Add custom log location capability

Author: tsigouris007

README.md

@@ -31,6 +31,19 @@ secrets:
 
 Fill them accordingly.
 
+## Custom Log Location
+
+Under the `values.yaml` file you will also find a block of `customLog` attributes as shown:
+```yaml
+customLog:
+  enabled: true
+  logDir: /var/log/crowdstrike/falconhoseclient/
+  logFile: output
+```
+
+Change them accordingly if you chose to use another location for your event logs. \
+If left empty, everything is output via stdout.
+
 ## TODO
 
 Move secrets to native k8s `Secret` object.

charts/falcon-crowdstrike/Chart.yaml

@@ -15,10 +15,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.4
+version: 0.0.5
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "0.1.0"
+appVersion: "0.1.1"

charts/falcon-crowdstrike/templates/NOTES.txt

@@ -1,5 +1,5 @@
-1. Get the application URL by running these commands:
 {{- if .Values.ingress.enabled }}
+Get the application URL by running these commands:
 {{- range $host := .Values.ingress.hosts }}
   {{- range .paths }}
   http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
@@ -23,3 +23,6 @@
   kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
 {{- end }}
 {{- end }}
+{{- if .Values.customLog }}
+Falcon CrowdStrike log location: {{ .Values.customLog.logDir }}{{ .Values.customLog.logFile }}
+{{- end }}

charts/falcon-crowdstrike/templates/deployment.yaml

@@ -50,7 +50,17 @@ spec:
               value: {{ .Values.secrets.CLIENT_SECRET | quote }}
             - name: API_BASE_URL
               value: {{ .Values.secrets.API_BASE_URL | quote }}
-          {{- end }}          
+          {{- end }}
+          {{- if .Values.customLog.enabled }}
+            {{- if .Values.customLog.logDir }}
+            - name: LOG_DIR
+              value: {{ .Values.customLog.logDir | quote }}
+            {{- end }}
+            {{- if .Values.customLog.logFile }}
+            - name: LOG_FILE
+              value: {{ .Values.customLog.logFile | quote }}
+            {{- end }}
+          {{- end }}
       {{- with .Values.volumes }}
       volumes:
         {{- toYaml . | nindent 8 }}

charts/falcon-crowdstrike/values.yaml

@@ -4,8 +4,8 @@ replicaCount: 1
 
 image:
   repository: ghcr.io/tsigouris007/falcon-crowdstrike-siem-connector
-  pullPolicy: IfNotPresent
-  tag: "v0.1.0"
+  pullPolicy: Always # IfNotPresent
+  tag: "v0.1.1"
 
 imagePullSecrets: []
 nameOverride: "falcon-crowdstrike-app"
@@ -29,6 +29,8 @@ serviceAccount:
 service:
   create: false
   type: ClusterIP
+  # For compliance with NOTES.txt
+  port: 80
 
 podAnnotations: {}
 podLabels: {}
@@ -67,22 +69,24 @@ autoscaling:
 volumes:
 - name: log-volume
   emptyDir: {}
-- name: events-volume
-  emptyDir: {}
 - name: etc-crowdstrike-volume
-  mountPath: {}
+  emptyDir: {}
+# Uncomment below to declare a different path for your container's LOG_DIR and LOG_FILE setup
+# - name: events-volume
+#   emptyDir: {}
 
 # Additional volumeMounts on the output Deployment definition.
 volumeMounts:
 - name: log-volume
   mountPath: "/var/log/crowdstrike/falconhoseclient/"
   readOnly: false
-- name: events-volume
-  mountPath: "/var/log/pods/falconhoseclient/"
-  readOnly: false
 - name: etc-crowdstrike-volume
   mountPath: "/opt/crowdstrike/etc/"
   readOnly: false
+# Uncomment below to declare a different path for your container's LOG_DIR and LOG_FILE setup
+# - name: events-volume
+#   mountPath: "/var/log/pods/falconhoseclient/"
+#   readOnly: false
 
 nodeSelector: {}
 
@@ -92,7 +96,16 @@ affinity: {}
 
 ingress:
   enabled: false
+  # For compliance with NOTES.txt
+  hosts: []
+
+# For your custom LOG_DIR and LOG_FILE setup
+customLog:
+  enabled: true
+  logDir: /var/log/crowdstrike/falconhoseclient/
+  logFile: output
 
+# Do not expose the following to your repository
 secrets:
   CLIENT_ID: ""
   CLIENT_SECRET: ""