From 5d9f4d5b08fe9dc7685e87e44093cda4dc57348f Mon Sep 17 00:00:00 2001 From: svcAPLBot <174728082+svcAPLBot@users.noreply.github.com> Date: Wed, 22 Jan 2025 00:52:27 +0000 Subject: [PATCH] chore(chart-deps): update falco-exporter to version 0.12.1 --- chart/chart-index/Chart.yaml | 4 +- charts/falco-exporter/CHANGELOG.md | 37 + charts/falco-exporter/Chart.yaml | 2 +- charts/falco-exporter/README.gotmpl | 75 ++ charts/falco-exporter/README.md | 132 +++- .../templates/grafana-dashboard.yaml | 737 +++++++++++++----- .../templates/prometheusrule.yaml | 10 +- .../templates/servicemonitor.yaml | 3 + charts/falco-exporter/values.yaml | 121 ++- 9 files changed, 839 insertions(+), 282 deletions(-) create mode 100644 charts/falco-exporter/README.gotmpl diff --git a/chart/chart-index/Chart.yaml b/chart/chart-index/Chart.yaml index da914fcd7c..e22a8579f1 100644 --- a/chart/chart-index/Chart.yaml +++ b/chart/chart-index/Chart.yaml @@ -56,7 +56,7 @@ dependencies: version: 3.8.5 repository: https://falcosecurity.github.io/charts - name: falco-exporter - version: 0.9.7 + version: 0.12.1 repository: https://falcosecurity.github.io/charts - name: jaeger-operator version: 2.46.0 @@ -66,4 +66,4 @@ dependencies: repository: https://kiali.org/helm-charts - name: tempo-distributed version: 1.18.5 - repository: https://grafana.github.io/helm-charts \ No newline at end of file + repository: https://grafana.github.io/helm-charts diff --git a/charts/falco-exporter/CHANGELOG.md b/charts/falco-exporter/CHANGELOG.md index b95c947bf0..f88ebc0007 100644 --- a/charts/falco-exporter/CHANGELOG.md +++ b/charts/falco-exporter/CHANGELOG.md @@ -3,6 +3,43 @@ This file documents all notable changes to `falco-exporter` Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v0.12.1 + +* fix bug in 'for' for falco exporter prometheus rules + +## v0.12.0 + +* make 'for' configurable for falco exporter prometheus rules + +## v0.11.0 + +* updated grafana dashboard + +## v0.10.1 + +* Enhanced the service Monitor to support additional Properties. + +## v0.10.0 + +* added ability to set the grafana folder annotation name + +## v0.9.11 + +* fix dead links in README.md + +## v0.9.10 + +* update configuration values in README.md +* introduce helm docs for the chart + +## v0.9.9 + +* update tolerations + +## v0.9.8 + +* add annotation for set of folder's grafana-chart + ## v0.9.7 * noop change just to test the ci diff --git a/charts/falco-exporter/Chart.yaml b/charts/falco-exporter/Chart.yaml index 9cf49c829e..a226959020 100644 --- a/charts/falco-exporter/Chart.yaml +++ b/charts/falco-exporter/Chart.yaml @@ -15,4 +15,4 @@ name: falco-exporter sources: - https://github.com/falcosecurity/falco-exporter type: application -version: 0.9.7 +version: 0.12.1 diff --git a/charts/falco-exporter/README.gotmpl b/charts/falco-exporter/README.gotmpl new file mode 100644 index 0000000000..20a16e21a3 --- /dev/null +++ b/charts/falco-exporter/README.gotmpl @@ -0,0 +1,75 @@ +# falco-exporter Helm Chart + +[falco-exporter](https://github.com/falcosecurity/falco-exporter) is a Prometheus Metrics Exporter for Falco output events. + +Before using this chart, you need [Falco installed](https://falco.org/docs/installation/) and running with the [gRPC Output](https://falco.org/docs/grpc/) enabled (over Unix socket by default). + +This chart is compatible with the [Falco Chart](https://github.com/falcosecurity/charts/tree/master/charts/falco) version `v1.2.0` or greater. Instructions to enable the gRPC Output in the Falco Helm Chart can be found [here](https://github.com/falcosecurity/charts/tree/master/charts/falco#enabling-grpc). We also strongly recommend using [gRPC over Unix socket](https://github.com/falcosecurity/charts/tree/master/charts/falco#grpc-over-unix-socket-default). + +## Introduction + +The chart deploys **falco-exporter** as Daemon Set on your the Kubernetes cluster. If a [Prometheus installation](https://github.com/helm/charts/tree/master/stable/prometheus) is running within your cluster, metrics provided by **falco-exporter** will be automatically discovered. + +## Adding `falcosecurity` repository + +Prior to installing the chart, add the `falcosecurity` charts repository: + +```bash +helm repo add falcosecurity https://falcosecurity.github.io/charts +helm repo update +``` + +## Installing the Chart + +To install the chart with the release name `falco-exporter` run: + +```bash +helm install falco-exporter falcosecurity/falco-exporter +``` + +After a few seconds, **falco-exporter** should be running. + +> **Tip**: List all releases using `helm list`, a release is a name used to track a specific deployment + +## Uninstalling the Chart + +To uninstall the `falco-exporter` deployment: + +```bash +helm uninstall falco-exporter +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +```bash +helm install falco-exporter --set falco.grpcTimeout=3m falcosecurity/falco-exporter +``` + +Alternatively, a YAML file that specifies the parameters' values can be provided while installing the chart. For example, + +```bash +helm install falco-exporter -f values.yaml falcosecurity/falco-exporter +``` + +### Enable Mutual TLS + +Mutual TLS for `/metrics` endpoint can be enabled to prevent alerts content from being consumed by unauthorized components. + +To install falco-exporter with Mutual TLS enabled, you have to: + +```shell +helm install falco-exporter \ + --set service.mTLS.enabled=true \ + --set-file