Merge pull request #316 from CrowdStrike/gpontejos/1.2.0-rc-resources

feat: update resource requests/limits, docs, and ignore release candidates

Author: gpontejos

artifacthub-repo.yml

@@ -2,3 +2,6 @@ repositoryID: 4bf7aa02-416b-4035-bdb6-246dc968d559
 owners:
   - name: CrowdStrike Solutions Architecture
     email: integrations@crowdstrike.com
+ignore:
+  - name: falcon-kac
+    version: .*rc.*

helm-charts/falcon-kac/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.2.0-rc.1
+version: 1.2.0-rc.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

helm-charts/falcon-kac/README.md

@@ -20,6 +20,13 @@ The Falcon Kubernetes Admission Controller has been deployed and tested on these
 - Microsoft Azure Kubernetes Service (AKS)
 - Red Hat OpenShift Container Platform 4.6 and later
 
+## Helm Chart Support for Falcon Admission Controller Versions
+
+| Helm chart Version      | Falcon Admission Controller Version            |
+|:------------------------|:-----------------------------------------------|
+| `< 1.2.x`              | `< 7.20.x`                                     |
+| `>= 1.2.x`              | `>= 7.20.x`                                    |
+
 Depending on your network environment, you might need to allow TLS traffic on port 443 between your network and our cloud's network addresses:
 
 | CrowdStrike cloud | Network address                                                          |
@@ -163,14 +170,17 @@ When a new container image is available, you can update your Falcon KAC by passi
 
 The following tables lists the Falcon KAC  configurable parameters and their default values.
 
-| Parameter                   | Description                                           | Default               |
-|:----------------------------|:------------------------------------------------------|:----------------------|
-| `falcon.cid`                | CrowdStrike Customer ID (CID)                         | None       (Required) |
-| `falcon.apd`                | App Proxy Disable (APD)                               | None                  |
-| `falcon.aph`                | App Proxy Hostname (APH)                              | None                  |
-| `falcon.app`                | App Proxy Port (APP)                                  | None                  |
-| `falcon.trace`              | Set trace level. (`none`,`err`,`warn`,`info`,`debug`) | `none`                |
-| `falcon.feature`            | Sensor Feature options                                | None                  |
-| `falcon.billing`            | Utilize default or metered billing                    | None                  |
-| `falcon.tags`               | Comma separated list of tags for sensor grouping      | None                  |
-| `falcon.provisioning_token` | Provisioning token value                              | None                  |
+| Parameter                                      | Description                                           | Default               |
+|:-----------------------------------------------|:------------------------------------------------------|:----------------------|
+| `falcon.cid`                                   | CrowdStrike Customer ID (CID)                         | None       (Required) |
+| `falcon.apd`                                   | App Proxy Disable (APD)                               | None                  |
+| `falcon.aph`                                   | App Proxy Hostname (APH)                              | None                  |
+| `falcon.app`                                   | App Proxy Port (APP)                                  | None                  |
+| `falcon.trace`                                 | Set trace level. (`none`,`err`,`warn`,`info`,`debug`) | `none`                |
+| `falcon.feature`                               | Sensor Feature options                                | None                  |
+| `falcon.billing`                               | Utilize default or metered billing                    | None                  |
+| `falcon.tags`                                  | Comma separated list of tags for sensor grouping      | None                  |
+| `falcon.provisioning_token`                    | Provisioning token value                              | None                  |
+| `clusterVisibility.resourceSnapshots.enabled`  | Enable cluster snapshots                              | `true`                |
+| `clusterVisibility.resourceSnapshots.interval` | Interval between cluster snapshots                    | `22h`                 |
+| `clusterVisibility.resourceWatcher.enabled`    | Enable Cluster Visbility                              | `true`                |

helm-charts/falcon-kac/templates/_helpers.tpl

@@ -92,3 +92,33 @@ On Openshift lookup namespaces and print namespaces with prefix openshift
 {{- end -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Create Watcher container environment variables
+*/}}
+{{- define "falcon-kac.generateWatcherEnvVars" -}}
+{{- $snapshotsEnabled := true -}}
+{{- $snapshotInterval := "22h" -}}
+{{- $watcherEnabled := true -}}
+{{- if .Values.clusterVisibility -}}
+{{- if .Values.clusterVisibility.resourceSnapshots -}}
+  {{- if ne .Values.clusterVisibility.resourceSnapshots.enabled nil -}}
+  {{ $snapshotsEnabled = .Values.clusterVisibility.resourceSnapshots.enabled -}}
+  {{- end -}}
+  {{- if .Values.clusterVisibility.resourceSnapshots.interval -}}
+  {{ $snapshotInterval = .Values.clusterVisibility.resourceSnapshots.interval -}}
+  {{- end -}}
+{{- end -}}
+{{- if .Values.clusterVisibility.resourceWatcher -}}
+  {{- if ne .Values.clusterVisibility.resourceWatcher.enabled nil -}}
+  {{ $watcherEnabled = .Values.clusterVisibility.resourceWatcher.enabled -}}
+  {{- end -}}
+{{- end -}}
+{{- end -}}
+- name: __CS_SNAPSHOTS_ENABLED
+  value: {{ $snapshotsEnabled | toString | quote }}
+- name: __CS_SNAPSHOT_INTERVAL
+  value: {{ $snapshotInterval | toString | quote }}
+- name: __CS_WATCH_EVENTS_ENABLED
+  value: {{ $watcherEnabled | toString | quote }}
+{{- end -}}

helm-charts/falcon-kac/templates/deployment_webhook.yaml

@@ -187,18 +187,7 @@ spec:
             fieldRef:
               apiVersion: v1
               fieldPath: spec.nodeName
-        {{ if not .Values.clusterVisibility.resourceSnapshots.enabled -}}
-        - name: __CS_SNAPSHOTS_ENABLED
-          value: "false"
-        {{- end }}
-        {{ if .Values.clusterVisibility.resourceSnapshots.interval -}}
-        - name: __CS_SNAPSHOT_INTERVAL
-          value: {{ .Values.clusterVisibility.resourceSnapshots.interval }}
-        {{- end }}
-        {{- if not .Values.clusterVisibility.resourceWatcher.enabled -}}
-        - name: __CS_WATCH_EVENTS_ENABLED
-          value: "false"
-        {{- end }}
+        {{- include "falcon-kac.generateWatcherEnvVars" . | nindent 8 }}
         envFrom:
         - configMapRef:
             name: {{ include "falcon-kac.fullname" . }}-config

helm-charts/falcon-kac/values.yaml

@@ -114,26 +114,26 @@ affinity:
 falconClientResources:
   limits:
     cpu: 750m
-    memory: 256Mi
+    memory: 384Mi
   requests:
     cpu: 500m
-    memory: 256Mi
+    memory: 384Mi
 
 falconWatcherResources:
   limits:
     cpu: 750m
-    memory: 256Mi
+    memory: 384Mi
   requests:
     cpu: 500m
-    memory: 256Mi
+    memory: 384Mi
 
 falconAcResources:
   limits:
     cpu: 300m
-    memory: 512Mi
+    memory: 256Mi
   requests:
     cpu: 300m
-    memory: 512Mi
+    memory: 256Mi
 
 # Update Webhook and roll out new Deployment on helm upgrade
 autoDeploymentUpdate: true