-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathvalues.yaml
84 lines (64 loc) · 2.16 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Default values for eks-clouwatch-auditer.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
replicaCount: 1
image:
repository: emirozbir/eks-cloudwatch-audit
pullPolicy: Always
tag: "prod"
imagePullSecrets: []
nameOverride: ""
fullnameOverride: ""
serviceAccount:
# Specifies whether a service account should be created
create: true
# Annotations to add to the service account
annotations:
eks.amazonaws.com/role-arn: ROLE_ARN
# The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
eks:
region: eu-west-1
log_group_name: /aws/eks/test-cluster/cluster
servicemonitor:
create: true
exporter_key: audit-cluster
namespace: monitoring
exporter:
port: "9877"
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
service:
type: ClusterIP
port: 80
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 100m
memory: 128Mi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity: {}
metric_prefix: eks
queries:
#non-kubectl-access : fields @message, @userAgent | filter userAgent not like /kube/ | filter userAgent not like /go/ |filter userAgent not like /Prometheus/ | sort @timestamp desc | limit 1
four-zero-three-results : fields @timestamp, @message| filter responseStatus.code == "403"| sort @timestamp desc| limit 1
forbidden-decisions : fields @timestamp, @message| filter annotations.authorization.k8s.io/decision == "forbid"| sort @timestamp desc| limit 1
forbidden-users : fields @timestamp, @message| filter user.username == "forbid"| sort @timestamp desc| limit 1
exec-attemptions : fields @timestamp, @message| filter objectRef.subresource == "exec"| sort @timestamp desc| limit 1
namespace-delete : fields @timestamp, @message| filter requestObject.kind == "Namespace"| filter verb=="delete"| filter responseObject.status.conditions.2.message=="testimtest"| sort @timestamp desc| limit 1