service.mTLS.server.key=/path/to/server.key \ + --set-file service.mTLS.server.crt=/path/to/server.crt \ + --set-file service.mTLS.ca.crt=/path/to/ca.crt \ + falcosecurity/falco-exporter +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration + +The following table lists the main configurable parameters of the {{ template "chart.name" . }} chart v{{ template "chart.version" . }} and their default values. Please, refer to [values.yaml](./values.yaml) for the full list of configurable parameters. + +{{ template "chart.valuesSection" . }} diff --git a/charts/falco-exporter/README.md b/charts/falco-exporter/README.md index a7e00c8c9e..e4761c903d 100644 --- a/charts/falco-exporter/README.md +++ b/charts/falco-exporter/README.md @@ -4,7 +4,7 @@ Before using this chart, you need [Falco installed](https://falco.org/docs/installation/) and running with the [gRPC Output](https://falco.org/docs/grpc/) enabled (over Unix socket by default). -This chart is compatible with the [Falco Chart](https://github.com/falcosecurity/charts/tree/master/falco) version `v1.2.0` or greater. Instructions to enable the gRPC Output in the Falco Helm Chart can be found [here](https://github.com/falcosecurity/charts/tree/master/falco#enabling-grpc). We also strongly recommend using [gRPC over Unix socket](https://github.com/falcosecurity/charts/tree/master/falco#grpc-over-unix-socket-default). +This chart is compatible with the [Falco Chart](https://github.com/falcosecurity/charts/tree/master/charts/falco) version `v1.2.0` or greater. Instructions to enable the gRPC Output in the Falco Helm Chart can be found [here](https://github.com/falcosecurity/charts/tree/master/charts/falco#enabling-grpc). We also strongly recommend using [gRPC over Unix socket](https://github.com/falcosecurity/charts/tree/master/charts/falco#grpc-over-unix-socket-default). ## Introduction @@ -41,45 +41,6 @@ helm uninstall falco-exporter The command removes all the Kubernetes components associated with the chart and deletes the release. -## Configuration - -The following table lists the main configurable parameters of the chart and their default values. - -| Parameter | Description | Default | -| ------------------------------------------------ | ------------------------------------------------------------------------------------------------ | ---------------------------------- | -| `image.registry` | The image registry to pull from | `docker.io` | -| `image.repository` | The image repository to pull from | `falcosecurity/falco-exporter` | -| `image.tag` | The image tag to pull | `0.8.3` | -| `image.pullPolicy` | The image pull policy | `IfNotPresent` | -| `falco.grpcUnixSocketPath` | Unix socket path for connecting to a Falco gRPC server | `unix:///var/run/falco/falco.sock` | -| `falco.grpcTimeout` | gRPC connection timeout | `2m` | -| `serviceAccount.create` | Specify if a service account should be created | `true` | -| `podSecurityPolicy.create` | Specify if a PSP, Role & RoleBinding should be created | `false` | -| `serviceMonitor.enabled` | Enabled deployment of a Prometheus operator Service Monitor | `false` | -| `serviceMonitor.additionalLabels` | Add additional Labels to the Service Monitor | `{}` | -| `serviceMonitor.interval` | Specify a user defined interval for the Service Monitor | `""` | -| `serviceMonitor.scrapeTimeout` | Specify a user defined scrape timeout for the Service Monitor | `""` | -| `grafanaDashboard.enabled` | Enable the falco security dashboard, see https://github.com/falcosecurity/falco-exporter#grafana | `false` | -| `grafanaDashboard.folder` | The grafana folder to deplay the dashboard in | `""` | -| `grafanaDashboard.namespace` | The namespace to deploy the dashboard configmap in | `default` | -| `grafanaDashboard.prometheusDatasourceName` | The prometheus datasource name to be used for the dashboard | `Prometheus` | -| `scc.create` | Create OpenShift's Security Context Constraint | `true` | -| `service.mTLS.enabled` | Enable falco-exporter server Mutual TLS feature | `false` | -| `prometheusRules.enabled` | Enable the creation of falco-exporter PrometheusRules | `false` | -| `daemonset.podLabels` | Customized Daemonset pod labels | `{}` | -| `healthChecks.livenessProbe.probesPort` | Liveness probes port | `19376` | -| `healthChecks.readinessProbe.probesPort` | Readiness probes port | `19376` | -| `healthChecks.livenessProbe.initialDelaySeconds` | Number of seconds before performing the first liveness probe | `60` | -| `healthChecks.readinessProbe.initialDelaySeconds`| Number of seconds before performing the first readiness probe | `30` | -| `healthChecks.livenessProbe.timeoutSeconds` | Number of seconds after which the liveness probe times out | `5` | -| `healthChecks.readinessProbe.timeoutSeconds` | Number of seconds after which the readiness probe times out | `5` | -| `healthChecks.livenessProbe.periodSeconds` | Time interval in seconds to perform the liveness probe | `15` | -| `healthChecks.readinessProbe.periodSeconds` | Time interval in seconds to perform the readiness probe | `15` | - -Please, refer to [values.yaml](./values.yaml) for the full list of configurable parameters. - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, - ```bash helm install falco-exporter --set falco.grpcTimeout=3m falcosecurity/falco-exporter ``` @@ -106,3 +67,94 @@ helm install falco-exporter \ ``` > **Tip**: You can use the default [values.yaml](values.yaml) + +## Configuration + +The following table lists the main configurable parameters of the falco-exporter chart v0.12.1 and their default values. Please, refer to [values.yaml](./values.yaml) for the full list of configurable parameters. + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | affinity allows pod placement based on node characteristics, or any other custom labels assigned to nodes. | +| daemonset | object | `{"annotations":{},"podLabels":{},"updateStrategy":{"type":"RollingUpdate"}}` | daemonset holds the configuration for the daemonset. | +| daemonset.annotations | object | `{}` | annotations to add to the DaemonSet pods. | +| daemonset.podLabels | object | `{}` | podLabels labels to add to the pods. | +| falco | object | `{"grpcTimeout":"2m","grpcUnixSocketPath":"unix:///run/falco/falco.sock"}` | falco the configuration to connect falco. | +| falco.grpcTimeout | string | `"2m"` | grpcTimeout timout value for grpc connection. | +| falco.grpcUnixSocketPath | string | `"unix:///run/falco/falco.sock"` | grpcUnixSocketPath path to the falco's grpc unix socket. | +| fullnameOverride | string | `""` | fullNameOverride same as nameOverride but for the full name. | +| grafanaDashboard | object | `{"enabled":false,"folder":"","folderAnnotation":"grafana_dashboard_folder","namespace":"default","prometheusDatasourceName":"Prometheus"}` | grafanaDashboard contains the configuration related to grafana dashboards. | +| grafanaDashboard.enabled | bool | `false` | enabled specifies whether the dashboard should be deployed. | +| grafanaDashboard.folder | string | `""` | folder creates and set folderAnnotation to specify where the dashboard is stored in grafana. | +| grafanaDashboard.folderAnnotation | string | `"grafana_dashboard_folder"` | folderAnnotation sets the annotation's name used by folderAnnotation in grafana's helm-chart. | +| grafanaDashboard.namespace | string | `"default"` | namespace specifies the namespace for the configmap. | +| grafanaDashboard.prometheusDatasourceName | string | `"Prometheus"` | prometheusDatasourceName name of the data source. | +| healthChecks | object | `{"livenessProbe":{"initialDelaySeconds":60,"periodSeconds":15,"probesPort":19376,"timeoutSeconds":5},"readinessProbe":{"initialDelaySeconds":30,"periodSeconds":15,"probesPort":19376,"timeoutSeconds":5}}` | healthChecks contains the configuration for liveness and readiness probes. | +| healthChecks.livenessProbe | object | `{"initialDelaySeconds":60,"periodSeconds":15,"probesPort":19376,"timeoutSeconds":5}` | livenessProbe is a diagnostic mechanism used to determine weather a container within a Pod is still running and healthy. | +| healthChecks.livenessProbe.initialDelaySeconds | int | `60` | initialDelaySeconds tells the kubelet that it should wait X seconds before performing the first probe. | +| healthChecks.livenessProbe.periodSeconds | int | `15` | periodSeconds specifies the interval at which the liveness probe will be repeated. | +| healthChecks.livenessProbe.probesPort | int | `19376` | probesPort is liveness probes port. | +| healthChecks.livenessProbe.timeoutSeconds | int | `5` | timeoutSeconds number of seconds after which the probe times out. | +| healthChecks.readinessProbe | object | `{"initialDelaySeconds":30,"periodSeconds":15,"probesPort":19376,"timeoutSeconds":5}` | readinessProbe is a mechanism used to determine whether a container within a Pod is ready to serve traffic. | +| healthChecks.readinessProbe.initialDelaySeconds | int | `30` | initialDelaySeconds tells the kubelet that it should wait X seconds before performing the first probe. | +| healthChecks.readinessProbe.periodSeconds | int | `15` | periodSeconds specifies the interval at which the readiness probe will be repeated. | +| healthChecks.readinessProbe.timeoutSeconds | int | `5` | timeoutSeconds is the number of seconds after which the probe times out. | +| image | object | `{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"falcosecurity/falco-exporter","tag":"0.8.3"}` | image is the configuration for the exporter image. | +| image.pullPolicy | string | `"IfNotPresent"` | pullPolicy is the policy used to determine when a node should attempt to pull the container image. | +| image.registry | string | `"docker.io"` | registry is the image registry to pull from. | +| image.repository | string | `"falcosecurity/falco-exporter"` | repository is the image repository to pull from. | +| image.tag | string | `"0.8.3"` | tag is image tag to pull. | +| imagePullSecrets | list | `[]` | pullSecrets a list of secrets containing credentials used when pulling from private/secure registries. | +| nameOverride | string | `""` | nameOverride is the new name used to override the release name used for exporter's components. | +| nodeSelector | object | `{}` | nodeSelector specifies a set of key-value pairs that must match labels assigned to nodes for the Pod to be eligible for scheduling on that node | +| podSecurityContext | object | `{}` | podSecurityPolicy holds the security policy settings for the pod. | +| podSecurityPolicy | object | `{"annotations":{},"create":false,"name":""}` | podSecurityPolicy holds the security policy settings for the pod. | +| podSecurityPolicy.annotations | object | `{}` | annotations to add to the PSP, Role and RoleBinding | +| podSecurityPolicy.create | bool | `false` | create specifies whether a PSP, Role and RoleBinding should be created | +| podSecurityPolicy.name | string | `""` | name of the PSP, Role and RoleBinding to use. If not set and create is true, a name is generated using the fullname template | +| priorityClassName | string | `""` | priorityClassName specifies the name of the PriorityClass for the pods. | +| prometheusRules.alerts.additionalAlerts | object | `{}` | | +| prometheusRules.alerts.alert.enabled | bool | `true` | | +| prometheusRules.alerts.alert.for | string | `"5m"` | | +| prometheusRules.alerts.alert.rate_interval | string | `"5m"` | | +| prometheusRules.alerts.alert.threshold | int | `0` | | +| prometheusRules.alerts.critical.enabled | bool | `true` | | +| prometheusRules.alerts.critical.for | string | `"15m"` | | +| prometheusRules.alerts.critical.rate_interval | string | `"5m"` | | +| prometheusRules.alerts.critical.threshold | int | `0` | | +| prometheusRules.alerts.emergency.enabled | bool | `true` | | +| prometheusRules.alerts.emergency.for | string | `"1m"` | | +| prometheusRules.alerts.emergency.rate_interval | string | `"1m"` | | +| prometheusRules.alerts.emergency.threshold | int | `0` | | +| prometheusRules.alerts.error.enabled | bool | `true` | | +| prometheusRules.alerts.error.for | string | `"15m"` | | +| prometheusRules.alerts.error.rate_interval | string | `"5m"` | | +| prometheusRules.alerts.error.threshold | int | `0` | | +| prometheusRules.alerts.warning.enabled | bool | `true` | | +| prometheusRules.alerts.warning.for | string | `"15m"` | | +| prometheusRules.alerts.warning.rate_interval | string | `"5m"` | | +| prometheusRules.alerts.warning.threshold | int | `0` | | +| prometheusRules.enabled | bool | `false` | enabled specifies whether the prometheus rules should be deployed. | +| resources | object | `{}` | resources defines the computing resources (CPU and memory) that are allocated to the containers running within the Pod. | +| scc.create | bool | `true` | | +| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | securityContext holds the security context for the daemonset. | +| securityContext.capabilities | object | `{"drop":["ALL"]}` | capabilities to be assigned to the daemonset. | +| service | object | `{"annotations":{"prometheus.io/port":"9376","prometheus.io/scrape":"true"},"clusterIP":"None","labels":{},"mTLS":{"enabled":false},"port":9376,"targetPort":9376,"type":"ClusterIP"}` | service exposes the exporter service to be accessed from within the cluster. | +| service.annotations | object | `{"prometheus.io/port":"9376","prometheus.io/scrape":"true"}` | annotations set of annotations to be applied to the service. | +| service.clusterIP | string | `"None"` | clusterIP set to none. It's headless service. | +| service.labels | object | `{}` | labels set of labels to be applied to the service. | +| service.mTLS | object | `{"enabled":false}` | mTLS mutual TLS for HTTP metrics server. | +| service.mTLS.enabled | bool | `false` | enabled specifies whether the mTLS should be enabled. | +| service.port | int | `9376` | port is the port on which the Service will listen. | +| service.targetPort | int | `9376` | targetPort is the port on which the Pod is listening. | +| service.type | string | `"ClusterIP"` | type denotes the service type. Setting it to "ClusterIP" we ensure that are accessible from within the cluster. | +| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | serviceAccount is the configuration for the service account. | +| serviceAccount.name | string | `""` | name is the name of the service account to use. If not set and create is true, a name is generated using the fullname template. If set and create is false, an already existing serviceAccount must be provided. | +| serviceMonitor | object | `{"additionalLabels":{},"additionalProperties":{},"enabled":false,"interval":"","scrapeTimeout":""}` | serviceMonitor holds the configuration for the ServiceMonitor CRD. A ServiceMonitor is a custom resource definition (CRD) used to configure how Prometheus should discover and scrape metrics from the exporter service. | +| serviceMonitor.additionalLabels | object | `{}` | additionalLabels specifies labels to be added on the Service Monitor. | +| serviceMonitor.additionalProperties | object | `{}` | aditionalProperties allows setting additional properties on the endpoint such as relabelings, metricRelabelings etc. | +| serviceMonitor.enabled | bool | `false` | enable the deployment of a Service Monitor for the Prometheus Operator. | +| serviceMonitor.interval | string | `""` | interval specifies the time interval at which Prometheus should scrape metrics from the service. | +| serviceMonitor.scrapeTimeout | string | `""` | scrapeTimeout determines the maximum time Prometheus should wait for a target to respond to a scrape request. If the target does not respond within the specified timeout, Prometheus considers the scrape as failed for that target. | +| tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"}]` | tolerations are applied to pods and allow them to be scheduled on nodes with matching taints. | diff --git a/charts/falco-exporter/templates/grafana-dashboard.yaml b/charts/falco-exporter/templates/grafana-dashboard.yaml index 6cfbf58b0a..21a24b0a85 100644 --- a/charts/falco-exporter/templates/grafana-dashboard.yaml +++ b/charts/falco-exporter/templates/grafana-dashboard.yaml @@ -10,7 +10,7 @@ data: "type": "grafana", "id": "grafana", "name": "Grafana", - "version": "6.7.3" + "version": "7.0.3" }, { "type": "panel", @@ -35,268 +35,600 @@ data: "list": [ { "builtIn": 1, - "datasource": "-- Grafana --", + "datasource": { + "type": "datasource", + "uid": "grafana" + }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, "type": "dashboard" } ] }, + "description": "", "editable": true, - "gnetId": null, - "graphTooltip": 0, + "fiscalYearStartMonth": 0, + "graphTooltip": 1, "id": null, "links": [], + "liveNow": false, "panels": [ { - "aliasColors": {}, - "bars": false, - "dashLength": 10, - "dashes": false, - "datasource": "$datasource", - "description": "", - "fill": 1, - "fillGradient": 0, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic", + "seriesBy": "last" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, "gridPos": { - "h": 11, - "w": 24, + "h": 8, + "w": 12, "x": 0, "y": 0 }, - "hiddenSeries": false, - "id": 2, - "legend": { - "alignAsTable": true, - "avg": false, - "current": false, - "max": false, - "min": false, - "rightSide": true, - "show": true, - "total": false, - "values": false - }, - "lines": true, - "linewidth": 1, - "nullPointMode": "null as zero", + "id": 90, "options": { - "dataLinks": [] + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "asc" + } }, - "percentage": false, - "pointradius": 2, - "points": false, - "renderer": "flot", - "seriesOverrides": [], - "spaceLength": 10, - "stack": true, - "steppedLine": false, + "pluginVersion": "8.3.3", "targets": [ { - "expr": "rate(falco_events[5m]) > 0", - "interval": "", - "intervalFactor": 1, - "legendFormat": "{{`{{rule}} (node=\"{{kubernetes_node}}\",ns=\"{{k8s_ns_name}}\",pod=\"{{k8s_pod_name}}\")"`}}, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(falco_events[$__rate_interval])) by (rule)", + "hide": false, + "instant": false, + "legendFormat": "__auto", + "range": true, "refId": "A" } ], - "thresholds": [], - "timeFrom": null, - "timeRegions": [], - "timeShift": null, - "title": "Events rate", - "tooltip": { - "shared": true, - "sort": 0, - "value_type": "individual" + "title": "Events rate by rule", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" }, - "type": "graph", - "xaxis": { - "buckets": null, - "mode": "time", - "name": null, - "show": true, - "values": [] + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic", + "seriesBy": "last" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] }, - "yaxes": [ - { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 0 + }, + "id": 72, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true }, + "tooltip": { + "mode": "multi", + "sort": "asc" + } + }, + "pluginVersion": "8.3.3", + "targets": [ { - "format": "short", - "label": null, - "logBase": 1, - "max": null, - "min": null, - "show": true + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(falco_events[$__rate_interval])) by (priority)", + "hide": false, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" } ], - "yaxis": { - "align": false, - "alignLevel": null - } + "title": "Events rate by priority", + "type": "timeseries" }, { - "columns": [], - "datasource": "$datasource", - "fontSize": "100%", + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic", + "seriesBy": "last" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, "gridPos": { - "h": 10, - "w": 24, + "h": 8, + "w": 12, "x": 0, - "y": 11 + "y": 8 }, - "id": 4, - "links": [], - "pageSize": null, - "showHeader": true, - "sort": { - "col": null, - "desc": false + "id": 89, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "asc" + } }, - "styles": [ + "pluginVersion": "8.3.3", + "targets": [ { - "alias": "Time", - "align": "auto", - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "pattern": "Time", - "type": "date" + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(falco_events[$__rate_interval])) by (tags)", + "hide": false, + "instant": false, + "legendFormat": "__auto", + "range": true, + "refId": "A" + } + ], + "title": "Events rate by tags", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic", + "seriesBy": "last" + }, + "custom": { + "axisBorderShow": false, + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "insertNulls": false, + "lineInterpolation": "smooth", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 2, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "none" }, - { - "alias": "", - "align": "auto", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 2, - "link": false, - "mappingType": 1, - "pattern": "/__name__|instance|job|kubernetes_name|(__name|helm_|app_).*/", - "sanitize": false, - "thresholds": [], - "type": "hidden", - "unit": "short" + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 8 + }, + "id": 91, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true }, + "tooltip": { + "mode": "multi", + "sort": "asc" + } + }, + "pluginVersion": "8.3.3", + "targets": [ { - "alias": "Count", - "align": "auto", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "mappingType": 1, - "pattern": "Value", - "thresholds": [], - "type": "number", - "unit": "short" + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "editorMode": "code", + "expr": "sum(rate(falco_events[$__rate_interval])) by (pod, hostname)", + "hide": false, + "instant": false, + "legendFormat": "{{`{{ pod }} ({{hostname}})`}}", + "range": true, + "refId": "A" + } + ], + "title": "Events rate by pod, hostname", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "$datasource" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "cellOptions": { + "type": "color-text" + }, + "filterable": true, + "inspect": false, + "minWidth": 