From c617abfbc9f3ec4a1935ff0f7e40567174558f9d Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Fri, 17 Jan 2025 14:42:52 +0100 Subject: [PATCH 01/11] docs(charts/falco/values.yaml): fix broken URLs Signed-off-by: Leonardo Grasso --- charts/falco/values.yaml | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) diff --git a/charts/falco/values.yaml b/charts/falco/values.yaml index c73f6b6d1..50bc16b74 100644 --- a/charts/falco/values.yaml +++ b/charts/falco/values.yaml @@ -299,7 +299,7 @@ driver: # Capabilities used: {CAP_SYS_RESOURCE, CAP_SYS_ADMIN, CAP_SYS_PTRACE}. # On kernel versions >= 5.8 'CAP_PERFMON' and 'CAP_BPF' could replace 'CAP_SYS_ADMIN' but please pay attention to the 'kernel.perf_event_paranoid' value on your system. # Usually 'kernel.perf_event_paranoid>2' means that you cannot use 'CAP_PERFMON' and you should fallback to 'CAP_SYS_ADMIN', but the behavior changes across different distros. - # Read more on that here: https://falco.org/docs/event-sources/kernel/#least-privileged-mode-1 + # Read more on that here: https://falco.org/docs/setup/container/#docker-least-privileged-ebpf-probe leastPrivileged: false # -- bufSizePreset determines the size of the shared space between Falco and its drivers. # This shared space serves as a temporary storage for syscall events. @@ -310,7 +310,7 @@ driver: # -- Constrain Falco with capabilities instead of running a privileged container. # Ensure the modern bpf driver is enabled (i.e., setting the `driver.kind` option to `modern-bpf`). # Capabilities used: {CAP_SYS_RESOURCE, CAP_BPF, CAP_PERFMON, CAP_SYS_PTRACE}. - # Read more on that here: https://falco.org/docs/event-sources/kernel/#least-privileged-mode-2 + # Read more on that here: https://falco.org/docs/setup/container/#docker-least-privileged-ebpf-probe leastPrivileged: false # -- bufSizePreset determines the size of the shared space between Falco and its drivers. # This shared space serves as a temporary storage for syscall events. @@ -410,7 +410,6 @@ collectors: # The path used here must not have a final '/'. hostProc: /host - ########################### # Extras and customization # ############################ @@ -522,8 +521,8 @@ falcoctl: # -- List of indexes that falcoctl downloads and uses to locate and download artiafcts. For more info see: # https://github.com/falcosecurity/falcoctl/blob/main/proposals/20220916-rules-and-plugin-distribution.md#index-file-overview indexes: - - name: falcosecurity - url: https://falcosecurity.github.io/falcoctl/index.yaml + - name: falcosecurity + url: https://falcosecurity.github.io/falcoctl/index.yaml # -- Configuration used by the artifact commands. artifact: # -- List of artifact types that falcoctl will handle. If the configured refs resolves to an artifact whose type is not contained @@ -578,7 +577,8 @@ serviceMonitor: # scraping metrics from a service. It allows you to define the details of the TLS connection, such as # CA certificate, client certificate, and client key. Currently, the k8s-metacollector does not support # TLS configuration for the metrics endpoint. - tlsConfig: {} + tlsConfig: + {} # insecureSkipVerify: false # caFile: /path/to/ca.crt # certFile: /path/to/client.crt @@ -704,7 +704,6 @@ falco: rule_matching: first - # [Incubating] `outputs_queue` # # -- Falco utilizes tbb::concurrent_bounded_queue for handling outputs, and this parameter @@ -726,7 +725,6 @@ falco: outputs_queue: capacity: 0 - ################# # Falco plugins # ################# @@ -920,7 +918,6 @@ falco: # environment variable $HOME, and "evt.hostname" which will contain the hostname. append_output: [] - ########################## # Falco outputs channels # ########################## @@ -1412,7 +1409,6 @@ falco: include_empty_values: false kernel_event_counters_per_cpu_enabled: false - ####################################### # Falco performance tuning (advanced) # ####################################### @@ -1532,7 +1528,6 @@ falco: custom_set: [] repair: false - ############## # Falco libs # ############## From c0d1ba51ab71757f7f5132bf9bc02deebc2d9677 Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Fri, 17 Jan 2025 14:43:13 +0100 Subject: [PATCH 02/11] docs(charts/falco/CHANGELOG.md): fix broken URL Signed-off-by: Leonardo Grasso --- charts/falco/CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/falco/CHANGELOG.md b/charts/falco/CHANGELOG.md index 9ca813aa4..b59db61a6 100644 --- a/charts/falco/CHANGELOG.md +++ b/charts/falco/CHANGELOG.md @@ -328,7 +328,7 @@ The new chart introduces some breaking changes. For folks upgrading Falco please ## v3.3.0 * Upgrade Falco to 0.35.1. For more info see the release notes: https://github.com/falcosecurity/falco/releases/tag/0.35.1 * Upgrade falcoctl to 0.5.1. For more info see the release notes: https://github.com/falcosecurity/falcoctl/releases/tag/v0.5.1 -* Introduce least privileged mode in modern ebpf. For more info see: https://falco.org/docs/event-sources/kernel/#least-privileged-mode-2 +* Introduce least privileged mode in modern ebpf. For more info see: https://falco.org/docs/setup/container/#docker-least-privileged-modern-ebpf ## v3.2.1 * Set falco.http_output.url to empty string in values.yaml file From affbecd2bfa6fe2685bd574f8e1c6c244eaec58f Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Fri, 17 Jan 2025 14:43:51 +0100 Subject: [PATCH 03/11] docs(charts/falco): update driverd documentation and fix links Signed-off-by: Leonardo Grasso --- charts/falco/README.gotmpl | 25 +++++++++++++++---------- charts/falco/README.md | 28 ++++++++++++++++------------ 2 files changed, 31 insertions(+), 22 deletions(-) diff --git a/charts/falco/README.gotmpl b/charts/falco/README.gotmpl index d3a471b0d..02f10d9c5 100644 --- a/charts/falco/README.gotmpl +++ b/charts/falco/README.gotmpl @@ -53,11 +53,12 @@ Note that **a Falco instance can handle multiple event sources in parallel**. yo Falco needs a **driver** to analyze the system workload and pass security events to userspace. The supported drivers are: -* [Kernel module](https://falco.org/docs/event-sources/drivers/#kernel-module) -* [eBPF probe](https://falco.org/docs/event-sources/drivers/#ebpf-probe) -* [Modern eBPF probe](https://falco.org/docs/event-sources/drivers/#modern-ebpf-probe) +* [Modern eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#modern-ebpf-probe) +* [Kernel module](https://falco.org/docs/concepts/event-sources/kernel/#kernel-module) +* [Legacy eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#legacy-ebpf-probe) + +The driver must be loaded on the node where Falco is running. Falco now prefers the **Modern eBPF probe** by default. When using **falcoctl** with `driver.kind=auto`, it will automatically choose the best driver for your system. Specifically, it first attempts to use the Modern eBPF probe (which is shipped directly within the Falco binary) and will fall back to the _kernel module_ or the _original eBPF probe_ if the necessary BPF features are not available. -The driver should be installed on the node where Falco is running. The _kernel module_ (default option) and the _eBPF probe_ are installed on the node through an *init container* (i.e. `falco-driver-loader`) that tries download a prebuilt driver or build it on-the-fly as a fallback. The _Modern eBPF probe_ doesn't require an init container because it is shipped directly into the Falco binary. However, the _Modern eBPF probe_ requires [recent BPF features](https://falco.org/docs/event-sources/kernel/#modern-ebpf-probe). ##### Pre-built drivers @@ -146,20 +147,24 @@ After the clarification of the different [**event sources**](#falco-event-source The chart deploys Falco using a `daemonset` or a `deployment` depending on the **event sources**. #### Daemonset -When using the [drivers](#about-the-driver), Falco is deployed as `daemonset`. By using a `daemonset`, k8s assures that a Falco instance will be