From 54ef45956c3eacda286e2273d48d0c9339eb6728 Mon Sep 17 00:00:00 2001 From: Victor Login Date: Fri, 17 Mar 2023 12:03:51 +0100 Subject: [PATCH] argocd: add falco Signed-off-by: Victor Login --- ops/Helm/addons/falco/Chart.yaml | 22 +++++++++++ ops/Helm/addons/falco/templates/NOTES.txt | 5 +++ ops/Helm/addons/falco/values.yaml | 9 +++++ .../infrastructure/falco/application.yaml | 38 +++++++++++++++++++ 4 files changed, 74 insertions(+) create mode 100644 ops/Helm/addons/falco/Chart.yaml create mode 100644 ops/Helm/addons/falco/templates/NOTES.txt create mode 100644 ops/Helm/addons/falco/values.yaml create mode 100644 ops/argocd/infrastructure/falco/application.yaml diff --git a/ops/Helm/addons/falco/Chart.yaml b/ops/Helm/addons/falco/Chart.yaml new file mode 100644 index 00000000000..50756fd8c70 --- /dev/null +++ b/ops/Helm/addons/falco/Chart.yaml @@ -0,0 +1,22 @@ +apiVersion: v2 # The chart API version (required) +appVersion: "1.0.0" # The version of the app that this contains (optional) +name: falcosecurity # The name of the chart (required) +version: 0.1.0 # A SemVer 2 version (required) +kubeVersion: ">= 1.22.0 || >= v1.22.0-0" # A SemVer range of compatible Kubernetes versions (optional) +keywords: # A list of keywords about this project (optional) + - falco + - security +maintainers: + - email: batazor111@gmail.com + name: batazor + url: batazor.ru +engine: gotpl +type: application # It is the type of chart (optional) +deprecated: false # Whether this chart is deprecated (optional, boolean) +dependencies: + - name: falco + version: 3.1.2 + repository: https://falcosecurity.github.io/charts + condition: falcosecurity.enabled + tags: + - security diff --git a/ops/Helm/addons/falco/templates/NOTES.txt b/ops/Helm/addons/falco/templates/NOTES.txt new file mode 100644 index 00000000000..68e8ce8a646 --- /dev/null +++ b/ops/Helm/addons/falco/templates/NOTES.txt @@ -0,0 +1,5 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** diff --git a/ops/Helm/addons/falco/values.yaml b/ops/Helm/addons/falco/values.yaml new file mode 100644 index 00000000000..30159135b81 --- /dev/null +++ b/ops/Helm/addons/falco/values.yaml @@ -0,0 +1,9 @@ +# Common default values for falcosecurity. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +falcosecurity: + enabled: true + + driver: + kind: modern-bpf diff --git a/ops/argocd/infrastructure/falco/application.yaml b/ops/argocd/infrastructure/falco/application.yaml new file mode 100644 index 00000000000..209278ed627 --- /dev/null +++ b/ops/argocd/infrastructure/falco/application.yaml @@ -0,0 +1,38 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: falco + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: shortlink + destination: + name: '' + namespace: falco + server: 'https://kubernetes.default.svc' + source: + path: ops/Helm/addons/falco + repoURL: 'https://github.com/shortlink-org/shortlink' + targetRevision: HEAD + helm: + releaseName: falco + syncPolicy: + automated: + prune: true + allowEmpty: true + selfHeal: false + syncOptions: + - CreateNamespace=true + - ServerSideApply=true + retry: + limit: 2 + backoff: + duration: 10s + maxDuration: 3m0s + factor: 2 + ignoreDifferences: + - group: falco.io + kind: ClusterPolicy + jqPathExpressions: + - .spec.rules[] | select(.name|test("autogen-."))