50 + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "text", + "value": null + }, + { + "color": "#EAB839", + "value": 100 + }, + { + "color": "red", + "value": 1000 + } + ] + } }, - { - "alias": "", - "align": "left", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "dateFormat": "YYYY-MM-DD HH:mm:ss", - "decimals": 0, - "mappingType": 1, - "pattern": "priority", - "thresholds": [ - "" + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 24, + "x": 0, + "y": 16 + }, + "id": 94, + "options": { + "cellHeight": "sm", + "footer": { + "countRows": false, + "enablePagination": true, + "fields": "", + "reducer": [ + "sum" ], - "type": "number", - "unit": "none", - "valueMaps": [ - { - "text": "5", - "value": "5" - } - ] + "show": false }, - { - "alias": "", - "align": "left", - "colorMode": null, - "colors": [ - "rgba(245, 54, 54, 0.9)", - "rgba(237, 129, 40, 0.89)", - "rgba(50, 172, 45, 0.97)" - ], - "decimals": 2, - "pattern": "/.*/", - "thresholds": [], - "type": "string", - "unit": "short" - } - ], + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Count" + } + ] + }, + "pluginVersion": "10.4.1", "targets": [ { + "datasource": { + "type": "prometheus", + "uid": "prometheus" + }, + "editorMode": "code", + "exemplar": false, "expr": "falco_events", "format": "table", "instant": true, + "legendFormat": "__auto", + "range": false, "refId": "A" } ], - "timeFrom": null, - "timeShift": null, - "title": "Totals", - "transform": "table", - "transparent": true, + "title": "Events Total", + "transformations": [ + { + "id": "organize", + "options": { + "excludeByName": { + "Time": true, + "__name__": true, + "container": true, + "endpoint": true, + "instance": true, + "job": true, + "k8s_ns_name": true, + "k8s_pod_name": true, + "service": true + }, + "includeByName": {}, + "indexByName": {}, + "renameByName": { + "Value": "Count" + } + } + } + ], "type": "table" } ], - "schemaVersion": 22, - "style": "dark", - "tags": [], - "templating": { - "list": [] - }, + "refresh": "30s", + "schemaVersion": 39, + "tags": [ + "security", + "falco" + ], "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "{{ .Values.grafanaDashboard.prometheusDatasourceName }}", - "value": "{{ .Values.grafanaDashboard.prometheusDatasourceName }}" - }, - "hide": 0, - "includeAll": false, - "label": null, - "multi": false, - "name": "datasource", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - } - ] + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "prometheus" + }, + "hide": 0, + "includeAll": false, + "multi": false, + "name": "datasource", + "options": [], + "query": "prometheus", + "queryValue": "", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "isNone": true, + "selected": false, + "text": "None", + "value": "" + }, + "datasource": { + "type": "prometheus", + "uid": "${datasource}" + }, + "definition": "label_values(kube_node_info,cluster)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "cluster", + "options": [], + "query": { + "qryType": 1, + "query": "label_values(kube_node_info,cluster)", + "refId": "PrometheusVariableQueryEditor-VariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "type": "query" + } + ] }, "time": { - "from": "now-6h", + "from": "now-1h", "to": "now" }, "timepicker": {}, "timezone": "", - "title": "Falco Dashboard", - "uid": "FvUFlfuZz" + "title": "Falco Events", + "uid": "FvUFlfuZz", + "version": 2, + "weekStart": "" } kind: ConfigMap metadata: @@ -305,6 +637,7 @@ metadata: {{- if .Values.grafanaDashboard.folder }} annotations: k8s-sidecar-target-directory: /tmp/dashboards/{{ .Values.grafanaDashboard.folder }} + {{ .Values.grafanaDashboard.folderAnnotation }}: {{ .Values.grafanaDashboard.folder }} {{- end }} name: grafana-falco {{- if .Values.grafanaDashboard.namespace }} diff --git a/charts/falco-exporter/templates/prometheusrule.yaml b/charts/falco-exporter/templates/prometheusrule.yaml index d495d70f2c..c160e6f522 100644 --- a/charts/falco-exporter/templates/prometheusrule.yaml +++ b/charts/falco-exporter/templates/prometheusrule.yaml @@ -31,7 +31,7 @@ spec: summary: Falco is experiencing high rate of warning events description: A high rate of warning events are being detected by Falco expr: rate(falco_events{priority="4"}[{{ .Values.prometheusRules.alerts.warning.rate_interval }}]) > {{ .Values.prometheusRules.alerts.warning.threshold }} - for: 15m + for: {{ .Values.prometheusRules.alerts.warning.for }} labels: severity: warning {{- end }} @@ -41,7 +41,7 @@ spec: summary: Falco is experiencing high rate of error events description: A high rate of error events are being detected by Falco expr: rate(falco_events{priority="3"}[{{ .Values.prometheusRules.alerts.error.rate_interval }}]) > {{ .Values.prometheusRules.alerts.error.threshold }} - for: 15m + for: {{ .Values.prometheusRules.alerts.error.for }} labels: severity: warning {{- end }} @@ -51,7 +51,7 @@ spec: summary: Falco is experiencing high rate of critical events description: A high rate of critical events are being detected by Falco expr: rate(falco_events{priority="2"}[{{ .Values.prometheusRules.alerts.critical.rate_interval }}]) > {{ .Values.prometheusRules.alerts.critical.threshold }} - for: 15m + for: {{ .Values.prometheusRules.alerts.critical.for }} labels: severity: critical {{- end }} @@ -61,7 +61,7 @@ spec: summary: Falco is experiencing high rate of alert events description: A high rate of alert