feat(mqtt): Updates values and secrets for MQTT

In prevision of sidekick version bump. falcosecurity/falcosidekick#338 Signed-off-by: Lyonel Martinez <[email protected]>
Lowaiz · Jul 26, 2022 · 9f498fe · 9f498fe
1 parent eada56f
commit 9f498fe
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 0 deletions.
diff --git a/falcosidekick/CHANGELOG.md b/falcosidekick/CHANGELOG.md
@@ -12,6 +12,7 @@ as a list of comma separated labels and annotations to add to the AlertManager t
 * Add `smtp.autmechanism` and associated fields to be able to use any SASL mechanism.
 * Add `yandex.datastreams` and associated fields.
 * Add `nodered` and associated fields.
+* Add `mqtt` and associated fields.
 
 ## 0.5.6
 

diff --git a/falcosidekick/README.md b/falcosidekick/README.md
@@ -278,6 +278,14 @@ The following table lists the main configurable parameters of the Falcosidekick
 | `config.mattermost.username`                | Mattermost username                                                                                                                                                                    | `falcosidekick`                                                                                            |
 | `config.mattermost.webhookurl`              | Mattermost Webhook URL (ex: <https://XXXX/hooks/YYYY>), if not `empty`, Mattermost output is *enabled*                                                                                 | `""`                                                                                                       |
 | `config.mutualtlsfilespath`                 | folder which will used to store client.crt, client.key and ca.crt files for mutual tls                                                                                                 | `/etc/certs`                                                                                               |
+| `config.mqtt.webhookurl`                    | Broker address, can start with tcp:// or ssl://, if not empty, MQTT output is enabled                                                                                                  | `""`                                                                                                       |
+| `config.mqtt.topic`                         | Topic for messages                                                                                                                                                                     | `falco/events`                                                                                             |
+| `config.mqtt.qos`                           | QOS for messages                                                                                                                                                                       | `0`                                                                                                        |
+| `config.mqtt.retained`                      | If true, messages are retained                                                                                                                                                         | `false`                                                                                                    |
+| `config.mqtt.user`                          | User if the authentication is enabled in the broker                                                                                                                                    | `""`                                                                                                       |
+| `config.mqtt.paswword`                      | Password if the authentication is enabled in the broker                                                                                                                                | `""`                                                                                                       |
+| `config.mqtt.checkcert`                     | check if ssl certificate of the output is valid                                                                                                                                        | `true`                                                                                                     |
+| `config.mqtt.minimumpriority`               | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""`                                         | `""`                                                                                                       |
 | `config.nats.checkcert`                     | check if ssl certificate of the output is valid                                                                                                                                        | `true`                                                                                                     |
 | `config.nats.hostport`                      | NATS "nats://host:port", if not `empty`, NATS is *enabled*                                                                                                                             | `""`                                                                                                       |
 | `config.nats.minimumpriority`               | minimum priority of event for using use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""`                                         | `debug`                                                                                                    |

diff --git a/falcosidekick/templates/secrets.yaml b/falcosidekick/templates/secrets.yaml
@@ -43,6 +43,16 @@ data:
   MATTERMOST_MUTUALTLS: "{{ .Values.config.mattermost.mutualtls | printf "%t" | b64enc }}"
   MATTERMOST_CHECKCERT: "{{ .Values.config.mattermost.checkcert | printf "%t" | b64enc }}"
 
+  # MQTT Output
+  MQTT_BROKER: "{{ .Values.config.mqtt.broker | b64enc }}"
+  MQTT_TOPIC: "{{ .Values.config.mqtt.topic | b64enc }}"
+  MQTT_QOS: "{{ .Values.config.mqtt.qos | b64enc }}"
+  MQTT_RETAINED: "{{ .Values.config.mqtt.retained | b64enc }}"
+  MQTT_USER: "{{ .Values.config.mqtt.user | b64enc }}"
+  MQTT_PASSWORD: "{{ .Values.config.mqtt.password | b64enc }}"
+  MQTT_CHECKCERT: "{{ .Values.config.mqtt.checkcert | printf "%t" | b64enc }}"
+  MQTT_MINIMUMPRIORITY: "{{ .Values.config.mqtt.minimumpriority | b64enc }}"
+
   # Teams Output
   TEAMS_WEBHOOKURL: "{{ .Values.config.teams.webhookurl | b64enc }}"
   TEAMS_OUTPUTFORMAT: "{{ .Values.config.teams.outputformat | b64enc }}"

diff --git a/falcosidekick/values.yaml b/falcosidekick/values.yaml
@@ -356,6 +356,16 @@ config:
     prunebypriority: false
     minimumpriority: ""  # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
 
+  mqtt:
+    broker: ""  # Broker address, can start with tcp:// or ssl://, if not empty, MQTT output is enabled
+    topic: "falco/events"  # Topic for messages (default: falco/events)
+    qos: 0  # QOS for messages (default: 0)
+    retained: false  # If true, messages are retained (default: false)
+    user: ""  # User if the authentication is enabled in the broker
+    password: ""  # Password if the authentication is enabled in the broker
+    checkcert: true  # check if ssl certificate of the output is valid (default: true)
+    minimumpriority: ""  # minimum priority of event for using this output, order is emergency|alert|critical|error|warning|notice|informational|debug or "" (default)
+
 
 service:
   type: ClusterIP