running in each of our nodes even when we add new nodes to our cluster. So it is the perfect match when we need to monitor all the nodes in our cluster. +When using the [drivers](#about-the-driver), Falco is typically deployed as a `DaemonSet`. By using a DaemonSet, Kubernetes ensures that a Falco instance is running on each node even as new nodes are added to your cluster. This makes it a perfect fit for monitoring across the entire cluster. + +By default, with `driver.kind=auto`, the correct driver will will be automatically selected for each node. This is accomplished through the **driver loader** (implemented by `falcoctl`), which generates a new Falco configuration file and picks the right engine driver (Modern eBPF, kmod, or legacy eBPF) based on the underlying environment. If you prefer to manually force a specific driver, see the other available options below. **Kernel module** -To run Falco with the [kernel module](https://falco.org/docs/event-sources/drivers/#kernel-module) you can use the default values of the helm chart: + +To run Falco with the [eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#kernel-module) you just need to set `driver.kind=kmod` as shown in the following snippet: ```bash helm install falco falcosecurity/falco \ --create-namespace \ --namespace falco + --set driver.kind=kmod ``` -**eBPF probe** +**Legacy eBPF probe** -To run Falco with the [eBPF probe](https://falco.org/docs/event-sources/drivers/#ebpf-probe) you just need to set `driver.kind=ebpf` as shown in the following snippet: +To run Falco with the [eBPF probe](http://falco.org/docs/concepts/event-sources/kernel/#legacy-ebpf-probe) you just need to set `driver.kind=ebpf` as shown in the following snippet: ```bash helm install falco falcosecurity/falco \ @@ -177,9 +182,9 @@ helm install falco falcosecurity/falco \ -f "path-to-custom-values.yaml-file" ``` -**modern eBPF probe** +**Modern eBPF probe** -To run Falco with the [modern eBPF probe](https://falco.org/docs/event-sources/drivers/#modern-ebpf-probe-experimental) you just need to set `driver.kind=modern_bpf` as shown in the following snippet: +To run Falco with the [modern eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#modern-ebpf-probe) you just need to set `driver.kind=modern_bpf` as shown in the following snippet: ```bash helm install falco falcosecurity/falco \ diff --git a/charts/falco/README.md b/charts/falco/README.md index d47e29f30..ac0438822 100644 --- a/charts/falco/README.md +++ b/charts/falco/README.md @@ -53,11 +53,11 @@ Note that **a Falco instance can handle multiple event sources in parallel**. yo Falco needs a **driver** to analyze the system workload and pass security events to userspace. The supported drivers are: -* [Kernel module](https://falco.org/docs/event-sources/drivers/#kernel-module) -* [eBPF probe](https://falco.org/docs/event-sources/drivers/#ebpf-probe) -* [Modern eBPF probe](https://falco.org/docs/event-sources/drivers/#modern-ebpf-probe) +* [Modern eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#modern-ebpf-probe) +* [Kernel module](https://falco.org/docs/concepts/event-sources/kernel/#kernel-module) +* [Legacy eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#legacy-ebpf-probe) -The driver should be installed on the node where Falco is running. The _kernel module_ (default option) and the _eBPF probe_ are installed on the node through an *init container* (i.e. `falco-driver-loader`) that tries download a prebuilt driver or build it on-the-fly as a fallback. The _Modern eBPF probe_ doesn't require an init container because it is shipped directly into the Falco binary. However, the _Modern eBPF probe_ requires [recent BPF features](https://falco.org/docs/event-sources/kernel/#modern-ebpf-probe). +The driver must be loaded on the node where Falco is running. Falco now prefers the **Modern eBPF probe** by default. When using **falcoctl** with `driver.kind=auto`, it