andata
/
rancher-partner-charts
mirror of https://git.rancher.io/partner-charts
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Generated changes

pull/135/head
actions 2021-04-30 00:23:57 +00:00
parent 2cd5e85145
commit 83e9b54315
14 changed files with 562 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
assets/falcon-sensor/falcon-sensor-0.9.300.tgz Normal file
View File

Binary file not shown.

32
assets/index.yaml
View File

@ -411,6 +411,36 @@ entries:
urls:
- assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz
version: 0.8.000
falcon-sensor:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: falcon-helm
apiVersion: v2
appVersion: 0.9.3
created: "2021-04-30T00:23:56.429910434Z"
description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
digest: 167f5cb276b60cabf2393db193766a4358abe6816bf3a0c9d4d7b3caccee1aca
home: https://crowdstrike.com
icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
keywords:
- CrowdStrike
- Falcon
- EDR
- kubernetes
- security
- monitoring
- alerting
maintainers:
- name: CrowdStrike Solution Architecture
- email: gabriel.alford@crowdstrike.com
name: Gabe Alford
name: falcon-sensor
sources:
- https://github.com/CrowdStrike/falcon-helm
type: application
urls:
- assets/falcon-sensor/falcon-sensor-0.9.300.tgz
version: 0.9.300
haproxy:
- annotations:
catalog.cattle.io/certified: partner
@ -711,4 +741,4 @@ entries:
urls:
- assets/sysdig/sysdig-1.9.200.tgz
version: 1.9.200
generated: "2021-04-30T00:22:55.062850765Z"
generated: "2021-04-30T00:23:56.429112757Z"

25
charts/falcon-sensor/Chart.yaml Normal file
View File

@ -0,0 +1,25 @@
apiVersion: v2
appVersion: 0.9.3
description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
home: https://crowdstrike.com
icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
keywords:
- CrowdStrike
- Falcon
- EDR
- kubernetes
- security
- monitoring
- alerting
maintainers:
- name: CrowdStrike Solution Architecture
- email: gabriel.alford@crowdstrike.com
name: Gabe Alford
name: falcon-sensor
sources:
- https://github.com/CrowdStrike/falcon-helm
type: application
version: 0.9.300
annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: falcon-helm

