Skip to content

Commit

Permalink
feat(agent): Add Local Forwarder support for Agent (#1458)
Browse files Browse the repository at this point in the history 
Co-authored-by: Marco Vito Moscaritolo <[email protected]>
  • Loading branch information
@aroberts87 @mavimo
aroberts87 and mavimo authored Nov 27, 2023
1 parent cf079ae commit 445f3c0
Show file tree
Hide file tree
Showing 10 changed files with 245 additions and 4 deletions.
2 changes: 1 addition & 1 deletion charts/agent/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,4 +30,4 @@ sources:
- https://app.sysdigcloud.com/#/settings/user
- https://github.com/draios/sysdig
type: application
version: 1.16.0
version: 1.17.0
3 changes: 3 additions & 0 deletions charts/agent/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,6 +153,9 @@ The following table lists the configurable parameters of the Sysdig chart and th
| `sysdig.disableCaptures` | Disables capture functionality. See https://docs.sysdig.com/en/disable-captures.html. | `false` |
| `sysdig.settings` | Provides additional settings that are given in the `dragent.yaml`file. | `{}` |
| `logPriority` | Sets both agent console and file logging priorities. Possible values are: `"info"`, `"debug"`. Mutually exclusive with `sysdig.settings.log`. | ` ` |
| `localForwarder.enabled` | Enable the Agent Local Forwarder | `false` |
| `localForwarder.transmitMessageTypes` | Message types to forward from the Agent to the Agent Local Forwarder | `[POLICY_EVENTS, SECURE_AUDIT]` |
| `localForwarder.integrations` | List of configurations for how and where the Agent Local Forwarder should forward messages | `[]` |
| `secure.enabled` | Enables Sysdig Secure. | `true` |
| `monitor.enabled` | Enables Sysdig Monitor. | `true` |
| `auditLog.enabled` | Enables Kubernetes audit log support for Sysdig Secure. | `false` |
Expand Down
5 changes: 5 additions & 0 deletions charts/agent/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -506,3 +506,8 @@ sysdig_capture_enabled: false
true
{{- end }}
{{- end }}
{{/* Return the name of the local forwarder configmap */}}
{{- define "agent.localForwarderConfigMapName" }}
{{- include "agent.configmapName" . | trunc 46 | trimSuffix "-" | printf "%s-local-forwarder" }}
{{- end }}
13 changes: 13 additions & 0 deletions charts/agent/templates/configmap-local-forwarder.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
{{- if .Values.localForwarder.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "agent.localForwarderConfigMapName" . }}
namespace: {{ include "agent.namespace" . }}
labels:
{{ (include "agent.labels" .) | indent 4 }}
data:
local_forwarder_config.yaml: |
integrations:
{{- toYaml .Values.localForwarder.integrations | nindent 6 }}
{{- end }}
6 changes: 6 additions & 0 deletions charts/agent/templates/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,12 @@ data:
enforce_leader_election: true
namespace: {{ include "agent.namespace" . }}
{{- end }}
{{- if .Values.localForwarder.enabled }}
local_forwarder:
enabled: true
transmit_message_types:
{{- toYaml .Values.localForwarder.transmitMessageTypes | nindent 8 }}
{{- end }}
{{- if .Values.prometheus.file }}
prometheus.yaml: |
{{ toYaml .Values.prometheus.yaml | indent 4 }}
Expand Down
11 changes: 11 additions & 0 deletions charts/agent/templates/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -223,6 +223,11 @@ spec:
command: [ "test", "-e", "/opt/draios/logs/running" ]
initialDelaySeconds: {{ .Values.daemonset.probes.initialDelay }}
volumeMounts:
{{- if .Values.localForwarder.enabled }}
- mountPath: /opt/draios/etc/local_forwarder_config.yaml
subPath: local_forwarder_config.yaml
name: local-forwarder-config
{{- end }}
{{- /* Always requested */}}
- mountPath: /host/dev
name: dev-vol
Expand Down Expand Up @@ -344,6 +349,12 @@ spec:
configMap:
name: {{ include "agent.configmapName" . }}
optional: true
{{- if .Values.localForwarder.enabled }}
- name: local-forwarder-config
configMap:
name: {{ include "agent.localForwarderConfigMapName" . }}
optional: true
{{- end }}
- name: sysdig-agent-secrets
secret:
{{- if not ( include "agent.accessKeySecret" . ) }}
Expand Down
104 changes: 104 additions & 0 deletions charts/agent/tests/local_forwarder_test.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,104 @@
suite: Test enabling the agent local forwarder
templates:
- configmap.yaml
- configmap-local-forwarder.yaml
- daemonset.yaml
tests:
- it: Check the enabling the forwarder
set:
localForwarder:
enabled: true