will automatically choose the best driver for your system. Specifically, it first attempts to use the Modern eBPF probe (which is shipped directly within the Falco binary) and will fall back to the _kernel module_ or the _original eBPF probe_ if the necessary BPF features are not available. ##### Pre-built drivers @@ -146,20 +146,24 @@ After the clarification of the different [**event sources**](#falco-event-source The chart deploys Falco using a `daemonset` or a `deployment` depending on the **event sources**. #### Daemonset -When using the [drivers](#about-the-driver), Falco is deployed as `daemonset`. By using a `daemonset`, k8s assures that a Falco instance will be running in each of our nodes even when we add new nodes to our cluster. So it is the perfect match when we need to monitor all the nodes in our cluster. +When using the [drivers](#about-the-driver), Falco is typically deployed as a `DaemonSet`. By using a DaemonSet, Kubernetes ensures that a Falco instance is running on each node even as new nodes are added to your cluster. This makes it a perfect fit for monitoring across the entire cluster. + +By default, with `driver.kind=auto`, the correct driver will will be automatically selected for each node. This is accomplished through the **driver loader** (implemented by `falcoctl`), which generates a new Falco configuration file and picks the right engine driver (Modern eBPF, kmod, or legacy eBPF) based on the underlying environment. If you prefer to manually force a specific driver, see the other available options below. **Kernel module** -To run Falco with the [kernel module](https://falco.org/docs/event-sources/drivers/#kernel-module) you can use the default values of the helm chart: + +To run Falco with the [eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#kernel-module) you just need to set `driver.kind=kmod` as shown in the following snippet: ```bash helm install falco falcosecurity/falco \ --create-namespace \ --namespace falco + --set driver.kind=kmod ``` -**eBPF probe** +**Legacy eBPF probe** -To run Falco with the [eBPF probe](https://falco.org/docs/event-sources/drivers/#ebpf-probe) you just need to set `driver.kind=ebpf` as shown in the following snippet: +To run Falco with the [eBPF probe](http://falco.org/docs/concepts/event-sources/kernel/#legacy-ebpf-probe) you just need to set `driver.kind=ebpf` as shown in the following snippet: ```bash helm install falco falcosecurity/falco \ @@ -177,9 +181,9 @@ helm install falco falcosecurity/falco \ -f "path-to-custom-values.yaml-file" ``` -**modern eBPF probe** +**Modern eBPF probe** -To run Falco with the [modern eBPF probe](https://falco.org/docs/event-sources/drivers/#modern-ebpf-probe-experimental) you just need to set `driver.kind=modern_bpf` as shown in the following snippet: +To run Falco with the [modern eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#modern-ebpf-probe) you just need to set `driver.kind=modern_bpf` as shown in the following snippet: ```bash helm install falco falcosecurity/falco \ @@ -618,7 +622,7 @@ The following table lists the main configurable parameters of the falco chart v4 | driver.ebpf.bufSizePreset | int | `4` | bufSizePreset determines the size of the shared space between Falco and its drivers. This shared space serves as a temporary storage for syscall events. | | driver.ebpf.dropFailedExit | bool | `false` | dropFailedExit if set true drops failed system call exit events before pushing them to userspace. | | driver.ebpf.hostNetwork | bool | `false` | Needed to enable eBPF JIT at runtime for performance reasons. Can be skipped if eBPF JIT is enabled from outside the container | -| driver.ebpf.leastPrivileged | bool | `false` | Constrain Falco with capabilities instead of running a privileged container. Ensure the eBPF driver is enabled (i.e., setting the `driver.kind` option to `ebpf`). Capabilities used: {CAP_SYS_RESOURCE, CAP_SYS_ADMIN, CAP_SYS_PTRACE}. On