90
charts/falcon-sensor/README.md Normal file
View File

@ -0,0 +1,90 @@
# CrowdStrike Falcon Helm Chart
[Falcon](https://www.crowdstrike.com/) is the [CrowdStrike](https://www.crowdstrike.com/)
platform purpose-built to stop breaches via a unified set of cloud-delivered
technologies that prevent all types of attacks — including malware and much
more.
# Kubernetes Cluster Compatability
The Falcon Helm chart has been tested to deploy on the following Kubernetes distributions:
* Amazon Elastic Kubernetes Service (EKS)
* Azure Kubernetes Service (AKS) - Linux Nodes Only
* Google Kubernetes Engine (GKE)
* Rancher K3s
* Nodes must be Linux distributions supported by CrowdStrike. See [https://falcon.crowdstrike.com/support/documentation/20/falcon-sensor-for-linux#operating-systems](https://falcon.crowdstrike.com/support/documentation/20/falcon-sensor-for-linux#operating-systems) for supported Linux distributions and kernels.
* Red Hat OpenShift Container Platform 4.6+
# Dependencies
1. Requires a x86_64 Kubernetes cluster
1. Must be a CrowdStrike customer with access to the Falcon Linux Sensor and Falcon Container downloads.
1. Before deploying the Helm chart, you should have a Falcon Linux Sensor in the container registry before installing the Helm Chart. See the Deployment Considerations for more.
1. Helm 3.x is installed and supported by the Kubernetes vendor.
# Deployment Considerations
To ensure a successful deployment, you will want to ensure that:
1. By default, the Helm Chart installs in the `default` namespace. Best practices for deploying to Kubernetes is to create a new namespace. This can be done by adding `-n falcon-system --create-namespace` to your `helm install` command.
1. You have access to a containerized falcon sensor image. This is most likely through a private image registry on your network or cloud provider. See [https://github.com/CrowdStrike/Dockerfiles](https://github.com/CrowdStrike/Dockerfiles) as an example of how to build a Falcon sensor for your registry.
1. The Falcon Linux Sensor (not the Falcon Container) should be used in the container image to deploy to Kubernetes nodes.
1. When deploying the Falcon Linux Sensor to a node, the container image should match the node's operating system. For example, if the node is running Red Hat Enterprise Linux 8.2, the container image should be based on Red Hat Enterprise Linux 8.2, etc. This is important to ensure sensor and image compatibility with the base node operating system.
1. You must have sufficient permissions to deploy Helm Charts to the cluster. This is often received through cluster admin privileges.
1. Only deploying to Kubernetes nodes are supported at this time.
1. When deploying the Falcon Linux Sensor as a container to Kubernetes nodes, it is a requirement that the Falcon Sensor run as a privileged container so that the Sensor can properly work with the kernel. If this is unacceptable, you can install the Falcon Linux Sensor (still runs with privileges) using an RPM or DEB package on the nodes themselves. This assumes that you have the capability to actually install RPM or DEB packages on the nodes. If you do not have this capability and you want to protect the nodes, you have to install using a privileged container.
1. CrowdStrike's Helm Operator is a project, not a product, and released to the community as a way to automate sensor deployment to kubernetes clusters. The upstream repository for this project is [https://github.com/CrowdStrike/falcon-helm](https://github.com/CrowdStrike/falcon-helm).
# Installation
### Add the CrowdStrike Falcon Helm repository
```
helm repo add crowdstrike https://crowdstrike.github.io/falcon-helm
```
### Install CrowdStrike Falcon Helm Chart
```
helm upgrade --install falcon-helm crowdstrike/falcon-sensor \
--set falcon.cid="<CrowdStrike_CID>" \
--set node.image.repository="<Your_Registry>/falcon-node-sensor"
```
Above command will install the CrowdStrike Falcon Helm Chart with the release name `falcon-helm` in the namespace your `kubectl` context is currently set to.
You can install also install into a customized namespace by running the following:
```
helm upgrade --install falcon-helm crowdstrike/falcon-sensor \
-n falcon-system --create-namespace \
--set falcon.cid="<CrowdStrike_CID>" \
--set node.image.repository="<Your_Registry>/falcon-node-sensor"
```
For more details please see the [falcon-helm](https://github.com/CrowdStrike/falcon-helm) repository.
## Node Configuration
The following tables lists the more common configurable parameters of the chart and their default values for installing on a Kubernetes node.
| Parameter | Description | Default |
|:--------------------------------|:---------------------------------------------------------------------|:----------------------------------------- |
| `node.enabled` | Enable installation on the Kubernetes node | `true` |
| `node.image.repository` | Falcon Sensor Node registry/image name | `falcon-node-sensor` |
| `node.image.tag` | The version of the official image to use | `latest` |
| `node.image.pullPolicy` | Policy for updating images | `Always` |
| `node.image.pullSecrets` | Pull secrets for private registry | `{}` |
| `falcon.cid` | CrowdStrike Customer ID (CID) | None (Required) |
`falcon.cid` and `node.image.repository` are required values.
### Uninstall Helm Chart
To uninstall, run the following command:
```
helm uninstall falcon-helm
```
To uninstall from a custom namespace, run the following command:
```
helm uninstall falcon-helm -n falcon-system
```

9
charts/falcon-sensor/app-readme.md Normal file
View File

@ -0,0 +1,9 @@
# CrowdStrike Falcon
[CrowdStrike](https://www.crowdstrike.com/) [Container Security](https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/)
comes complete with vulnerability management, continuous
threat detection and response, and runtime protection, combined with compliance
enforcement and automated continuous integration/continuous delivery (CI/CD) pipeline security, enabling
DevOps teams to stay secure while building in the cloud.
For more information, please visit [https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/](https://www.crowdstrike.com/cloud-security-products/falcon-cloud-workload-protection/)

