Skip to content

Commit

Permalink
new(falco): add output_timeout configuration setting
Browse files Browse the repository at this point in the history 
See falcosecurity/falco#1451

Signed-off-by: Leonardo Grasso <me@leonardograsso.com>
  • Loading branch information
@leogr
leogr committed Jan 19, 2021
1 parent b579c35 commit 7ca6df9
Show file tree
Hide file tree
Showing 3 changed files with 35 additions and 0 deletions.
1 change: 1 addition & 0 deletions falco/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ The following table lists the configurable parameters of the Falco chart and the
| `falco.syscallEventDrops.actions` | Actions to be taken when system calls were dropped from the circular buffer | `[log, alert]` |
| `falco.syscallEventDrops.rate` | Rate at which log/alert messages are emitted | `.03333` |
| `falco.syscallEventDrops.maxBurst` | Max burst of messages emitted | `10` |
| `falco.outputs.output_timeout` | Duration in milliseconds to wait before considering the output timeout deadline exceed | `2000` |
| `falco.outputs.rate` | Number of tokens gained per second | `1` |
| `falco.outputs.maxBurst` | Maximum number of tokens outstanding | `1000` |
| `falco.syslogOutput.enabled` | Enable syslog output for security notifications | `true` |
Expand Down
17 changes: 17 additions & 0 deletions falco/templates/configmap.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,23 @@ data:
rate: {{ .Values.falco.syscallEventDrops.rate }}
max_burst: {{ .Values.falco.syscallEventDrops.maxBurst }}
# Falco continuously monitors outputs performance. When an output channel does not allow
# to deliver an alert within a given deadline, an error is reported indicating
# which output is blocking notifications.
# The timeout error will be reported to the log according to the above log_* settings.
# Note that the notification will not be discarded from the output queue; thus,
# output channels may indefinitely remain blocked.
# An output timeout error indeed indicate a misconfiguration issue or I/O problems
# that cannot be recovered by Falco and should be fixed by the user.
#
# The "output_timeout" value specifies the duration in milliseconds to wait before
# considering the deadline exceed.
#
# With a 2000ms default, the notification consumer can block the Falco output
# for up to 2 seconds without reaching the timeout.
output_timeout: {{ .Values.falco.output_timeout }}
# A throttling mechanism implemented as a token bucket limits the
# rate of falco notifications. This throttling is controlled by the following configuration
# options:
Expand Down
17 changes: 17 additions & 0 deletions falco/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -161,6 +161,23 @@ falco:
rate: .03333
maxBurst: 10

# Falco continuously monitors outputs performance. When an output channel does not allow
# to deliver an alert within a given deadline, an error is reported indicating
# which output is blocking notifications.
# The timeout error will be reported to the log according to the above log_* settings.
# Note that the notification will not be discarded from the output queue; thus,
# output channels may indefinitely remain blocked.
# An output timeout error indeed indicate a misconfiguration issue or I/O problems
# that cannot be recovered by Falco and should be fixed by the user.
#
# The "output_timeout" value specifies the duration in milliseconds to wait before
# considering the deadline exceed.
#
# With a 2000ms default, the notification consumer can block the Falco output
# for up to 2 seconds without reaching the timeout.

output_timeout: 2000

# A throttling mechanism implemented as a token bucket limits the
# rate of Falco notifications. This throttling is controlled by the following configuration
# options:
Expand Down

0 comments on commit 7ca6df9

Please sign in to comment.