FIX(argocd): falco ArgoCD
- to use multiple sources for ingress deployment - Change from single source to multiple sources - Add kustomize path to deploy ingress.yaml - Add Authelia middleware to ingress
This commit is contained in:
@@ -7,78 +7,20 @@ metadata:
|
|||||||
- resources-finalizer.argocd.argoproj.io
|
- resources-finalizer.argocd.argoproj.io
|
||||||
spec:
|
spec:
|
||||||
project: default
|
project: default
|
||||||
source:
|
sources:
|
||||||
repoURL: https://falcosecurity.github.io/charts
|
- repoURL: https://falcosecurity.github.io/charts
|
||||||
chart: falco
|
chart: falco
|
||||||
targetRevision: 4.20.0
|
targetRevision: 4.20.0
|
||||||
helm:
|
helm:
|
||||||
values: |
|
valueFiles:
|
||||||
# Driver configuration - use modern_ebpf
|
- $values/falco/helm-values.yaml
|
||||||
driver:
|
- repoURL: https://github.com/Mayne0213/cluster-infrastructure.git
|
||||||
enabled: true
|
targetRevision: main
|
||||||
kind: modern_ebpf
|
ref: values
|
||||||
|
- repoURL: https://github.com/Mayne0213/cluster-infrastructure.git
|
||||||
# Image configuration - use Falco 0.40.0 for kernel 6.14 support
|
targetRevision: main
|
||||||
image:
|
path: falco
|
||||||
registry: docker.io
|
kustomize: {}
|
||||||
repository: falcosecurity/falco
|
|
||||||
tag: 0.40.0
|
|
||||||
|
|
||||||
# Resource requests
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 30m
|
|
||||||
memory: 256Mi
|
|
||||||
limits:
|
|
||||||
cpu: null # Delete Helm chart default CPU limit
|
|
||||||
memory: 1Gi
|
|
||||||
|
|
||||||
# Falco configuration
|
|
||||||
falco:
|
|
||||||
json_output: true
|
|
||||||
json_include_output_property: true
|
|
||||||
log_stderr: true
|
|
||||||
log_syslog: false
|
|
||||||
log_level: info
|
|
||||||
rules_files:
|
|
||||||
- /etc/falco/falco_rules.yaml
|
|
||||||
- /etc/falco/falco_rules.local.yaml
|
|
||||||
|
|
||||||
# Metrics
|
|
||||||
metrics:
|
|
||||||
enabled: true
|
|
||||||
|
|
||||||
# Service Monitor
|
|
||||||
serviceMonitor:
|
|
||||||
enabled: true
|
|
||||||
interval: 30s
|
|
||||||
|
|
||||||
# Falcosidekick
|
|
||||||
falcosidekick:
|
|
||||||
enabled: true
|
|
||||||
config:
|
|
||||||
debug: false
|
|
||||||
webui:
|
|
||||||
enabled: true
|
|
||||||
replicaCount: 1
|
|
||||||
resources:
|
|
||||||
requests:
|
|
||||||
cpu: 30m
|
|
||||||
memory: 128Mi
|
|
||||||
|
|
||||||
# RBAC
|
|
||||||
rbac:
|
|
||||||
create: true
|
|
||||||
|
|
||||||
serviceAccount:
|
|
||||||
create: true
|
|
||||||
name: falco
|
|
||||||
|
|
||||||
tolerations:
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/master
|
|
||||||
- effect: NoSchedule
|
|
||||||
key: node-role.kubernetes.io/control-plane
|
|
||||||
destination:
|
destination:
|
||||||
server: https://kubernetes.default.svc
|
server: https://kubernetes.default.svc
|
||||||
namespace: falco
|
namespace: falco
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ metadata:
|
|||||||
namespace: falco
|
namespace: falco
|
||||||
annotations:
|
annotations:
|
||||||
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
cert-manager.io/cluster-issuer: "letsencrypt-prod"
|
||||||
|
traefik.ingress.kubernetes.io/router.middlewares: authelia-authelia-auth@kubernetescrd
|
||||||
spec:
|
spec:
|
||||||
ingressClassName: traefik
|
ingressClassName: traefik
|
||||||
tls:
|
tls:
|
||||||
|
|||||||
Reference in New Issue
Block a user