This file documents all notable changes to Falco Helm Chart. The release numbering uses semantic versioning.
- Upgrade to Falco 0.25.0
- Update ruleset from Falco 0.25.0
- Fix duplicate mount point problem when both gRPC and NATS integrations are enabled
- Allow configuration using values for
imagePullSecretssetting - Add
docker.io/falcosecurity/falcoimage tofalco_privileged_imagesmacro
- Add SecurityContextConstraint to allow deploying in Openshift
- Upgrade to Falco 0.24.0
- Update ruleset from Falco 0.24.0
- gRPC Unix Socket support
- Set default threadiness to 0 ("auto" behavior) for the gRPC server
- Switch to
falcosecurity/event-generator - Allow configuration using values for
fakeEventGenerator.argssetting - Update ruleset
- New releasing mechanism
- Add missing privileges for the apps Kubernetes API group
- Allow client config url for Audit Sink with
auditLog.dynamicBackend.url
- Upgrade to Falco 0.23.0
- Correct socket path for
--criflag - Always mount
/etc(required byfalco-driver-loader)
- Add pod annotation support for daemonset
- Upgrade to Falco 0.21.0
- Upgrade rules to Falco 0.21.0
- Add headless service for gRPC server
- Allow gRPC certificates configuration by using
--set-file
- Make
/lib/moduleswritable from the container
- Allow configuration using values for
grpcsetting - Allow configuration using values for
grpc_outputsetting
- Upgrade to Falco 0.20.0
- Upgrade rules to Falco 0.20.0
- Upgrade to Falco 0.19.0
- Upgrade rules to Falco 0.19.0
- Remove Sysdig references, Falco is a project by its own name
- Revamp auditLog feature
- Upgrade to latest version (0.18.0)
- Replace CRI references with containerD
- Support multiple lines for
falco.programOutput.program
- Add affinity
- Migrate API versions from deprecated, removed versions to support Kubernetes v1.16
- Restrict the access to
/devon underlying host to read only
- Upgrade to Falco 0.17.1
- Upgrade rules to Falco 0.17.1
- Allow configuration using values for
nodeSelectorsetting
- Falco does a rollingUpgrade when the falco or falco-rules configMap changes with a helm upgrade
- Add 3 resources (
daemonsets,deployments,replicasets) to the ClusterRole resource list Ref: PR#514 from Falco repository
- Upgrade to Falco 0.17.0
- Upgrade rules to Falco 0.17.0
- Support
priorityClassName
- Upgrade to Falco 0.16.0
- Upgrade rules to Falco 0.16.0
- Extra environment variables passed to daemonset pods
- Add support for K8s audit logging
- Allow configuration using values for
time_format_iso8601setting - Allow configuration using values for
syscall_event_dropssetting - Allow configuration using values for
http_outputsetting - Add CHANGELOG entry for v0.8.0, not present on its PR
- Add nestorsalceda as an approver
- Allow configuration of Pod Security Policy. This is needed to get Falco running when the Admission Controller is enabled.
- Fix bug with Google Cloud Security Command Center and Falco integration
- Upgrade to Falco 0.15.3
- Upgrade rules to Falco 0.15.3
- Add TZ parameter for time correlation in Falco logs
- Upgrade to Falco 0.15.1
- Upgrade rules to Falco 0.15.1
- Allow to enable/disable usage of the docker socket
- Configurable docker socket path
- CRI support, configurable CRI socket
- Allow to enable/disable usage of the CRI socket
- Upgrade to Falco 0.15.0
- Upgrade rules to Falco 0.15.0
- Use the KUBERNETES_SERVICE_HOST environment variable to connect to Kubernetes API instead of using a fixed name
- Remove the toJson pipeline when storing Google Credentials. It makes strange stuff with double quotes and does not allow to use base64 encoded credentials
- Fix typos in README.md
- Add Google Pub/Sub Output integration
- Disable eBPF by default on Falco. We activated eBPF by default to make the CI pass, but now we found a better method to make the CI pass without bothering our users.
- Upgrade to Falco 0.14.0
- Upgrade rules to Falco 0.14.0
- Enable eBPF by default on Falco
- Allow to download Falco images from different registries than
docker.io - Use rollingUpdate strategy by default
- Provide sane defauls for falco resource management
- Allow extra container args
- Update correct slack example
- Using Falco version 0.13.0 instead of latest.
- Update falco_rules.yaml file to use the same rules that Falco 0.13.0
- Falco was accepted as a CNCF project. Fix references and download image from falcosecurity organization.
- Allow falco to resolve cluster hostnames when running with ebpf.hostNetwork: true
- Add Amazon SNS Output integration
- Allow Falco to be run with a HTTP proxy server
- Mount in memory volume for shm. It was used in volumes but was not mounted.
- Add eBPF support for Falco. Falco can now read events via an eBPF program
loaded into the kernel instead of the
falco-probekernel module.
- Update falco_rules.yaml file to use the same rules that Falco 0.11.1
- Add NATS Output integration
- Fix value mismatch between code and documentation
- Fix several typos
- Initial release of Sysdig Falco Helm Chart