events are being detected by Falco expr: rate(falco_events{priority="1"}[{{ .Values.prometheusRules.alerts.alert.rate_interval }}]) > {{ .Values.prometheusRules.alerts.alert.threshold }} - for: 5m + for: {{ .Values.prometheusRules.alerts.alert.for }} labels: severity: critical {{- end }} @@ -71,7 +71,7 @@ spec: summary: Falco is experiencing high rate of emergency events description: A high rate of emergency events are being detected by Falco expr: rate(falco_events{priority="0"}[{{ .Values.prometheusRules.alerts.emergency.rate_interval }}]) > {{ .Values.prometheusRules.alerts.emergency.threshold }} - for: 1m + for: {{ .Values.prometheusRules.alerts.emergency.for }} labels: severity: critical {{- end }} diff --git a/charts/falco-exporter/templates/servicemonitor.yaml b/charts/falco-exporter/templates/servicemonitor.yaml index f74de4fd25..1856b47747 100644 --- a/charts/falco-exporter/templates/servicemonitor.yaml +++ b/charts/falco-exporter/templates/servicemonitor.yaml @@ -18,6 +18,9 @@ spec: {{- if .Values.serviceMonitor.scrapeTimeout }} scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }} {{- end }} + {{- with .Values.serviceMonitor.additionalProperties }} + {{- toYaml . | nindent 4 }} + {{- end }} selector: matchLabels: {{- include "falco-exporter.selectorLabels" . | nindent 6 }} diff --git a/charts/falco-exporter/values.yaml b/charts/falco-exporter/values.yaml index b43128e181..3c6d12fb12 100644 --- a/charts/falco-exporter/values.yaml +++ b/charts/falco-exporter/values.yaml @@ -2,92 +2,121 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# -- service exposes the exporter service to be accessed from within the cluster. service: + # -- type denotes the service type. Setting it to "ClusterIP" we ensure that are accessible + # from within the cluster. type: ClusterIP + # -- clusterIP set to none. It's headless service. clusterIP: None + # -- port is the port on which the Service will listen. port: 9376 + # -- targetPort is the port on which the Pod is listening. targetPort: 9376 - nodePort: + # -- labels set of labels to be applied to the service. labels: {} + # -- annotations set of annotations to be applied to the service. annotations: prometheus.io/scrape: "true" prometheus.io/port: "9376" - # Enable Mutual TLS for HTTP metrics server + # -- mTLS mutual TLS for HTTP metrics server. mTLS: + # -- enabled specifies whether the mTLS should be enabled. enabled: false +# -- healthChecks contains the configuration for liveness and readiness probes. healthChecks: + # -- livenessProbe is a diagnostic mechanism used to determine weather a container within a Pod is still running and healthy. livenessProbe: - # liveness probes port + # -- probesPort is liveness probes port. probesPort: 19376 - # -- Tells the kubelet that it should wait X seconds before performing the first probe. + # -- initialDelaySeconds tells the kubelet that it should wait X seconds before performing the first probe. initialDelaySeconds: 60 - # -- Number of seconds after which the probe times out. + # -- timeoutSeconds number of seconds after which the probe times out. timeoutSeconds: 5 - # -- Specifies that the kubelet should perform the check every x seconds. + # -- periodSeconds specifies the interval at which the liveness probe will be repeated. periodSeconds: 15 + # -- readinessProbe is a mechanism used to determine whether a container within a Pod is ready to serve traffic. readinessProbe: - # readiness probes port + # probesPort is readiness probes port probesPort: 19376 - # -- Tells the kubelet that it should wait X seconds before performing the first probe. + # -- initialDelaySeconds tells the kubelet that it should wait X seconds before performing the first probe. initialDelaySeconds: 30 - # -- Number of seconds after which the probe times out. + # -- timeoutSeconds is the number of seconds after which the probe times out. timeoutSeconds: 5 - # -- Specifies that the kubelet should perform the check every x seconds. + # -- periodSeconds specifies the interval at which the readiness probe will be repeated. periodSeconds: 15 +# -- image is the configuration for the exporter image. image: + # -- registry is the image registry to pull from. registry: docker.io + # -- repository is the image repository to pull from. repository: falcosecurity/falco-exporter - tag: 0.8.3 + # -- tag is image tag to pull. + tag: "0.8.3" + # -- pullPolicy is the policy used to determine when a node should attempt to pull the container image. pullPolicy: IfNotPresent +# -- pullSecrets a list of secrets containing credentials used when pulling from private/secure registries. imagePullSecrets: [] +# -- nameOverride is the new name used to override the release name used for exporter's components. nameOverride: "" +# -- fullNameOverride same as nameOverride but for the full name. fullnameOverride: "" -priorityClassName: +# -- priorityClassName specifies the name of the PriorityClass for the pods. +priorityClassName: "" +# -- falco the configuration to connect falco. falco: + # -- grpcUnixSocketPath path to the falco's grpc unix socket. grpcUnixSocketPath: "unix:///run/falco/falco.sock" + # -- grpcTimeout timout value for grpc connection. grpcTimeout: 2m +# -- serviceAccount is the configuration for the service account. serviceAccount: - # Specifies whether a service account should be created + # create specifies whether a service account should be created. create: true - # Annotations