diff --git a/charts/crowdsec/README.md b/charts/crowdsec/README.md index 58ae0c2..9642741 100644 --- a/charts/crowdsec/README.md +++ b/charts/crowdsec/README.md @@ -7,6 +7,8 @@ Crowdsec helm chart is an open-source, lightweight agent to detect and respond t - [crowdsec](#crowdsec) - [Chart Repository](#chart-repository) - [Installing the Chart](#installing-the-chart) + - [Supplying Custom Parser, Scenario, and Postoverflow Files](#supplying-custom-parser-scenario-and-postoverflow-files) + - [Supplying Custom AppSec Config and Rule Files](#supplying-custom-appsec-config-and-rule-files) - [Uninstalling the Chart](#uninstalling-the-chart) - [Authentication](#authentication) - [Auto registration token](#auto-registration-token) @@ -48,6 +50,139 @@ kubectl create ns crowdsec helm install crowdsec crowdsec/crowdsec -f crowdsec-values.yaml -n crowdsec ``` +## Supplying Custom Parser, Scenario, and Postoverflow Files + +The chart already supports passing custom parsers, scenarios, and postoverflows as raw file content through values. This works with both local and remote charts. + +Helm templates cannot read arbitrary files from the client machine during rendering. In practice, that means a remote chart cannot use `.Files` or `.Files.Glob` to read files that only exist on the user's workstation. The supported workflow is to inject the file contents into values and let the chart write them into ConfigMaps unchanged. + +You can split your configuration across multiple values files: + +```sh +helm upgrade --install crowdsec crowdsec/crowdsec \ + -n crowdsec \ + -f crowdsec-values.yaml \ + -f parsers.yaml \ + -f scenarios.yaml \ + -f postoverflows.yaml +``` + +Example values files: + +```yaml +# parsers.yaml +config: + parsers: + s01-parse: + my-parser.yaml: | + name: my/parser + filter: "evt.Meta.log_type == 'my-type'" + onsuccess: next_stage +``` + +```yaml +# scenarios.yaml +config: + scenarios: + my-scenario.yaml: | + type: trigger + name: my/scenario + filter: "evt.Meta.log_type == 'my-type'" + groupby: evt.Meta.source_ip +``` + +```yaml +# postoverflows.yaml +config: + postoverflows: + s01-whitelist: + my-whitelist.yaml: | + name: my/whitelist + whitelist: + reason: "trusted source" + expression: + - evt.Parsed.remote_addr == '127.0.0.1' +``` + +If you prefer to keep each object in its own local file, use `--set-file`. Helm will read the local file and assign its content to the matching value key as a string: + +```sh +helm upgrade --install crowdsec crowdsec/crowdsec \ + -n crowdsec \ + -f crowdsec-values.yaml \ + --set-file config.parsers.s01-parse.my-parser\.yaml=./my-parser.yaml \ + --set-file config.scenarios.my-scenario\.yaml=./my-scenario.yaml \ + --set-file config.postoverflows.s01-whitelist.my-whitelist\.yaml=./my-whitelist.yaml +``` + +This content is emitted into the generated ConfigMaps as-is, so the YAML files stay untouched by the chart logic. +Filenames without a `.yaml` or `.yml` suffix are also accepted. If the key contains dots, escape them in `--set`/`--set-file`. + +## Supplying Custom AppSec Config and Rule Files + +The chart supports passing custom AppSec configuration and rule files as raw file content through values. This works with both local and remote charts, using the same approach as custom parsers, scenarios, and postoverflows. + +AppSec configs are mounted at `/etc/crowdsec/appsec-configs/` and rules at `/etc/crowdsec/appsec-rules/` inside the AppSec pod. + +You can split your AppSec configuration across multiple values files: + +```sh +helm upgrade --install crowdsec crowdsec/crowdsec \ + -n