kernel versions >= 5.8 'CAP_PERFMON' and 'CAP_BPF' could replace 'CAP_SYS_ADMIN' but please pay attention to the 'kernel.perf_event_paranoid' value on your system. Usually 'kernel.perf_event_paranoid>2' means that you cannot use 'CAP_PERFMON' and you should fallback to 'CAP_SYS_ADMIN', but the behavior changes across different distros. Read more on that here: https://falco.org/docs/event-sources/kernel/#least-privileged-mode-1 | +| driver.ebpf.leastPrivileged | bool | `false` | Constrain Falco with capabilities instead of running a privileged container. Ensure the eBPF driver is enabled (i.e., setting the `driver.kind` option to `ebpf`). Capabilities used: {CAP_SYS_RESOURCE, CAP_SYS_ADMIN, CAP_SYS_PTRACE}. On kernel versions >= 5.8 'CAP_PERFMON' and 'CAP_BPF' could replace 'CAP_SYS_ADMIN' but please pay attention to the 'kernel.perf_event_paranoid' value on your system. Usually 'kernel.perf_event_paranoid>2' means that you cannot use 'CAP_PERFMON' and you should fallback to 'CAP_SYS_ADMIN', but the behavior changes across different distros. Read more on that here: https://falco.org/docs/setup/container/#docker-least-privileged-ebpf-probe | | driver.ebpf.path | string | `"${HOME}/.falco/falco-bpf.o"` | path where the eBPF probe is located. It comes handy when the probe have been installed in the nodes using tools other than the init container deployed with the chart. | | driver.enabled | bool | `true` | Set it to false if you want to deploy Falco without the drivers. Always set it to false when using Falco with plugins. | | driver.gvisor | object | `{"runsc":{"config":"/run/containerd/runsc/config.toml","path":"/home/containerd/usr/local/sbin","root":"/run/containerd/runsc"}}` | Gvisor configuration. Based on your system you need to set the appropriate values. Please, remember to add pod tolerations and affinities in order to schedule the Falco pods in the gVisor enabled nodes. | @@ -642,7 +646,7 @@ The following table lists the main configurable parameters of the falco chart v4 | driver.modernEbpf.bufSizePreset | int | `4` | bufSizePreset determines the size of the shared space between Falco and its drivers. This shared space serves as a temporary storage for syscall events. | | driver.modernEbpf.cpusForEachBuffer | int | `2` | cpusForEachBuffer is the index that controls how many CPUs to assign to a single syscall buffer. | | driver.modernEbpf.dropFailedExit | bool | `false` | dropFailedExit if set true drops failed system call exit events before pushing them to userspace. | -| driver.modernEbpf.leastPrivileged | bool | `false` | Constrain Falco with capabilities instead of running a privileged container. Ensure the modern bpf driver is enabled (i.e., setting the `driver.kind` option to `modern-bpf`). Capabilities used: {CAP_SYS_RESOURCE, CAP_BPF, CAP_PERFMON, CAP_SYS_PTRACE}. Read more on that here: https://falco.org/docs/event-sources/kernel/#least-privileged-mode-2 | +| driver.modernEbpf.leastPrivileged | bool | `false` | Constrain Falco with capabilities instead of running a privileged container. Ensure the modern bpf driver is enabled (i.e., setting the `driver.kind` option to `modern-bpf`). Capabilities used: {CAP_SYS_RESOURCE, CAP_BPF, CAP_PERFMON, CAP_SYS_PTRACE}. Read more on that here: https://falco.org/docs/setup/container/#docker-least-privileged-ebpf-probe | | extra.args | list | `[]` | Extra command-line arguments. | | extra.env | list | `[]` | Extra environment variables that will be pass onto Falco containers. | | extra.initContainers | list | `[]` | Additional initContainers for Falco pods. | From 989a3991164e8fb23eaf137fe901b40ba16673c7 Mon Sep 17 00:00:00 2001 From: Leonardo Grasso Date: Fri, 17 Jan 2025 14:48:15 +0100 Subject: [PATCH 04/11] update(charts/falco): bump to 4.17.1 Signed-off-by: Leonardo Grasso --- charts/falco/CHANGELOG.md | 4 ++++ charts/falco/Chart.yaml | 2 +- charts/falco/README.md | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/falco/CHANGELOG.md