to add to the service account + # annotations to add to the service account annotations: {} - # The name of the service account to use. + # -- name is the name of the service account to use. # If not set and create is true, a name is generated using the fullname template. # If set and create is false, an already existing serviceAccount must be provided. - name: + name: "" +# -- podSecurityPolicy holds the security policy settings for the pod. podSecurityPolicy: - # Specifies whether a PSP, Role and RoleBinding should be created + # -- create specifies whether a PSP, Role and RoleBinding should be created create: false - # Annotations to add to the PSP, Role and RoleBinding + # -- annotations to add to the PSP, Role and RoleBinding annotations: {} - # The name of the PSP, Role and RoleBinding to use. + # -- name of the PSP, Role and RoleBinding to use. # If not set and create is true, a name is generated using the fullname template - name: + name: "" +# -- podSecurityPolicy holds the security policy settings for the pod. podSecurityContext: {} # fsGroup: 2000 +# -- daemonset holds the configuration for the daemonset. daemonset: - # Perform rolling updates by default in the DaemonSet agent + # updateStrategy perform rolling updates by default in the DaemonSet agent # ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ updateStrategy: - # You can also customize maxUnavailable or minReadySeconds if you - # need it + # type of the strategy. Can also customize maxUnavailable or minReadySeconds based on your needs. type: RollingUpdate - # Annotations to add to the DaemonSet pods + # -- annotations to add to the DaemonSet pods. annotations: {} + # -- podLabels labels to add to the pods. podLabels: {} +# -- securityContext holds the security context for the daemonset. securityContext: + # -- capabilities to be assigned to the daemonset. capabilities: drop: - ALL @@ -97,6 +126,8 @@ securityContext: seccompProfile: type: RuntimeDefault + +# -- resources defines the computing resources (CPU and memory) that are allocated to the containers running within the Pod. resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -110,56 +141,82 @@ resources: # cpu: 100m # memory: 128Mi +# -- nodeSelector specifies a set of key-value pairs that must match labels assigned to nodes +# for the Pod to be eligible for scheduling on that node nodeSelector: {} -# Allow falco-exporter to run on Kubernetes 1.6 masters. +# -- tolerations are applied to pods and allow them to be scheduled on nodes with matching taints. tolerations: - effect: NoSchedule key: node-role.kubernetes.io/master + - effect: NoSchedule + key: node-role.kubernetes.io/control-plane +# -- affinity allows pod placement based on node characteristics, or any other custom labels assigned to nodes. affinity: {} + +# -- serviceMonitor holds the configuration for the ServiceMonitor CRD. +# A ServiceMonitor is a custom resource definition (CRD) used to configure how Prometheus should +# discover and scrape metrics from the exporter service. serviceMonitor: - # Enable the deployment of a Service Monitor for the Prometheus Operator. + # -- enable the deployment of a Service Monitor for the Prometheus Operator. enabled: false - # Specify Additional labels to be added on the Service Monitor. + # -- additionalLabels specifies labels to be added on the Service Monitor. additionalLabels: {} - # Specify a user defined interval. When not specified Prometheus default interval is used. + # -- interval specifies the time interval at which Prometheus should scrape metrics from the service. interval: "" - # Specify a user defined scrape timeout. When not specified Prometheus default scrape timeout is used. + # -- scrapeTimeout determines the maximum time Prometheus should wait for a target to respond to a scrape request. + # If the target does not respond within the specified timeout, Prometheus considers the scrape as failed for + # that target. scrapeTimeout: "" - + # -- aditionalProperties allows setting additional properties on the endpoint such as relabelings, metricRelabelings etc. + additionalProperties: {} +# -- grafanaDashboard contains the configuration related to grafana dashboards. grafanaDashboard: + # -- enabled specifies whether the dashboard should be deployed. enabled: false - folder: + # -- folder creates and set folderAnnotation to specify where the dashboard is stored in grafana. + folder: "" + # -- folderAnnotation sets the annotation's name used by folderAnnotation in grafana's helm-chart. + folderAnnotation: "grafana_dashboard_folder" + # -- namespace specifies the namespace for the configmap. namespace: default + # -- prometheusDatasourceName name of the data source. prometheusDatasourceName: Prometheus + scc: # true here enabled creation of Security Context Constraints in Openshift create: true -# Create PrometheusRules for alerting on priority events +# prometheusRules holds the configuration for alerting on priority events. prometheusRules: + # -- enabled specifies whether the prometheus rules should be deployed. enabled: false alerts: warning: enabled: true rate_interval: "5m" threshold: 0 + for: "15m" error: enabled: true rate_interval: "5m" threshold: 0 + for: "15m" critical: enabled: true rate_interval: "5m" threshold: 0 + for: "15m" alert: enabled: true rate_interval: "5m" threshold: 0 + for: "5m" emergency: enabled: true rate_interval: "1m" threshold: 0 + for: "1m" additionalAlerts: {}