From 634b10400f204f81a903a307af179ac10e81aafc Mon Sep 17 00:00:00 2001 From: Gabe Alford Date: Thu, 22 Apr 2021 13:50:53 -0600 Subject: [PATCH] Add CrowdStrike Falcon Sensor Helm chart --- packages/falcon-sensor/falcon-sensor.patch | 10 ++ packages/falcon-sensor/overlay/app-readme.md | 9 ++ packages/falcon-sensor/overlay/questions.yaml | 97 +++++++++++++++++++ packages/falcon-sensor/package.yaml | 2 + 4 files changed, 118 insertions(+) create mode 100644 packages/falcon-sensor/falcon-sensor.patch create mode 100644 packages/falcon-sensor/overlay/app-readme.md create mode 100644 packages/falcon-sensor/overlay/questions.yaml create mode 100644 packages/falcon-sensor/package.yaml diff --git a/packages/falcon-sensor/falcon-sensor.patch b/packages/falcon-sensor/falcon-sensor.patch new file mode 100644 index 000000000..f57d6082f --- /dev/null +++ b/packages/falcon-sensor/falcon-sensor.patch @@ -0,0 +1,10 @@ +diff -x '*.tgz' -x '*.lock' -uNr packages/falcon-sensor/charts-original/Chart.yaml packages/falcon-sensor/charts/Chart.yaml +--- packages/falcon-sensor/charts-original/Chart.yaml ++++ packages/falcon-sensor/charts/Chart.yaml +@@ -20,3 +20,6 @@ + - https://github.com/CrowdStrike/falcon-helm + type: application + version: 0.9.3 ++annotations: ++ catalog.cattle.io/certified: partner ++ catalog.cattle.io/release-name: falcon-helm diff --git a/packages/falcon-sensor/overlay/app-readme.md b/packages/falcon-sensor/overlay/app-readme.md new file mode 100644 index 000000000..7f653f423 --- /dev/null +++ b/packages/falcon-sensor/overlay/app-readme.md @@ -0,0 +1,9 @@ +# CrowdStrike Falcon + +[CrowdStrike](https://www.crowdstrike.com/) [Container Security](https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/) +comes complete with vulnerability management, continuous +threat detection and response, and runtime protection, combined with compliance +enforcement and automated continuous integration/continuous delivery (CI/CD) pipeline security, enabling +DevOps teams to stay secure while building in the cloud. + +For more information, please visit [https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/](https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/) diff --git a/packages/falcon-sensor/overlay/questions.yaml b/packages/falcon-sensor/overlay/questions.yaml new file mode 100644 index 000000000..9fa523a3a --- /dev/null +++ b/packages/falcon-sensor/overlay/questions.yaml @@ -0,0 +1,97 @@ +questions: + - variable: node.image.repository + description: "URL of container image repository holding containerized Falcon sensor. Defaults to 'falcon-node-sensor'." + required: true + type: string + default: falcon-node-sensor + label: Container Image Repository + group: "Node Container Images" + + - variable: node.image.tag + description: "Container registry image tag. Defaults to 'latest'." + required: true + type: string + default: "latest" + label: Container Image Tag + group: "Node Container Images" + + - variable: falcon.cid + description: "Passed to falconctl as \"--cid=\"{uuid string}\"\"" + required: true + type: string + label: CrowdStrike Customer ID (CID) + group: "Falcon Sensor Node Settings" + + - variable: falcon.apd + description: "App Proxy Disable. Passed to falconctl as \"--apt=true\" or \"--apt=false\"." + required: false + type: boolean + default: false + label: Disable using a proxy + group: "Falcon Sensor Node Settings" + + - variable: falcon.aph + description: "App Proxy Hostname (APH). Uncommon in container-based deployments. Passed to falconctl as \"--aph \"" + required: false + type: string + label: Configure Proxy Host + group: "Falcon Sensor Node Settings" + + - variable: falcon.app + description: "App Proxy Port (APP). Uncommon in container-based deployments. Passed to falconctl as \"--app=\"" + required: false + type: string + label: Configure Proxy Port + group: "Falcon Sensor Node Settings" + + - variable: falcon.trace + description: "Options are [none|err|warn|info|debug]. Passed to falconctl as \"--trace=[none|err|warn|info|debug]\"" + required: false + type: string + label: Set logging trace level + default: "none" + group: "Falcon Sensor Node Settings" + + - variable: falcon.feature + description: "Options to pass to the \"--feature\" flag. Options are [none,[enableLog[,disableLogBuffer[,disableOsfm[,emulateUpdate]]]]]" + required: false + type: string + label: Enable or disable certain sensor features + group: "Falcon Sensor Node Settings" + + - variable: falcon.update + description: "SIGHUP the sensor for immediate trace/feature update." + required: false + type: boolean + default: false + label: Update sensor immediately + group: "Falcon Sensor Node Settings" + + - variable: falcon.message_log + description: "Enable message log (true/false)" + required: false + type: boolean + default: false + label: Enable logging + group: "Falcon Sensor Node Settings" + + - variable: falcon.billing + description: "Utilize default or metered billing. Should only be configured when needing to switch between the two. Options are: [default|metered]" + required: false + type: string + label: Configure Billing + group: "Falcon Sensor Node Settings" + + - variable: falcon.tags + description: "Comma separated list of tags for sensor grouping. Allowed characters: all alphanumerics, '/', '-', '_', and ','." + required: false + type: string + label: Configure tags for sensor grouping + group: "Falcon Sensor Node Settings" + + - variable: falcon.provisioning_token + description: "Used to protect the CID. Provisioning token value." + required: false + type: string + label: Set a provisioning installation token + group: "Falcon Sensor Node Settings" diff --git a/packages/falcon-sensor/package.yaml b/packages/falcon-sensor/package.yaml new file mode 100644 index 000000000..52d28f4d9 --- /dev/null +++ b/packages/falcon-sensor/package.yaml @@ -0,0 +1,2 @@ +url: https://github.com/CrowdStrike/falcon-helm/releases/download/0.9.3/falcon-sensor-0.9.3.tgz +packageVersion: 00