From bde9af886bef41b2fcb9d0b44b275d8855a317c0 Mon Sep 17 00:00:00 2001 From: George Tsigourakos Date: Thu, 7 Mar 2024 16:39:21 +0200 Subject: [PATCH] Add custom log location capability --- README.md | 13 +++++++++ charts/falcon-crowdstrike/Chart.yaml | 4 +-- charts/falcon-crowdstrike/templates/NOTES.txt | 5 +++- .../templates/deployment.yaml | 12 +++++++- charts/falcon-crowdstrike/values.yaml | 29 ++++++++++++++----- 5 files changed, 51 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index 3255afa..e2ca60b 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,19 @@ secrets: Fill them accordingly. +## Custom Log Location + +Under the `values.yaml` file you will also find a block of `customLog` attributes as shown: +```yaml +customLog: + enabled: true + logDir: /var/log/crowdstrike/falconhoseclient/ + logFile: output +``` + +Change them accordingly if you chose to use another location for your event logs. \ +If left empty, everything is output via stdout. + ## TODO Move secrets to native k8s `Secret` object. diff --git a/charts/falcon-crowdstrike/Chart.yaml b/charts/falcon-crowdstrike/Chart.yaml index daeec1b..8a9a07a 100644 --- a/charts/falcon-crowdstrike/Chart.yaml +++ b/charts/falcon-crowdstrike/Chart.yaml @@ -15,10 +15,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.0.4 +version: 0.0.5 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "0.1.0" +appVersion: "0.1.1" diff --git a/charts/falcon-crowdstrike/templates/NOTES.txt b/charts/falcon-crowdstrike/templates/NOTES.txt index 95e403a..e613b51 100644 --- a/charts/falcon-crowdstrike/templates/NOTES.txt +++ b/charts/falcon-crowdstrike/templates/NOTES.txt @@ -1,5 +1,5 @@ -1. Get the application URL by running these commands: {{- if .Values.ingress.enabled }} +Get the application URL by running these commands: {{- range $host := .Values.ingress.hosts }} {{- range .paths }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} @@ -23,3 +23,6 @@ kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT {{- end }} {{- end }} +{{- if .Values.customLog }} +Falcon CrowdStrike log location: {{ .Values.customLog.logDir }}{{ .Values.customLog.logFile }} +{{- end }} diff --git a/charts/falcon-crowdstrike/templates/deployment.yaml b/charts/falcon-crowdstrike/templates/deployment.yaml index 1339eac..0ac707e 100644 --- a/charts/falcon-crowdstrike/templates/deployment.yaml +++ b/charts/falcon-crowdstrike/templates/deployment.yaml @@ -50,7 +50,17 @@ spec: value: {{ .Values.secrets.CLIENT_SECRET | quote }} - name: API_BASE_URL value: {{ .Values.secrets.API_BASE_URL | quote }} - {{- end }} + {{- end }} + {{- if .Values.customLog.enabled }} + {{- if .Values.customLog.logDir }} + - name: LOG_DIR + value: {{ .Values.customLog.logDir | quote }} + {{- end }} + {{- if .Values.customLog.logFile }} + - name: LOG_FILE + value: {{ .Values.customLog.logFile | quote }} + {{- end }} + {{- end }} {{- with .Values.volumes }} volumes: {{- toYaml . | nindent 8 }} diff --git a/charts/falcon-crowdstrike/values.yaml b/charts/falcon-crowdstrike/values.yaml index 6d6aacd..19812a3 100644 --- a/charts/falcon-crowdstrike/values.yaml +++ b/charts/falcon-crowdstrike/values.yaml @@ -4,8 +4,8 @@ replicaCount: 1 image: repository: ghcr.io/tsigouris007/falcon-crowdstrike-siem-connector - pullPolicy: IfNotPresent - tag: "v0.1.0" + pullPolicy: Always # IfNotPresent + tag: "v0.1.1" imagePullSecrets: [] nameOverride: "falcon-crowdstrike-app" @@ -29,6 +29,8 @@ serviceAccount: service: create: false type: ClusterIP + # For compliance with NOTES.txt + port: 80 podAnnotations: {} podLabels: {} @@ -67,22 +69,24 @@ autoscaling: volumes: - name: log-volume emptyDir: {} -- name: events-volume - emptyDir: {} - name: etc-crowdstrike-volume - mountPath: {} + emptyDir: {} +# Uncomment below to declare a different path for your container's LOG_DIR and LOG_FILE setup +# - name: events-volume +# emptyDir: {} # Additional volumeMounts on the output Deployment definition. volumeMounts: - name: log-volume mountPath: "/var/log/crowdstrike/falconhoseclient/" readOnly: false -- name: events-volume - mountPath: "/var/log/pods/falconhoseclient/" - readOnly: false - name: etc-crowdstrike-volume mountPath: "/opt/crowdstrike/etc/" readOnly: false +# Uncomment below to declare a different path for your container's LOG_DIR and LOG_FILE setup +# - name: events-volume +# mountPath: "/var/log/pods/falconhoseclient/" +# readOnly: false nodeSelector: {} @@ -92,7 +96,16 @@ affinity: {} ingress: enabled: false + # For compliance with NOTES.txt + hosts: [] + +# For your custom LOG_DIR and LOG_FILE setup +customLog: + enabled: true + logDir: /var/log/crowdstrike/falconhoseclient/ + logFile: output +# Do not expose the following to your repository secrets: CLIENT_ID: "" CLIENT_SECRET: ""