b/charts/falco/CHANGELOG.md index b59db61a6..f05322872 100644 --- a/charts/falco/CHANGELOG.md +++ b/charts/falco/CHANGELOG.md @@ -3,6 +3,10 @@ This file documents all notable changes to Falco Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v4.17.1 + +* docs(falco): update README.md to reflect latest driver configuration and correct broken links + ## v4.17.0 * update(falco): bump k8saudit version to 0.11 diff --git a/charts/falco/Chart.yaml b/charts/falco/Chart.yaml index a8be9c46a..f72349407 100644 --- a/charts/falco/Chart.yaml +++ b/charts/falco/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: falco -version: 4.17.0 +version: 4.17.1 appVersion: "0.39.2" description: Falco keywords: diff --git a/charts/falco/README.md b/charts/falco/README.md index ac0438822..8bbb6b7ef 100644 --- a/charts/falco/README.md +++ b/charts/falco/README.md @@ -585,7 +585,7 @@ If you use a Proxy in your cluster, the requests between `Falco` and `Falcosidek ## Configuration -The following table lists the main configurable parameters of the falco chart v4.17.0 and their default values. See [values.yaml](./values.yaml) for full list. +The following table lists the main configurable parameters of the falco chart v4.17.1 and their default values. See [values.yaml](./values.yaml) for full list. ## Values From 83686cbb42ff970ffff5ca43b2440ff79fe40daa Mon Sep 17 00:00:00 2001 From: Sylvester Damgaard Date: Sun, 19 Jan 2025 19:34:27 +0100 Subject: [PATCH 05/11] Add ports definition in falco container spec Update changelog for v4.17.2 Signed-off-by: Sylvester Damgaard --- charts/falco/CHANGELOG.md | 3 +++ charts/falco/templates/pod-template.tpl | 4 ++++ 2 files changed, 7 insertions(+) diff --git a/charts/falco/CHANGELOG.md b/charts/falco/CHANGELOG.md index f05322872..64f825bee 100644 --- a/charts/falco/CHANGELOG.md +++ b/charts/falco/CHANGELOG.md @@ -2,6 +2,9 @@ This file documents all notable changes to Falco Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v4.17.2 + +* update(falco): add ports definition in falco container spec ## v4.17.1 diff --git a/charts/falco/templates/pod-template.tpl b/charts/falco/templates/pod-template.tpl index aa7eb3470..19b06b60a 100644 --- a/charts/falco/templates/pod-template.tpl +++ b/charts/falco/templates/pod-template.tpl @@ -109,6 +109,10 @@ spec: {{- end }} tty: {{ .Values.tty }} {{- if .Values.falco.webserver.enabled }} + ports: + - containerPort: {{ .Values.falco.webserver.listen_port }} + name: web + protocol: TCP livenessProbe: initialDelaySeconds: {{ .Values.healthChecks.livenessProbe.initialDelaySeconds }} timeoutSeconds: {{ .Values.healthChecks.livenessProbe.timeoutSeconds }} From fe8df69d7d5e2dd61b29661b9da8e8304f97c484 Mon Sep 17 00:00:00 2001 From: Sylvester Damgaard Date: Mon, 20 Jan 2025 10:45:22 +0100 Subject: [PATCH 06/11] Update chart version to v4.17.2 Signed-off-by: Sylvester Damgaard --- charts/falco/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/falco/Chart.yaml b/charts/falco/Chart.yaml index f72349407..14de30373 100644 --- a/charts/falco/Chart.yaml +++ b/charts/falco/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: falco -version: 4.17.1 +version: 4.17.2 appVersion: "0.39.2" description: Falco keywords: From b5118f9cab2235fcc038bf0c681fd9676e3551c3 Mon Sep 17 00:00:00 2001 From: Sylvester Damgaard Date: Mon, 20 Jan 2025 13:16:56 +0100 Subject: [PATCH 07/11] Update readme for v4.17.2 Signed-off-by: Sylvester Damgaard --- charts/falco/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/falco/README.md b/charts/falco/README.md index 8bbb6b7ef..8b340c5f1 100644 --- a/charts/falco/README.md +++ b/charts/falco/README.md @@ -585,7 +585,7 @@ If you use a Proxy in your cluster, the requests between `Falco` and `Falcosidek ## Configuration -The following table lists the main configurable parameters of the falco chart v4.17.1 and their default values. See [values.yaml](./values.yaml) for full