the ci
+
+## v0.9.6
+
+### Minor Changes
+
+* Bump falco-exporter to v0.8.3
+
+## v0.9.5
+
+### Minor Changes
+
+* Removed unnecessary capabilities from security context
+* Setted filesystem on read-only
+
+## v0.9.4
+
+### Minor Changes
+
+* Add options to configure readiness/liveness probe values
+
+## v0.9.3
+
+### Minor Changes
+
+* Bump falco-exporter to v0.8.2
+
+## v0.9.2
+
+### Minor Changes
+
+* Add option to place Grafana dashboard in a folder
+
+## v0.9.1
+
+### Minor Changes
+
+* Fix PSP allowed host path prefix to match grpc socket path change.
+
+## v0.8.3
+
+### Major Changes
+
+* Changing the grpc socket path from `unix:///var/run/falco/falco.soc` to `unix:///run/falco/falco.sock`.
+
+### Minor Changes
+
+* Bump falco-exporter to v0.8.0
+
+## v0.8.2
+
+### Minor Changes
+
+* Support configuration of updateStrategy of the Daemonset
+
+## v0.8.0
+
+* Upgrade falco-exporter version to v0.7.0 (see the [falco-exporter changelog](https://github.com/falcosecurity/falco-exporter/releases/tag/v0.7.0)) 
+
+### Major Changes
+
+* Add option to add labels to the Daemonset pods
+
+## v0.7.2
+
+### Minor Changes
+
+* Add option to add labels to the Daemonset pods
+
+## v0.7.1
+
+### Minor Changes
+
+* Fix `FalcoExporterAbsent` expression
+
+## v0.7.0
+
+### Major Changes
+
+* Adds ability to create custom PrometheusRules for alerting
+
+## v0.6.2
+
+## Minor Changes
+
+* Add Check availability of 'monitoring.coreos.com/v1' api version
+
+## v0.6.1
+
+### Minor Changes
+
+* Add option the add annotations to the Daemonset
+
+## v0.6.0
+
+### Minor Changes
+
+* Upgrade falco-exporter version to v0.6.0 (see the [falco-exporter changelog](https://github.com/falcosecurity/falco-exporter/releases/tag/v0.6.0))
+
+## v0.5.2
+
+### Minor changes
+
+* Make image registry configurable
+
+## v0.5.1
+
+* Display only non-zero rates in Grafana dashboard template
+
+## v0.5.0
+
+### Minor Changes
+
+* Upgrade falco-exporter version to v0.5.0
+* Add metrics about Falco drops
+* Make `unix://` prefix optional
+
+## v0.4.2
+
+### Minor Changes
+
+* Fix Prometheus datasource name reference in grafana dashboard template
+
+## v0.4.1
+
+### Minor Changes
+
+* Support release namespace configuration
+
+## v0.4.0
+
+### Mayor Changes
+
+* Add Mutual TLS for falco-exporter enable/disabled feature
+
+## v0.3.8
+
+### Minor Changes
+
+* Replace extensions apiGroup/apiVersion because of deprecation
+
+## v0.3.7
+
+### Minor Changes
+
+* Fixed falco-exporter PSP by allowing secret volumes
+
+## v0.3.6
+
+### Minor Changes
+
+* Add SecurityContextConstraint to allow deploying in Openshift
+
+## v0.3.5
+
+### Minor Changes
+
+* Added the possibility to automatically add a PSP (in combination with a Role and a RoleBindung) via the podSecurityPolicy values
+* Namespaced the falco-exporter ServiceAccount and Service
+
+## v0.3.4
+
+### Minor Changes
+
+* Add priorityClassName to values
+
+## v0.3.3
+
+### Minor Changes
+
+* Add grafana dashboard to helm chart
+
+## v0.3.2
+
+### Minor Changes
+
+* Fix for additional labels for falco-exporter servicemonitor
+
+## v0.3.1
+
+### Minor Changes
+
+* Added the support to deploy a Prometheus Service Monitor. Is disables by default.
+
+## v0.3.0
+
+### Major Changes
+
+* Chart moved to [falcosecurity/charts](https://github.com/falcosecurity/charts) repository
+* gRPC over unix socket support (by default)
+* Updated falco-exporter version to `0.3.0`
+
+### Minor Changes
+
+* README.md and CHANGELOG.md added

