Add sample kubernetes deployment #16
Conversation
|
Thanks a lot for this contribution. I'm working on a local branch about same topic for a while, just didn't had enough time to move forward (I'm still bad with helm formalism, so any help is welcome). I would like a solution without modifying the chart for adapting, I prefer to use configmap.yml + values.yml, especially because I'm planning a version 2.0.0 with a lot of changes. Environment variables are useful but we could do better with a hierarchy of configuration methods "env vars > yaml config file > default values", I will surely using Viper package for doing that : https://github.com/spf13/viper. My point is to provide several methods for configuration and possible overridings. You choose to create a I think I will take ideas from https://github.com/helm/charts/tree/master/stable/traefik, traefik is piece of software I know well and I really like, its mechanism for handling configuration inspires me (will use yaml instead of toml to be consistent with It's maybe esthetic, but I prefer to add helm files in a Regards, |
natalysheinin
force-pushed
the
add-k8s-deployment
branch
from
bec46b8 to
c7d903e
Compare
|
@Issif do you need me to adjust anything here for it to get merged? |
|
@natalysheinin Yes please :
|
| labels: | ||
| name: falcosidekick | ||
| spec: | ||
| replicas: 1 |
There was a problem hiding this comment.
| replicas: 1 | |
| replicas: 2 |
for HA
| program_output: | ||
| enabled: true | ||
| keep_alive: false | ||
| program: "curl -d @- falcosidekick.sysdig-staging.svc.cluster.local:2801/" |
There was a problem hiding this comment.
| program: "curl -d @- falcosidekick.sysdig-staging.svc.cluster.local:2801/" | |
| program: "curl -d @- falcosidekick.falco.svc.cluster.local:2801/" |
I think we should add falcosidekick in same namespace than falco
| serviceAccount: falcosidekick | ||
| containers: | ||
| - name: falcosidekick | ||
| image: issif/falcosidekick:1.1.0 |
There was a problem hiding this comment.
| image: issif/falcosidekick:1.1.0 | |
| image: falco/falcosidekick:2.7.2 |
falcosidekick is now an official project, we moved it's repository
|
I'm also thinking about using a ConfigMap (#33), for direct yaml and helm chart |
| image: issif/falcosidekick:1.1.0 | ||
| imagePullPolicy: Always | ||
| ports: | ||
| - containerPort: 2081 |
| # CREATE THE K8S SECRETS BEFORE UNCOMMENTING | ||
| # https://kubernetes.io/docs/concepts/configuration/secret/#creating-a-secret-using-kubectl-create-secret | ||
| # Example: kubectl create secret falcosidekick-slack-secret --from-file=./slack-secret.txt | ||
| # - name: SLACK_WEBHOOK_URL |
There was a problem hiding this comment.
This should be "SLACK_WEBHOOKURL" no?
| value: "all" | ||
| - name: DEBUG | ||
| value: "true" | ||
| args: [ "/falcosidekick"] |
| value: "" | ||
| - name: SLACK_ICON | ||
| value: "" | ||
| - name: SLACK_OUTPUT_FORMAT |
|
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
|
Issues go stale after 90d of inactivity. Mark the issue as fresh with Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with Provide feedback via https://github.com/falcosecurity/community. /lifecycle stale |
Adding a Kubernetes Deployment manifest that can be used to deploy falcosidekick to a Kubernetes environment.
Verified deployment works on Minikube.
cc @Issif