list. +The following table lists the main configurable parameters of the falco chart v4.17.2 and their default values. See [values.yaml](./values.yaml) for full list. ## Values From 6b8234fd3d4a1f1bef90a99c4631eb72361fcfaa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Jan 2025 00:03:57 +0000 Subject: [PATCH 08/11] chore(deps): Bump helm/chart-releaser-action from 1.6.0 to 1.7.0 Bumps [helm/chart-releaser-action](https://github.com/helm/chart-releaser-action) from 1.6.0 to 1.7.0. - [Release notes](https://github.com/helm/chart-releaser-action/releases) - [Commits](https://github.com/helm/chart-releaser-action/compare/a917fd15b20e8b64b94d9158ad54cd6345335584...cae68fefc6b5f367a0275617c9f83181ba54714f) --- updated-dependencies: - dependency-name: helm/chart-releaser-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/release.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b68c6d9e4..522171a70 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -39,7 +39,7 @@ jobs: helm repo add falcosecurity https://falcosecurity.github.io/charts - name: Run chart-releaser - uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 + uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0 with: charts_dir: charts config: cr.yaml From 81036051124832444e8252a1fad93395abf40f65 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Jan 2025 00:03:59 +0000 Subject: [PATCH 09/11] chore(deps): Bump helm/chart-testing-action from 2.6.1 to 2.7.0 Bumps [helm/chart-testing-action](https://github.com/helm/chart-testing-action) from 2.6.1 to 2.7.0. - [Release notes](https://github.com/helm/chart-testing-action/releases) - [Commits](https://github.com/helm/chart-testing-action/compare/e6669bcd63d7cb57cb4380c33043eebe5d111992...0d28d3144d3a25ea2cc349d6e59901c4ff469b3b) --- updated-dependencies: - dependency-name: helm/chart-testing-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 94cc8728e..07e884a8c 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -22,7 +22,7 @@ jobs: python-version: '3.x' - name: Set up chart-testing - uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 + uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0 - name: Run chart-testing (lint) run: ct lint --config ct.yaml From efbd212da23df9e8a9bce5b70b0a36811ce9eb0a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Jan 2025 08:09:45 +0000 Subject: [PATCH 10/11] chore(deps): Bump golang.org/x/net from 0.23.0 to 0.33.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.33.0. - [Commits](https://github.com/golang/net/compare/v0.23.0...v0.33.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index c79598c6a..47bec43f1 100644 --- a/go.mod +++ b/go.mod @@ -51,7 +51,7 @@ require ( github.com/spf13/pflag v1.0.5 // indirect github.com/urfave/cli v1.22.2 // indirect golang.org/x/crypto v0.31.0 // indirect - golang.org/x/net v0.23.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/oauth2 v0.8.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/term v0.27.0 // indirect diff --git a/go.sum b/go.sum index 265bd70a2..53a16460f 100644 --- a/go.sum +++ b/go.sum @@ -148,8 +148,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= From 16e88288c9c51c31929ce5dbfa37e729e62b01dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 21 Jan 2025 23:10:18 +0000 Subject: [PATCH 11/11] chore(deps): Bump actions/setup-go from 5.2.0 to 5.3.0 Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/3041bf56c941b39c61721a86cd11f3bb1338122a...f111f3307d8850f501ac008e886eec1fd1932a34) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- .github/workflows/test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 07e884a8c..236c5e623 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -75,7 +75,7 @@ jobs: run: helm dependency update ./charts/falco - name: Setup Go - uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 + uses: actions/setup-go@f111f3307d8850f501ac008e886eec1fd1932a34 # v5.3.0 with: go-version: '1.21' check-latest: true