charts/falco-exporter/Chart.yaml

@@ -0,0 +1,21 @@
+annotations:
+  artifacthub.io/changes: |
+    - "✨ update chart to version 0.11.0"
+apiVersion: v2
+appVersion: 0.8.3
+description: Prometheus Metrics Exporter for Falco output events
+keywords:
+- monitoring
+- security
+- alerting
+- metric
+- troubleshooting
+- run-time
+maintainers:
+- email: me@leonardograsso.com
+  name: leogr
+name: falco-exporter
+sources:
+- https://github.com/falcosecurity/falco-exporter
+type: application
+version: 1.0.0

charts/falco-exporter/README.gotmpl

@@ -0,0 +1,75 @@
+# falco-exporter Helm Chart
+
+[falco-exporter](https://github.com/falcosecurity/falco-exporter) is a Prometheus Metrics Exporter for Falco output events.
+
+Before using this chart, you need [Falco installed](https://falco.org/docs/installation/) and running with the [gRPC Output](https://falco.org/docs/grpc/) enabled (over Unix socket by default).
+
+This chart is compatible with the [Falco Chart](https://github.com/falcosecurity/charts/tree/master/charts/falco) version `v1.2.0` or greater. Instructions to enable the gRPC Output in the Falco Helm Chart can be found [here](https://github.com/falcosecurity/charts/tree/master/charts/falco#enabling-grpc). We also strongly recommend using [gRPC over Unix socket](https://github.com/falcosecurity/charts/tree/master/charts/falco#grpc-over-unix-socket-default).
+
+## Introduction
+
+The chart deploys **falco-exporter** as Daemon Set on your the Kubernetes cluster. If a [Prometheus installation](https://github.com/helm/charts/tree/master/stable/prometheus) is running within your cluster, metrics provided by **falco-exporter** will be automatically discovered.
+
+## Adding `falcosecurity` repository
+
+Prior to installing the chart, add the `falcosecurity` charts repository:
+
+```bash
+helm repo add falcosecurity https://falcosecurity.github.io/charts
+helm repo update
+```
+
+## Installing the Chart
+
+To install the chart with the release name `falco-exporter` run:
+
+```bash
+helm install falco-exporter falcosecurity/falco-exporter
+```
+
+After a few seconds, **falco-exporter** should be running.
+
+> **Tip**: List all releases using `helm list`, a release is a name used to track a specific deployment
+
+## Uninstalling the Chart
+
+To uninstall the `falco-exporter` deployment:
+
+```bash
+helm uninstall falco-exporter
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+```bash
+helm install falco-exporter --set falco.grpcTimeout=3m falcosecurity/falco-exporter
+```
+
+Alternatively, a YAML file that specifies the parameters' values can be provided while installing the chart. For example,
+
+```bash
+helm install falco-exporter -f values.yaml falcosecurity/falco-exporter
+```
+
+### Enable Mutual TLS
+
+Mutual TLS for `/metrics` endpoint can be enabled to prevent alerts content from being consumed by unauthorized components.
+
+To install falco-exporter with Mutual TLS enabled, you have to:
+
+```shell
+helm install falco-exporter \
+  --set service.mTLS.enabled=true \
+  --set-file service.mTLS.server.key=/path/to/server.key \
+  --set-file service.mTLS.server.crt=/path/to/server.crt \
+  --set-file service.mTLS.ca.crt=/path/to/ca.crt \
+  falcosecurity/falco-exporter
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## Configuration
+
+The following table lists the main configurable parameters of the {{ template "chart.name" . }} chart v{{ template "chart.version" . }} and their default values. Please, refer to [values.yaml](./values.yaml) for the full list of configurable parameters.
+
+{{ template "chart.valuesSection" . }}