Skip to content

Feat/falco proxy env #918

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
jvlerner wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Feat/falco proxy env #918

jvlerner wants to merge 3 commits into from
+56 −6

Conversation

@jvlerner
Copy link

@jvlerner jvlerner commented Oct 3, 2025

What type of PR is this?

/kind bug

/kind cleanup

/kind design

/kind documentation

/kind failing-test

/kind feature

If this PR will release a new chart version please make sure to also uncomment the following line:

/kind chart-release

Any specific area of the project related to this PR?

/area falco-chart

/area falcosidekick-chart

/area falco-talon-chart

/area event-generator-chart

/area k8s-metacollector-chart

What this PR does / why we need it:

Which issue(s) this PR fixes:

Currently, in environments with restricted internet access, containers often fail to reach external resources due to missing proxy configuration. This impacts components like falcoctl, which require outbound connectivity to fetch artifacts or updates.
This PR introduces support for injecting proxy-related environment variables (HTTP_PROXY, HTTPS_PROXY, NO_PROXY) into all relevant containers and initContainers when proxy is enabled via values.yaml.
The implementation uses a reusable Helm helper to ensure consistency and maintainability across templates.

Fixes #917

Special notes for your reviewer:

  • Default behavior remains unchanged if proxy values are not set.

Checklist

  • Chart Version bumped
  • Variables are documented in the README.md
  • CHANGELOG.md updated

@poiana poiana added kind/feature New feature or request dco-signoff: no kind/chart-release Add this label when the chart version has been bumped labels Oct 3, 2025
@poiana
Copy link
Contributor

poiana commented Oct 3, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: jvlerner
Once this PR has been reviewed and has the lgtm label, please assign cpanato for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@poiana poiana requested review from bencer and ekoops October 3, 2025 19:34
@poiana
Copy link
Contributor

poiana commented Oct 3, 2025

Welcome @jvlerner! It looks like this is your first PR to falcosecurity/charts 🎉

@poiana poiana added the size/M label Oct 3, 2025
@jvlerner jvlerner force-pushed the feat/falco-proxy-env branch from a570359 to 952d4f1 Compare October 3, 2025 19:36
@jvlerner
feat(proxy): support proxy env injection across all containers
eb05963 
Signed-off-by: jvlerner <jvlerner@uolinc.com>
@jvlerner jvlerner force-pushed the feat/falco-proxy-env branch from 952d4f1 to a2449e7 Compare October 3, 2025 19:40
@jvlerner jvlerner force-pushed the feat/falco-proxy-env branch 2 times, most recently from 42467d8 to b133844 Compare October 3, 2025 19:52
@jvlerner
chore(falco): update chart version, docs and changelog
0edbf77 
Signed-off-by: jvlerner <jvlerner@uolinc.com>
@jvlerner jvlerner force-pushed the feat/falco-proxy-env branch from b133844 to 0edbf77 Compare October 3, 2025 19:56
leogr
leogr reviewed Oct 6, 2025
View reviewed changes
@jvlerner jvlerner force-pushed the feat/falco-proxy-env branch from 29f8ff2 to d46bc4f Compare October 9, 2025 02:00
@jvlerner
chore: add to .lycheeignore proxy link
12691a9 
Signed-off-by: jvlerner <jvlerner@uolinc.com>
@jvlerner jvlerner force-pushed the feat/falco-proxy-env branch from d46bc4f to 12691a9 Compare October 9, 2025 02:02
@jvlerner
Copy link
Author

jvlerner commented Oct 9, 2025

My bad guys, I missed adding the proxy link to the ignore list. Just fixed it
Would appreciate another review

ekoops
ekoops requested changes Oct 9, 2025
View reviewed changes
Copy link
Contributor

@ekoops ekoops left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey, I overall looks good! I just added some comments. Let me know if you have any question or doubt! 😄

charts/falco/templates/_helpers.tpl
env:
{{- include "falco.renderTemplate" ( dict "value" .Values.falcoctl.artifact.install.env "context" $) | nindent 4 }}
{{- include "falco.proxyEnv" . | nindent 2 }}
{{- if .Values.falcoctl.artifact.install.env }}
Copy link
Contributor

@ekoops ekoops Oct 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this if statement required here? I have hadn't chance to check it, but what happen if we render an empty env list?

charts/falco/templates/_helpers.tpl
Comment on lines +347 to 348
{{- include "falco.proxyEnv" . | nindent 2 }}
{{- include "falco.renderTemplate" ( dict "value" .Values.falcoctl.artifact.follow.env "context" $) | nindent 4 }}
Copy link
Contributor

@ekoops ekoops Oct 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similarly to my previous comment, is there any reason why you didn't add the {{- if .Values.falcoctl.artifact.install.env }} check here?

charts/falco/templates/pod-template.tpl
Comment on lines +93 to +95
{{- if .Values.proxy.enabled }}
{{- include "falco.proxyEnv" . | nindent 8 }}
{{- end }}
Copy link
Contributor

@ekoops ekoops Oct 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You are already checking {{- if .Values.proxy.enabled }} in the helper. At this point, do we want to keep the check in the helper or do we want to repeat it? I guess it is better to remove it from the helper, but I'm open to other opinion on this!

charts/falco/templates/pod-template.tpl
Comment on lines +368 to +370
{{- if .Values.proxy.enabled }}
{{- include "falco.proxyEnv" . | nindent 4 }}
{{- end }}
Copy link
Contributor

@ekoops ekoops Oct 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same as above

charts/falco/README.md
Comment on lines +809 to +810
| proxy.http | string | `"http://proxy.dominio.com:3128"` | HTTP proxy URL used for outbound HTTP requests. |
| proxy.https | string | `"http://proxy.dominio.com:3128"` | HTTPS proxy URL used for outbound HTTPS requests. |
Copy link
Contributor

@ekoops ekoops Oct 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, I guess my missed these two here in the previous review cycle 😔

@github-project-automation github-project-automation bot moved this from Todo to In progress in Falco Roadmap Oct 9, 2025
@leogr
Copy link
Member

leogr commented Oct 31, 2025

Hey @jvlerner any update on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@leogr leogr leogr left review comments

@ekoops ekoops ekoops requested changes

@bencer bencer Awaiting requested review from bencer

Requested changes must be addressed to merge this pull request.

Assignees

@ekoops ekoops

Labels

area/falco-chart dco-signoff: yes kind/chart-release Add this label when the chart version has been bumped kind/feature New feature or request size/M

Projects

Falco Roadmap
Status: In progress

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Support proxy environment variable injection across all falco chart containers and initContainers

4 participants

@jvlerner @poiana @leogr @ekoops