2
charts/falcon-sensor/ci/cid-values.yaml Normal file
View File

@ -0,0 +1,2 @@
falcon:
cid: 123456789TESTS-00

97
charts/falcon-sensor/questions.yaml Normal file
View File

@ -0,0 +1,97 @@
questions:
- variable: node.image.repository
description: "URL of container image repository holding containerized Falcon sensor. Defaults to 'falcon-node-sensor'."
required: true
type: string
default: falcon-node-sensor
label: Container Image Repository
group: "Node Container Images"
- variable: node.image.tag
description: "Container registry image tag. Defaults to 'latest'."
required: true
type: string
default: "latest"
label: Container Image Tag
group: "Node Container Images"
- variable: falcon.cid
description: "Passed to falconctl as \"--cid=\"{uuid string}\"\""
required: true
type: string
label: CrowdStrike Customer ID (CID)
group: "Falcon Sensor Node Settings"
- variable: falcon.apd
description: "App Proxy Disable. Passed to falconctl as \"--apt=true\" or \"--apt=false\"."
required: false
type: boolean
default: false
label: Disable using a proxy
group: "Falcon Sensor Node Settings"
- variable: falcon.aph
description: "App Proxy Hostname (APH). Uncommon in container-based deployments. Passed to falconctl as \"--aph <app proxy host name>\""
required: false
type: string
label: Configure Proxy Host
group: "Falcon Sensor Node Settings"
- variable: falcon.app
description: "App Proxy Port (APP). Uncommon in container-based deployments. Passed to falconctl as \"--app=<app proxy port>\""
required: false
type: string
label: Configure Proxy Port
group: "Falcon Sensor Node Settings"
- variable: falcon.trace
description: "Options are [none|err|warn|info|debug]. Passed to falconctl as \"--trace=[none|err|warn|info|debug]\""
required: false
type: string
label: Set logging trace level
default: "none"
group: "Falcon Sensor Node Settings"
- variable: falcon.feature
description: "Options to pass to the \"--feature\" flag. Options are [none,[enableLog[,disableLogBuffer[,disableOsfm[,emulateUpdate]]]]]"
required: false
type: string
label: Enable or disable certain sensor features
group: "Falcon Sensor Node Settings"
- variable: falcon.update
description: "SIGHUP the sensor for immediate trace/feature update."
required: false
type: boolean
default: false
label: Update sensor immediately
group: "Falcon Sensor Node Settings"
- variable: falcon.message_log
description: "Enable message log (true/false)"
required: false
type: boolean
default: false
label: Enable logging
group: "Falcon Sensor Node Settings"
- variable: falcon.billing
description: "Utilize default or metered billing. Should only be configured when needing to switch between the two. Options are: [default|metered]"
required: false
type: string
label: Configure Billing
group: "Falcon Sensor Node Settings"
- variable: falcon.tags
description: "Comma separated list of tags for sensor grouping. Allowed characters: all alphanumerics, '/', '-', '_', and ','."
required: false
type: string
label: Configure tags for sensor grouping
group: "Falcon Sensor Node Settings"
- variable: falcon.provisioning_token
description: "Used to protect the CID. Provisioning token value."
required: false
type: string
label: Set a provisioning installation token
group: "Falcon Sensor Node Settings"

10
charts/falcon-sensor/templates/NOTES.txt Normal file
View File

@ -0,0 +1,10 @@
Thank you for installing the CrowdStrike Falcon Helm Chart!
Access to the Falcon Linux and Container Sensor downloads at https://falcon.crowdstrike.com/hosts/sensor-downloads are
required to complete the install of this Helm chart. This is provided automatically to all active CrowdStrike customers.
Additionally, a containerized sensor must be present in a container registry accessible from Kubernetes installation.
Sample Dockerfiles are available at https://github.com/CrowdStrike/Dockerfiles.
CrowdStrike Falcon sensors will deploy across all nodes in your Kubernetes cluster after
installing this Helm chart. An extremely common error on installation is accidentally
forgetting to add your containerized sensor to your local image registry prior to executing
`helm install`. The default image name to deploy a kernel sensor to a node is `falcon-node-sensor`.