integrations:
- channels:
- SECURE_EVENTS_POLICIES
- ACTIVITY_AUDIT
configuration:
output: stdout
type: LOCAL
asserts:
- equal:
path: data["local_forwarder_config.yaml"]
value: |
integrations:
- channels:
- SECURE_EVENTS_POLICIES
- ACTIVITY_AUDIT
configuration:
output: stdout
type: LOCAL
template: configmap-local-forwarder.yaml
- matchRegex:
path: data["dragent.yaml"]
pattern: |
local_forwarder:
enabled: true
transmit_message_types:
- POLICY_EVENTS
- SECURE_AUDIT
template: configmap.yaml
- contains:
path: spec.template.spec.volumes
content:
name: local-forwarder-config
configMap:
name: sysdig-agent-local-forwarder
optional: true
template: daemonset.yaml
- contains:
path: spec.template.spec.containers[0].volumeMounts
content:
mountPath: /opt/draios/etc/local_forwarder_config.yaml
subPath: local_forwarder_config.yaml
name: local-forwarder-config
template: daemonset.yaml
- it: Ensure items are absent if local forwarder is disabled
set:
localForwarder:
enabled: false
asserts:
- notMatchRegex:
path: data["dragent.yaml"]
pattern: |
local_forwarder:
enabled: true
transmit_message_types:
- POLICY_EVENTS
- SECURE_AUDIT
template: configmap.yaml
- notContains:
path: spec.template.spec.volumes
content:
name: local-forwarder-config
configMap:
name: sysdig-agent-local-forwarder
optional: true
template: daemonset.yaml
- notContains:
path: spec.template.spec.containers[0].volumeMounts
content:
mountPath: /opt/draios/etc/local_forwarder_config.yaml
subPath: local_forwarder_config.yaml
name: local-forwarder-config
template: daemonset.yaml
- it: Customize the forwarded message types
set:
localForwarder:
enabled: true
transmitMessageTypes:
- POLICY_EVENTS
integrations:
- channels:
- SECURE_EVENTS_POLICIES
- ACTIVITY_AUDIT
configuration:
output: stdout
type: LOCAL
asserts:
- matchRegex:
path: data["dragent.yaml"]
pattern: |
local_forwarder:
enabled: true
transmit_message_types:
- POLICY_EVENTS
template: configmap.yaml
95 changes: 94 additions & 1 deletion charts/agent/values.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,8 @@
"$schema": "http://json-schema.org/schema#",
"type": "object",
"required": [
"ebpf"
"ebpf",
"localForwarder"
],
"properties": {
"ebpf": {
Expand All @@ -23,6 +24,98 @@
]
}
}
},
"localForwarder": {
"type": "object",
"required": [
"enabled",
"integrations",
"transmitMessageTypes"
],
"if": {
"properties": {
"enabled": {
"const": true
}
}
},
"then": {
"properties": {
"integrations": {
"type": "array",
"minItems": 1,
"items": {
"$ref": "#/$defs/AgentLocalForwarderIntegrations"
}
},
"enabled": {
"type": "boolean"
},
"transmitMessageTypes": {
"type": "array",
"items": {
"type": "string",
"enum": [
"POLICY_EVENTS",
"SECURE_AUDIT"
]
}
}
}
}
}
},
"$defs": {
"AgentLocalForwarderIntegrations": {
"type": "object",
"required": [
"channels",
"configuration"
],
"properties": {
"channels": {
"type": "array",
"items": {
"type": "string",
"enum": [
"POLICY_EVENTS",
"ACTIVITY_AUDIT",
"MONITOR_EVENTS",
"SECURE_EVENTS_POLICIES",
"SECURE_EVENTS_SCANNING",
"SECURE_EVENTS_BENCHMARK",
"SECURE_EVENTS_HOSTSCANNING",
"SECURE_EVENTS_COMPLIANCE",
"SECURE_EVENTS_AUDIT_TRAIL",
"SECURE_OBJECT_STORE_RUNTIME",
"SECURE_OBJECT_STORE_REGISTRY",
"SECURE_OBJECT_STORE_PIPELINE"
]
}
},
"configuration": {
"type": "object"
},
"type": {
"type": "string",
"enum": [
"SYSLOG",
"SPLUNK",
"MCM",
"QRADAR",
"WEBHOOK",
"KAFKA",
"CHRONICLE",
"SENTINEL",
"SQS",
"PUBSUB",
"SCC",
"LOCAL",
"ELASTIC",
"S3"
]
}
}
}
}
}
6 changes: 6 additions & 0 deletions charts/agent/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,12 @@ tolerations:
value: "true"
leaderelection:
enable: false
localForwarder:
enabled: false
transmitMessageTypes:
- POLICY_EVENTS
- SECURE_AUDIT
integrations: []
delegatedAgentDeployment:
# Enable a specialized installation where an Agent Deployment is installed
# in addition to the traditional DaemonSet. The DaemonSet Agents will not
Expand Down
4 changes: 2 additions & 2 deletions charts/sysdig-deploy/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v2
name: sysdig-deploy
description: A chart with various Sysdig components for Kubernetes
type: application
version: 1.30.1
version: 1.31.0
maintainers:
- name: AlbertoBarba
email: [email protected]
Expand All @@ -26,7 +26,7 @@ dependencies:
- name: agent
# repository: https://charts.sysdig.com
repository: file://../agent
version: ~1.16.0
version: ~1.17.0
alias: agent
condition: agent.enabled
- name: common
Expand Down

0 comments on commit 445f3c0

Please sign in to comment.