crowdsec \ + -f crowdsec-values.yaml \ + -f appsec-configs.yaml \ + -f appsec-rules.yaml +``` + +Example values files: + +```yaml +# appsec-configs.yaml +appsec: + configs: + my-appsec-config.yaml: | + name: my/appsec-config + default_remediation: ban + inband_rules: + - crowdsecurity/base-config + - crowdsecurity/vpatch-* +``` + +```yaml +# appsec-rules.yaml +appsec: + rules: + my-appsec-rule.yaml: | + name: my/appsec-rule + description: "Detect example pattern" + rules: + - zones: + - URI + transform: + - lowercase + match: + type: contains + value: this-is-a-test + labels: + type: exploit + service: http + behavior: "http:exploit" + confidence: 3 + spoofable: 0 +``` + +If you prefer to keep each file on disk and inject it, use `--set-file`. Helm reads the local file and assigns its content to the matching value key: + +```sh +helm upgrade --install crowdsec crowdsec/crowdsec \ + -n crowdsec \ + -f crowdsec-values.yaml \ + --set-file appsec.configs.my-appsec-config\.yaml=./my-appsec-config.yaml \ + --set-file appsec.rules.my-appsec-rule\.yaml=./my-appsec-rule.yaml +``` + +This content is emitted into the generated ConfigMaps as-is. Filenames without a `.yaml` or `.yml` suffix are also accepted. If the key contains dots, escape them in `--set`/`--set-file`. + ## Uninstalling the Chart ```sh diff --git a/charts/crowdsec/README.md.gotmpl b/charts/crowdsec/README.md.gotmpl index 4b8ca22..38e15c1 100644 --- a/charts/crowdsec/README.md.gotmpl +++ b/charts/crowdsec/README.md.gotmpl @@ -7,6 +7,8 @@ - [Chart Repository](#chart-repository) - [Installing the Chart](#installing-the-chart) +- [Supplying Custom Parser, Scenario, and Postoverflow Files](#supplying-custom-parser-scenario-and-postoverflow-files) +- [Supplying Custom AppSec Config and Rule Files](#supplying-custom-appsec-config-and-rule-files) - [Uninstalling the Chart](#uninstalling-the-chart) - [Authentication](#authentication) - [Auto registration token](#auto-registration-token) @@ -42,6 +44,143 @@ kubectl create ns crowdsec helm install crowdsec crowdsec/crowdsec -f crowdsec-values.yaml -n crowdsec ``` +## Supplying Custom Parser, Scenario, and Postoverflow Files + +The chart already supports passing custom parsers, scenarios, and postoverflows as raw file content through values. This works with both local and remote charts. + +Helm templates cannot read arbitrary files from the client machine during rendering. In practice, that means a remote chart cannot use `.Files` or `.Files.Glob` to read files that only exist on the user's workstation. The supported workflow is to inject the file contents into values and let the chart write them into ConfigMaps unchanged. + +You can split your configuration across multiple values files: + +```sh +helm upgrade --install crowdsec crowdsec/crowdsec \ + -n crowdsec \ + -f crowdsec-values.yaml \ + -f parsers.yaml \ + -f scenarios.yaml \ + -f postoverflows.yaml +``` + +Example values files: + +```yaml +# parsers.yaml +config: + parsers: + s01-parse: + my-parser.yaml: | + name: my/parser + filter: "evt.Meta.log_type == 'my-type'" + onsuccess: next_stage +``` + +```yaml +# scenarios.yaml +config: + scenarios: + my-scenario.yaml: | + type: trigger + name: my/scenario + filter: "evt.Meta.log_type == 'my-type'" + groupby: evt.Meta.source_ip +``` + +```yaml +# postoverflows.yaml +config: + postoverflows: + s01-whitelist: + my-whitelist.yaml: | + name: my/whitelist + whitelist: + reason: "trusted source" + expression: + - evt.Parsed.remote_addr == '127.0.0.1' +``` + +If you prefer to keep each object in its own local file, use `--set-file`. Helm will read the local file and assign its content to the matching value key as a string: + +```sh +helm upgrade --install crowdsec crowdsec/crowdsec \ + -n crowdsec \ + -f crowdsec-values.yaml \ + --set-file config.parsers.s01-parse.my-parser\.yaml=./my-parser.yaml \ + --set-file config.scenarios.my-scenario\.yaml=./my-scenario.yaml \ + --set-file config.postoverflows.s01-whitelist.my-whitelist\.yaml=./my-whitelist.yaml +``` + +This content is emitted into the generated ConfigMaps as-is, so the YAML files stay untouched by the chart logic. +Filenames without a `.yaml` or `.yml` suffix are also accepted. If the key contains dots, escape them in `--set`/`--set-file`. + +Be aware that the in the preceding command the file extension has to be escaped. +Without escaping helm would understand this dot as a new level in the +configuration. + +## Supplying Custom AppSec Config and Rule Files + +The chart supports passing custom AppSec configuration and rule files as raw file content through values. This works with both local and remote charts, using the same approach as custom parsers, scenarios, and postoverflows. + +AppSec configs are mounted at `/etc/crowdsec/appsec-configs/` and rules at `/etc/crowdsec/appsec-rules/` inside the AppSec pod. + +You can split your AppSec configuration across multiple values files: + +```sh +helm upgrade --install crowdsec crowdsec/crowdsec \ + -n crowdsec \ + -f crowdsec-values.yaml \ + -f appsec-configs.yaml \ + -f appsec-rules.yaml +``` + +Example values files: + +```yaml +# appsec-configs.yaml +appsec: + configs: + my-appsec-config.yaml: | + name: my/appsec-config + default_remediation: ban + inband_rules: + - crowdsecurity/base-config + - crowdsecurity/vpatch-* +``` + +```yaml +# appsec-rules.yaml +appsec: + rules: + my-appsec-rule.yaml: | + name: my/appsec-rule + description: "Detect example pattern" + rules: + - zones: + - URI + transform: + - lowercase + match: + type: contains + value: this-is-a-test + labels: + type: exploit + service: http + behavior: "http:exploit" + confidence: 3 + spoofable: 0 +``` + +If you prefer to keep each file on disk and inject it, use `--set-file`. Helm reads the local file and assigns its content to the matching value key: + +```sh +helm upgrade --install crowdsec crowdsec/crowdsec \ + -n crowdsec \ + -f crowdsec-values.yaml \ + --set-file appsec.configs.my-appsec-config\.yaml=./my-appsec-config.yaml \ + --set-file appsec.rules.my-appsec-rule\.yaml=./my-appsec-rule.yaml +``` + +This content is emitted into the generated ConfigMaps as-is. Filenames without a `.yaml` or `.yml` suffix are also accepted. If the key contains dots, escape them in `--set`/`--set-file`. + ## Uninstalling the Chart ```sh diff --git a/charts/crowdsec/templates/_helpers.tpl b/charts/crowdsec/templates/_helpers.tpl index 64fd9e4..0d4ce9a 100644 --- a/charts/crowdsec/templates/_helpers.tpl +++ b/charts/crowdsec/templates/_helpers.tpl @@ -63,6 +63,24 @@ true {{- end -}} {{- end -}} +{{/* + Kubernetes-safe name for custom file-backed volumes. +*/}} +{{- define "crowdsec.volumeName" -}} +{{- $trimmed := regexReplaceAll "\\.