62
charts/falcon-sensor/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,62 @@
{{/*
Expand the name of the chart.
*/}}
{{- define "falcon-sensor.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "falcon-sensor.fullname" -}}
{{- if .Values.fullnameOverride }}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default .Chart.Name .Values.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "falcon-sensor.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "falcon-sensor.labels" -}}
helm.sh/chart: {{ include "falcon-sensor.chart" . }}
{{ include "falcon-sensor.selectorLabels" . }}
{{- if .Chart.AppVersion }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "falcon-sensor.selectorLabels" -}}
app.kubernetes.io/name: {{ include "falcon-sensor.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "falcon-sensor.serviceAccountName" -}}
{{- if .Values.serviceAccount.create }}
{{- default (include "falcon-sensor.fullname" .) .Values.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.serviceAccount.name }}
{{- end }}
{{- end }}

17
charts/falcon-sensor/templates/configmap.yaml Normal file
View File

@ -0,0 +1,17 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "falcon-sensor.fullname" . }}-config
namespace: {{ .Release.Namespace }}
labels:
app: "{{ include "falcon-sensor.fullname" . }}"
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
data:
FALCONCTL_OPT_CID: {{ .Values.falcon.cid }}
{{- range $key, $value := .Values.falcon }}
{{- if and ($value) (ne $key "cid") }}
FALCONCTL_OPT_{{ $key | upper }}: {{ $value | quote }}
{{- end }}
{{- end }}

134
charts/falcon-sensor/templates/daemonset.yaml Normal file
View File

@ -0,0 +1,134 @@
{{- if .Values.node.enabled }}
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "falcon-sensor.fullname" . }}
labels:
name: {{ include "falcon-sensor.fullname" . }}
app: {{ include "falcon-sensor.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
{{- if .Values.node.daemonset.labels }}
{{- range $key, $value := .Values.node.daemonset.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.node.daemonset.annotations }}
annotations:
{{- range $key, $value := .Values.node.daemonset.annotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
namespace: {{ .Release.Namespace }}
spec:
selector:
matchLabels:
name: {{ include "falcon-sensor.fullname" . }}
app: {{ include "falcon-sensor.fullname" . }}
release: {{ .Release.Name | quote }}
updateStrategy:
type: {{ .Values.node.daemonset.updateStrategy }}
template:
metadata:
annotations:
sensor.falcon-system.crowdstrike.com/injection: disabled
{{- range $key, $value := .Values.node.podAnnotations }}
{{ $key }}: {{ $value | quote }}
{{- end }}
labels:
name: {{ include "falcon-sensor.fullname" . }}
app: {{ include "falcon-sensor.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
heritage: {{ .Release.Service | quote }}
release: {{ .Release.Name | quote }}
{{- if .Values.node.daemonset.labels }}
{{- range $key, $value := .Values.node.daemonset.labels }}
{{ $key }}: {{ $value | quote }}
{{- end }}
{{- end }}
spec:
{{- with .Values.node.image.pullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
tolerations:
# this toleration is to have the daemonset runnable on master nodes
- key: node-role.kubernetes.io/master
effect: NoSchedule
nodeSelector:
beta.kubernetes.io/os: linux
initContainers:
# This init container creates empty falconstore file so that when
# it's mounted into the sensor-node-container, k8s would just use it
# rather than creating a directory. Mounting falconstore file as
# a file volume ensures that AID is preserved across container
# restarts.
- name: init-falconstore
image: busybox
args: [/bin/sh, -c, 'touch /var/lib/crowdstrike/falconstore']
volumeMounts:
- name: falconstore-dir
mountPath: /var/lib/crowdstrike
containers:
- name: falcon-node-sensor
image: "{{ .Values.node.image.repository }}:{{ .Values.node.image.tag }}"
imagePullPolicy: "{{ .Values.node.image.pullPolicy }}"
volumeMounts:
- name: dev
mountPath: /dev
- name: var-run
mountPath: /var/run
- name: etc
mountPath: /etc
- name: var-log
mountPath: /var/log
- name: falconstore
mountPath: /opt/CrowdStrike/falconstore
# Various pod security context settings. Bear in mind that many of these have an impact
# on the Falcon Sensor working correctly.
#
# - User that the container will execute as. Typically necessary to run as root (0).
# - Runs the Falcon Sensor containers as privileged containers. This is required when
# running the Falcon Linux Sensor on Kubernetes nodes to properly run in the node's
# kernel and to actually protect the node.
securityContext:
runAsUser: 0
privileged: true
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
envFrom:
- configMapRef:
name: {{ include "falcon-sensor.fullname" . }}-config
# This spits out logs from sensor-node-container to stdout so that they
# are routed through k8s log driver.
- name: log
image: busybox
args: [/bin/sh, -c, 'tail -n1 -f /var/log/falcon-sensor.log']
volumeMounts:
- name: var-log
mountPath: /var/log
readOnly: True
volumes:
- name: dev
hostPath:
path: /dev
- name: etc
hostPath:
path: /etc
- name: var-run
hostPath:
path: /var/run
- name: var-log
emptyDir: {}
- name: falconstore
hostPath:
path: /var/lib/crowdstrike/falconstore
- name: falconstore-dir
hostPath:
path: /var/lib/crowdstrike
terminationGracePeriodSeconds: {{ .Values.node.terminationGracePeriod }}
hostNetwork: true
hostPID: true
hostIPC: true
{{- end }}

