diff --git a/charts/agent/Chart.yaml b/charts/agent/Chart.yaml index 111e87e5a..5acdea83c 100644 --- a/charts/agent/Chart.yaml +++ b/charts/agent/Chart.yaml @@ -30,4 +30,4 @@ sources: - https://app.sysdigcloud.com/#/settings/user - https://github.com/draios/sysdig type: application -version: 1.16.0 +version: 1.17.0 diff --git a/charts/agent/README.md b/charts/agent/README.md index 2cdd8ae9a..7e8220700 100644 --- a/charts/agent/README.md +++ b/charts/agent/README.md @@ -153,6 +153,9 @@ The following table lists the configurable parameters of the Sysdig chart and th | `sysdig.disableCaptures` | Disables capture functionality. See https://docs.sysdig.com/en/disable-captures.html. | `false` | | `sysdig.settings` | Provides additional settings that are given in the `dragent.yaml`file. | `{}` | | `logPriority` | Sets both agent console and file logging priorities. Possible values are: `"info"`, `"debug"`. Mutually exclusive with `sysdig.settings.log`. | ` ` | +| `localForwarder.enabled` | Enable the Agent Local Forwarder | `false` | +| `localForwarder.transmitMessageTypes` | Message types to forward from the Agent to the Agent Local Forwarder | `[POLICY_EVENTS, SECURE_AUDIT]` | +| `localForwarder.integrations` | List of configurations for how and where the Agent Local Forwarder should forward messages | `[]` | | `secure.enabled` | Enables Sysdig Secure. | `true` | | `monitor.enabled` | Enables Sysdig Monitor. | `true` | | `auditLog.enabled` | Enables Kubernetes audit log support for Sysdig Secure. | `false` | diff --git a/charts/agent/templates/_helpers.tpl b/charts/agent/templates/_helpers.tpl index 8eda6b069..b11717ce3 100644 --- a/charts/agent/templates/_helpers.tpl +++ b/charts/agent/templates/_helpers.tpl @@ -506,3 +506,8 @@ sysdig_capture_enabled: false true {{- end }} {{- end }} + +{{/* Return the name of the local forwarder configmap */}} +{{- define "agent.localForwarderConfigMapName" }} +{{- include "agent.configmapName" . | trunc 46 | trimSuffix "-" | printf "%s-local-forwarder" }} +{{- end }} diff --git a/charts/agent/templates/configmap-local-forwarder.yaml b/charts/agent/templates/configmap-local-forwarder.yaml new file mode 100644 index 000000000..91175c185 --- /dev/null +++ b/charts/agent/templates/configmap-local-forwarder.yaml @@ -0,0 +1,13 @@ +{{- if .Values.localForwarder.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "agent.localForwarderConfigMapName" . }} + namespace: {{ include "agent.namespace" . }} + labels: +{{ (include "agent.labels" .) | indent 4 }} +data: + local_forwarder_config.yaml: | + integrations: + {{- toYaml .Values.localForwarder.integrations | nindent 6 }} +{{- end }} diff --git a/charts/agent/templates/configmap.yaml b/charts/agent/templates/configmap.yaml index b3bef1692..151f973ac 100644 --- a/charts/agent/templates/configmap.yaml +++ b/charts/agent/templates/configmap.yaml @@ -45,6 +45,12 @@ data: enforce_leader_election: true namespace: {{ include "agent.namespace" . }} {{- end }} +{{- if .Values.localForwarder.enabled }} + local_forwarder: + enabled: true + transmit_message_types: + {{- toYaml .Values.localForwarder.transmitMessageTypes | nindent 8 }} +{{- end }} {{- if .Values.prometheus.file }} prometheus.yaml: | {{ toYaml .Values.prometheus.yaml | indent 4 }} diff --git a/charts/agent/templates/daemonset.yaml b/charts/agent/templates/daemonset.yaml index 368c11c05..8de0e2754 100644 --- a/charts/agent/templates/daemonset.yaml +++ b/charts/agent/templates/daemonset.yaml @@ -223,6 +223,11 @@ spec: command: [ "test", "-e", "/opt/draios/logs/running" ] initialDelaySeconds: {{ .Values.daemonset.probes.initialDelay }} volumeMounts: + {{- if .Values.localForwarder.enabled }} + - mountPath: /opt/draios/etc/local_forwarder_config.yaml + subPath: local_forwarder_config.yaml + name: local-forwarder-config + {{- end }} {{- /* Always requested */}} - mountPath: /host/dev name: dev-vol @@ -344,6 +349,12 @@ spec: configMap: name: {{ include "agent.configmapName" . }} optional: true + {{- if .Values.localForwarder.enabled }} + - name: local-forwarder-config + configMap: + name: {{ include "agent.localForwarderConfigMapName" . }} + optional: true + {{- end }} - name: sysdig-agent-secrets secret: {{- if not ( include "agent.accessKeySecret" . ) }} diff --git a/charts/agent/tests/local_forwarder_test.yaml b/charts/agent/tests/local_forwarder_test.yaml new file mode 100644 index 000000000..a96d5d579 --- /dev/null +++ b/charts/agent/tests/local_forwarder_test.yaml @@ -0,0 +1,104 @@ +suite: Test enabling the agent local forwarder +templates: + - configmap.yaml + - configmap-local-forwarder.yaml + - daemonset.yaml +tests: + - it: Check the enabling the forwarder + set: + localForwarder: + enabled: true + integrations: + - channels: + - SECURE_EVENTS_POLICIES + - ACTIVITY_AUDIT + configuration: + output: stdout + type: LOCAL + asserts: + - equal: + path: data["local_forwarder_config.yaml"] + value: | + integrations: + - channels: + - SECURE_EVENTS_POLICIES + - ACTIVITY_AUDIT + configuration: + output: stdout + type: LOCAL + template: configmap-local-forwarder.yaml + - matchRegex: + path: data["dragent.yaml"] + pattern: | + local_forwarder: + enabled: true + transmit_message_types: + - POLICY_EVENTS + - SECURE_AUDIT + template: configmap.yaml + - contains: + path: spec.template.spec.volumes + content: + name: local-forwarder-config + configMap: + name: sysdig-agent-local-forwarder + optional: true + template: daemonset.yaml + - contains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /opt/draios/etc/local_forwarder_config.yaml + subPath: local_forwarder_config.yaml + name: local-forwarder-config + template: daemonset.yaml + - it: Ensure items are absent if local forwarder is disabled + set: + localForwarder: + enabled: false + asserts: + - notMatchRegex: + path: data["dragent.yaml"] + pattern: | + local_forwarder: + enabled: true + transmit_message_types: + - POLICY_EVENTS + - SECURE_AUDIT + template: configmap.yaml + - notContains: + path: spec.template.spec.volumes + content: + name: local-forwarder-config + configMap: + name: sysdig-agent-local-forwarder + optional: true + template: daemonset.yaml + - notContains: + path: spec.template.spec.containers[0].volumeMounts + content: + mountPath: /opt/draios/etc/local_forwarder_config.yaml + subPath: local_forwarder_config.yaml + name: local-forwarder-config + template: daemonset.yaml + - it: Customize the forwarded message types + set: + localForwarder: + enabled: true + transmitMessageTypes: + - POLICY_EVENTS + integrations: + - channels: + - SECURE_EVENTS_POLICIES + - ACTIVITY_AUDIT + configuration: + output: stdout + type: LOCAL + asserts: + - matchRegex: + path: data["dragent.yaml"] + pattern: | + local_forwarder: + enabled: true + transmit_message_types: + - POLICY_EVENTS + template: configmap.yaml diff --git a/charts/agent/values.schema.json b/charts/agent/values.schema.json index 65eeb0df9..09a9a4372 100644 --- a/charts/agent/values.schema.json +++ b/charts/agent/values.schema.json @@ -2,7 +2,8 @@ "$schema": "http://json-schema.org/schema#", "type": "object", "required": [ - "ebpf" + "ebpf", + "localForwarder" ], "properties": { "ebpf": { @@ -23,6 +24,98 @@ ] } } + }, + "localForwarder": { + "type": "object", + "required": [ + "enabled", + "integrations", + "transmitMessageTypes" + ], + "if": { + "properties": { + "enabled": { + "const": true + } + } + }, + "then": { + "properties": { + "integrations": { + "type": "array", + "minItems": 1, + "items": { + "$ref": "#/$defs/AgentLocalForwarderIntegrations" + } + }, + "enabled": { + "type": "boolean" + }, + "transmitMessageTypes": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "POLICY_EVENTS", + "SECURE_AUDIT" + ] + } + } + } + } + } + }, + "$defs": { + "AgentLocalForwarderIntegrations": { + "type": "object", + "required": [ + "channels", + "configuration" + ], + "properties": { + "channels": { + "type": "array", + "items": { + "type": "string", + "enum": [ + "POLICY_EVENTS", + "ACTIVITY_AUDIT", + "MONITOR_EVENTS", + "SECURE_EVENTS_POLICIES", + "SECURE_EVENTS_SCANNING", + "SECURE_EVENTS_BENCHMARK", + "SECURE_EVENTS_HOSTSCANNING", + "SECURE_EVENTS_COMPLIANCE", + "SECURE_EVENTS_AUDIT_TRAIL", + "SECURE_OBJECT_STORE_RUNTIME", + "SECURE_OBJECT_STORE_REGISTRY", + "SECURE_OBJECT_STORE_PIPELINE" + ] + } + }, + "configuration": { + "type": "object" + }, + "type": { + "type": "string", + "enum": [ + "SYSLOG", + "SPLUNK", + "MCM", + "QRADAR", + "WEBHOOK", + "KAFKA", + "CHRONICLE", + "SENTINEL", + "SQS", + "PUBSUB", + "SCC", + "LOCAL", + "ELASTIC", + "S3" + ] + } + } } } } diff --git a/charts/agent/values.yaml b/charts/agent/values.yaml index a2130d3f5..7fd90f29c 100644 --- a/charts/agent/values.yaml +++ b/charts/agent/values.yaml @@ -280,6 +280,12 @@ tolerations: value: "true" leaderelection: enable: false +localForwarder: + enabled: false + transmitMessageTypes: + - POLICY_EVENTS + - SECURE_AUDIT + integrations: [] delegatedAgentDeployment: # Enable a specialized installation where an Agent Deployment is installed # in addition to the traditional DaemonSet. The DaemonSet Agents will not diff --git a/charts/sysdig-deploy/Chart.yaml b/charts/sysdig-deploy/Chart.yaml index 6ba9977f7..03c25be62 100644 --- a/charts/sysdig-deploy/Chart.yaml +++ b/charts/sysdig-deploy/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: sysdig-deploy description: A chart with various Sysdig components for Kubernetes type: application -version: 1.30.1 +version: 1.31.0 maintainers: - name: AlbertoBarba email: alberto.barba@sysdig.com @@ -26,7 +26,7 @@ dependencies: - name: agent # repository: https://charts.sysdig.com repository: file://../agent - version: ~1.16.0 + version: ~1.17.0 alias: agent condition: agent.enabled - name: common