(yaml|yml)$" . "" -}} +{{- $sanitized := regexReplaceAll "[^a-z0-9-]+" (lower $trimmed) "-" -}} +{{- $sanitized | trimAll "-" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* + appsec postoverflows parameters check +*/}} +{{ define "appsecPostoverflowsIsNotEmpty" }} +{{- if or (index .Values.appsec.postoverflows "s00-enrich") (index .Values.appsec.postoverflows "s01-whitelist") }} +true +{{- end -}} +{{- end -}} + {{/* lapi custom config check */}} diff --git a/charts/crowdsec/templates/agent-daemonSet.yaml b/charts/crowdsec/templates/agent-daemonSet.yaml index 3c1cb2c..a0998b4 100644 --- a/charts/crowdsec/templates/agent-daemonSet.yaml +++ b/charts/crowdsec/templates/agent-daemonSet.yaml @@ -197,7 +197,7 @@ spec: {{- range $stage, $stageConfig := .Values.config.parsers -}} {{- if $stageConfig -}} {{ range $fileName, $content := $stageConfig -}} - - name: {{ printf "crowdsec-parsers-%s-%s" $stage (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-parsers-%s-%s" $stage $fileName) }} mountPath: {{ printf "%s/parsers/%s/%s" $crowdsecConfig $stage $fileName }} subPath: {{ $fileName }} {{ end }} @@ -206,7 +206,7 @@ spec: {{- end }} {{- if .Values.config.scenarios -}} {{ range $fileName, $content := .Values.config.scenarios -}} - - name: {{ printf "crowdsec-scenarios-%s" (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-scenarios-%s" $fileName) }} mountPath: {{ printf "%s/scenarios/%s" $crowdsecConfig $fileName }} subPath: {{ $fileName }} {{ end }} @@ -215,7 +215,7 @@ spec: {{- range $stage, $stageConfig := .Values.config.postoverflows -}} {{- if $stageConfig -}} {{ range $fileName, $content := $stageConfig -}} - - name: {{ printf "crowdsec-postoverflows-%s-%s" $stage (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-postoverflows-%s-%s" $stage $fileName) }} mountPath: {{ printf "%s/postoverflows/%s/%s" $crowdsecConfig $stage $fileName }} subPath: {{ $fileName }} {{ end }} @@ -275,7 +275,7 @@ spec: {{- range $stage, $stageConfig := .Values.config.parsers -}} {{- if $stageConfig -}} {{ range $fileName, $content := $stageConfig -}} - - name: {{ printf "crowdsec-parsers-%s-%s" $stage (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-parsers-%s-%s" $stage $fileName) }} configMap: name: {{ printf "crowdsec-parsers-%s" $stage }} items: @@ -287,7 +287,7 @@ spec: {{- end }} {{- if .Values.config.scenarios -}} {{ range $fileName, $content := .Values.config.scenarios -}} - - name: {{ printf "crowdsec-scenarios-%s" (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-scenarios-%s" $fileName) }} configMap: name: "crowdsec-scenarios" items: @@ -299,7 +299,7 @@ spec: {{- range $stage, $stageConfig := .Values.config.postoverflows -}} {{- if $stageConfig -}} {{ range $fileName, $content := $stageConfig -}} - - name: {{ printf "crowdsec-postoverflows-%s-%s" $stage (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-postoverflows-%s-%s" $stage $fileName) }} configMap: name: {{ printf "crowdsec-postoverflows-%s" $stage }} items: diff --git a/charts/crowdsec/templates/agent-deployment.yaml b/charts/crowdsec/templates/agent-deployment.yaml index f44e272..6e820e6 100644 --- a/charts/crowdsec/templates/agent-deployment.yaml +++ b/charts/crowdsec/templates/agent-deployment.yaml @@ -201,7 +201,7 @@ spec: {{- range $stage, $stageConfig := .Values.config.parsers -}} {{- if $stageConfig -}} {{ range $fileName, $content := $stageConfig -}} - - name: {{ printf "crowdsec-parsers-%s-%s" $stage (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-parsers-%s-%s" $stage $fileName) }} mountPath: {{ printf "%s/parsers/%s/%s" $crowdsecConfig $stage $fileName }} subPath: {{ $fileName }} {{ end }} @@ -210,7 +210,7 @@ spec: {{- end }} {{- if .Values.config.scenarios -}} {{ range $fileName, $content := .Values.config.scenarios -}} - - name: {{ printf "crowdsec-scenarios-%s" (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-scenarios-%s" $fileName) }} mountPath: {{ printf "%s/scenarios/%s" $crowdsecConfig $fileName }} subPath: {{ $fileName }} {{ end }} @@ -219,7 +219,7 @@ spec: {{- range $stage, $stageConfig := .Values.config.postoverflows -}} {{- if $stageConfig -}} {{ range $fileName, $content := $stageConfig -}} - - name: {{ printf "crowdsec-postoverflows-%s-%s" $stage (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-postoverflows-%s-%s" $stage $fileName) }} mountPath: {{ printf "%s/postoverflows/%s/%s" $crowdsecConfig $stage $fileName }} subPath: {{ $fileName }} {{ end }} @@ -279,7 +279,7 @@ spec: {{- range $stage, $stageConfig := .Values.config.parsers -}} {{- if $stageConfig -}} {{ range $fileName, $content := $stageConfig -}} - - name: {{ printf "crowdsec-parsers-%s-%s" $stage (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-parsers-%s-%s" $stage $fileName) }} configMap: name: {{ printf "crowdsec-parsers-%s" $stage }} items: @@ -291,7 +291,7 @@ spec: {{- end }} {{- if .Values.config.scenarios -}} {{ range $fileName, $content := .Values.config.scenarios -}} - - name: {{ printf "crowdsec-scenarios-%s" (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-scenarios-%s" $fileName) }} configMap: name: "crowdsec-scenarios" items: @@ -303,7 +303,7 @@ spec: {{- range $stage, $stageConfig := .Values.config.postoverflows -}} {{- if $stageConfig -}} {{ range $fileName, $content := $stageConfig -}} - - name: {{ printf "crowdsec-postoverflows-%s-%s" $stage (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-postoverflows-%s-%s" $stage $fileName) }} configMap: name: {{ printf "crowdsec-postoverflows-%s" $stage }} items: diff --git a/charts/crowdsec/templates/appsec-configmap.yaml b/charts/crowdsec/templates/appsec-configmap.yaml index 711df25..3fe17c9 100644 --- a/charts/crowdsec/templates/appsec-configmap.yaml +++ b/charts/crowdsec/templates/appsec-configmap.yaml @@ -11,6 +11,37 @@ data: {{. | toYaml | nindent 4}} {{- end }} +--- +{{- if .Values.appsec.scenarios }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: "crowdsec-appsec-scenarios" +data: +{{ range $fileName, $content := .Values.appsec.scenarios -}} + {{ printf "%s: |" $fileName | indent 2 }} +{{ $content | indent 4 }} +{{ end }} +{{- end }} + +--- +{{ if (include "appsecPostoverflowsIsNotEmpty" .) }} +{{- range $stage, $stageConfig := .Values.appsec.postoverflows -}} +{{- if $stageConfig -}} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "crowdsec-appsec-postoverflows-%s" $stage }} +data: +{{ range $fileName, $content := $stageConfig -}} + {{ printf "%s: |" $fileName | indent 2 }} +{{ $content | indent 4 }} +{{ end }} +--- +{{- end }} +{{ end }} +{{ end -}} + --- {{- if .Values.appsec.configs }} apiVersion: v1 diff --git a/charts/crowdsec/templates/appsec-deployment.yaml b/charts/crowdsec/templates/appsec-deployment.yaml index 3c912ff..1af7b0e 100644 --- a/charts/crowdsec/templates/appsec-deployment.yaml +++ b/charts/crowdsec/templates/appsec-deployment.yaml @@ -190,18 +190,36 @@ spec: subPath: acquis.yaml {{- if .Values.appsec.configs -}} {{- range $fileName, $content := .Values.appsec.configs }} - - name: {{ printf "crowdsec-appsec-configs-%s" (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-appsec-configs-%s" $fileName) }} mountPath: {{ printf "/etc/crowdsec/appsec-configs/%s" $fileName }} subPath: {{ $fileName }} {{- end }} {{- end }} {{- if .Values.appsec.rules -}} {{- range $fileName, $content := .Values.appsec.rules }} - - name: {{ printf "crowdsec-appsec-rules-%s" (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-appsec-rules-%s" $fileName) }} mountPath: {{ printf "/etc/crowdsec/appsec-rules/%s" $fileName }} subPath: {{ $fileName }} {{- end }} {{- end }} + {{- if .Values.appsec.scenarios -}} + {{- range $fileName, $content := .Values.appsec.scenarios }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-appsec-scenarios-%s" $fileName) }} + mountPath: {{ printf "/etc/crowdsec/scenarios/%s" $fileName }} + subPath: {{ $fileName }} + {{- end }} + {{- end }} + {{- if (include "appsecPostoverflowsIsNotEmpty" .) }} + {{- range $stage, $stageConfig := .Values.appsec.postoverflows -}} + {{- if $stageConfig -}} + {{- range $fileName, $content := $stageConfig }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-appsec-postoverflows-%s-%s" $stage $fileName) }} + mountPath: {{ printf "/etc/crowdsec/postoverflows/%s/%s" $stage $fileName }} + subPath: {{ $fileName }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} {{- if .Values.tls.enabled }} - name: crowdsec-appsec-client-tls mountPath: /etc/ssl/crowdsec-appsec-client @@ -227,7 +245,7 @@ spec: emptyDir: {} {{- if .Values.appsec.configs -}} {{- range $fileName, $content := .Values.appsec.configs }} - - name: {{ printf "crowdsec-appsec-configs-%s" (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-appsec-configs-%s" $fileName) }} configMap: name: "crowdsec-appsec-configs" items: @@ -237,7 +255,7 @@ spec: {{- end }} {{- if .Values.appsec.rules -}} {{- range $fileName, $content := .Values.appsec.rules }} - - name: {{ printf "crowdsec-appsec-rules-%s" (trimSuffix ".yaml" $fileName) }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-appsec-rules-%s" $fileName) }} configMap: name: "crowdsec-appsec-rules" items: @@ -245,6 +263,30 @@ spec: path: {{ $fileName }} {{- end }} {{- end }} + {{- if .Values.appsec.scenarios -}} + {{- range $fileName, $content := .Values.appsec.scenarios }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-appsec-scenarios-%s" $fileName) }} + configMap: + name: "crowdsec-appsec-scenarios" + items: + - key: {{ $fileName }} + path: {{ $fileName }} + {{- end }} + {{- end }} + {{- if (include "appsecPostoverflowsIsNotEmpty" .) }} + {{- range $stage, $stageConfig := .Values.appsec.postoverflows -}} + {{- if $stageConfig -}} + {{- range $fileName, $content := $stageConfig }} + - name: {{ include "crowdsec.volumeName" (printf "crowdsec-appsec-postoverflows-%s-%s" $stage $fileName) }} + configMap: + name: {{ printf "crowdsec-appsec-postoverflows-%s" $stage }} + items: + - key: {{ $fileName }} + path: {{ $fileName }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} {{ if index .Values.config "appsec_config.yaml.local" }} - name: crowdsec-appsec-config-local-volume configMap: diff --git a/charts/crowdsec/values.schema.json b/charts/crowdsec/values.schema.json index 1baa664..84f83e7 100644 --- a/charts/crowdsec/values.schema.json +++ b/charts/crowdsec/values.schema.json @@ -217,20 +217,50 @@ }, "title": "Config" }, + "StringFileMap": { + "type": "object", + "patternProperties": { + "^.*$": { + "type": "string" + } + }, + "additionalProperties": false + }, "Notifications": { "type": "object", "title": "Notifications" }, "Parsers": { "type": "object", + "properties": { + "s00-raw": { + "$ref": "#/definitions/StringFileMap" + }, + "s01-parse": { + "$ref": "#/definitions/StringFileMap" + }, + "s02-enrich": { + "$ref": "#/definitions/StringFileMap" + } + }, + "additionalProperties": false, "title": "Parsers" }, "Postoverflows": { "type": "object", + "properties": { + "s00-enrich": { + "$ref": "#/definitions/StringFileMap" + }, + "s01-whitelist": { + "$ref": "#/definitions/StringFileMap" + } + }, + "additionalProperties": false, "title": "Postoverflows" }, "Scenarios": { - "type": "object", + "$ref": "#/definitions/StringFileMap", "title": "Scenarios" }, "Labels": { diff --git a/charts/crowdsec/values.yaml b/charts/crowdsec/values.yaml index 7e2c466..8f8ec38 100644 --- a/charts/crowdsec/values.yaml +++ b/charts/crowdsec/values.yaml @@ -44,6 +44,8 @@ podLabels: {} # Each config needs to be a multi-line using '|' in YAML specs # for the agent those configs will be loaded : parsers, scenarios, postoverflows, simulation.yaml # for the lapi those configs will be loaded : profiles.yaml, notifications, console.yaml +# These entries can be split across multiple values files, or injected with `--set-file` +# when using the chart from a remote repository. ## @section Configuration config: # -- To better understand stages in parsers, you can take a look at https://docs.crowdsec.net/docs/next/parsers/intro/ @@ -57,6 +59,8 @@ config: # filter: "evt.Line.Labels.type == 'myProgram'" # onsuccess: next_stage # .... + # `--set-file config.parsers.s01-parse.example-parser\.yaml=./example-parser.yaml` is also supported. + # Filenames without a `.yaml`/`.yml` suffix are also accepted. ## @param config.parsers.s02-enrich Third step custom parsers definitions, usually to enrich events s02-enrich: {} # -- to better understand how to write a scenario, you can take a look at https://docs.crowdsec.net/docs/next/scenarios/intro @@ -69,6 +73,8 @@ config: # description: "Detect bruteforce on myService" # filter: "evt.Meta.log_type == 'auth_bf_log'" # ... + # `--set-file config.scenarios.myScenario\.yaml=./myScenario.yaml` is also supported. + # Filenames without a `.yaml`/`.yml` suffix are also accepted. # -- to better understand how to write a postoverflow, you can take a look at (https://docs.crowdsec.net/docs/next/log_processor/parsers/intro#postoverflows) # Those files are only mounted in the agent pods postoverflows: @@ -80,6 +86,7 @@ config: s01-whitelist: {} # myRdnsWhitelist.yaml: | # ... + # `--set-file config.postoverflows.s01-whitelist.myRdnsWhitelist\.yaml=./myRdnsWhitelist.yaml` is also supported. # -- Simulation configuration (https://docs.crowdsec.net/docs/next/scenarios/simulation/) # This file is only mounted in the agent pods ## @param config.simulation.yaml This file is usually handled by the agent. @@ -745,6 +752,27 @@ appsec: # appsec_config: crowdsecurity/virtual-patching # labels: # type: appsec + # -- Custom scenarios for the appsec pod. See https://docs.crowdsec.net/docs/next/scenarios/intro + # Those files are only mounted in the appsec pods + ## @param appsec.scenarios [object] Custom scenario files for the appsec pod (key = filename, value = file content) + scenarios: {} + # my-scenario.yaml: | + # type: trigger + # name: my/scenario + # ... + # `--set-file appsec.scenarios.my-scenario\.yaml=./my-scenario.yaml` is also supported. + # -- Custom postoverflows for the appsec pod. See https://docs.crowdsec.net/docs/next/log_processor/parsers/intro#postoverflows + # Those files are only mounted in the appsec pods + postoverflows: + ## @param appsec.postoverflows.s00-enrich Custom postoverflow enrichment files for the appsec pod + s00-enrich: {} + # my-enricher.yaml: | + # ... + ## @param appsec.postoverflows.s01-whitelist Custom postoverflow whitelist files for the appsec pod + s01-whitelist: {} + # my-whitelist.yaml: | + # ... + # `--set-file appsec.postoverflows.s01-whitelist.my-whitelist\.yaml=./my-whitelist.yaml` is also supported. # -- appsec_configs (https://docs.crowdsec.net/docs/next/appsec/configuration): key is the filename, value is the config content ## @param appsec.configs [object] AppSec configs (key = filename, value = file content) configs: {}