50
charts/falcon-sensor/values.yaml Normal file
View File

@ -0,0 +1,50 @@
# Default values for falcon-sensor.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
node:
# When enabled, Helm chart deploys the Falcon Senors to Kubernetes nodes
enabled: true
daemonset:
# Annotations to apply to the daemonset
annotations: {}
# additionals labels
labels: {}
updateStrategy: RollingUpdate
image:
repository: falcon-node-sensor
pullPolicy: Always
pullSecrets: {}
# Overrides the image tag whose default is the chart appVersion.
tag: "latest"
# Override various naming aspects of this chart
# Only edit these if you know what you're doing
nameOverride: ""
fullnameOverride: ""
podAnnotations: {}
# How long to wait for Falcon pods to stop gracefully
terminationGracePeriod: 10
falcon:
cid:
aid:
apd:
aph:
app:
trace:
feature:
update:
message_log:
billing:
tags:
assert:
memfail_grace_period:
memfail_every_n:
provisioning_token:

32
index.yaml
View File

@ -411,6 +411,36 @@ entries:
urls:
- assets/dynatrace-oneagent-operator/dynatrace-oneagent-operator-0.8.000.tgz
version: 0.8.000
falcon-sensor:
- annotations:
catalog.cattle.io/certified: partner
catalog.cattle.io/release-name: falcon-helm
apiVersion: v2
appVersion: 0.9.3
created: "2021-04-30T00:23:56.429910434Z"
description: A Helm chart to deploy CrowdStrike Falcon sensors into Kubernetes clusters.
digest: 167f5cb276b60cabf2393db193766a4358abe6816bf3a0c9d4d7b3caccee1aca
home: https://crowdstrike.com
icon: https://raw.githubusercontent.com/CrowdStrike/falcon-helm/main/images/crowdstrike-logo.svg
keywords:
- CrowdStrike
- Falcon
- EDR
- kubernetes
- security
- monitoring
- alerting
maintainers:
- name: CrowdStrike Solution Architecture
- email: gabriel.alford@crowdstrike.com
name: Gabe Alford
name: falcon-sensor
sources:
- https://github.com/CrowdStrike/falcon-helm
type: application
urls:
- assets/falcon-sensor/falcon-sensor-0.9.300.tgz
version: 0.9.300
haproxy:
- annotations:
catalog.cattle.io/certified: partner
@ -711,4 +741,4 @@ entries:
urls:
- assets/sysdig/sysdig-1.9.200.tgz
version: 1.9.200
generated: "2021-04-30T00:22:55.062850765Z"
generated: "2021-04-30T00:23:56.429112757Z"

4
sha256sum/falcon-sensor/falcon-sensor.sum Normal file
View File

@ -0,0 +1,4 @@
b91312b8cae898b69ac3274bbbae9ef5a609e1d9a99022fb9395174822c5cf48 packages/falcon-sensor/falcon-sensor.patch
6f3b85e54972e1761264489d231e025dccf52eb01958def217dc78cecfef538d packages/falcon-sensor/overlay/app-readme.md
8a6643289707d220593eb176991a4ddf971d3e48b10e99305d0b7241acb10ac4 packages/falcon-sensor/overlay/questions.yaml
2311034f4cdc80927e42025b3b7424e55ff555596b91b930b32693f69d9f0fdf packages/falcon-sensor/package.yaml