DirectorySecurity AdvisoriesPricing
Sign in
Directory
falco-exporter logoHELM

falco-exporter

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:
1
# Default values for falco-exporter.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
# -- service exposes the exporter service to be accessed from within the cluster.
6
service:
7
# -- type denotes the service type. Setting it to "ClusterIP" we ensure that are accessible
8
# from within the cluster.
9
type: ClusterIP
10
# -- clusterIP set to none. It's headless service.
11
clusterIP: None
12
# -- port is the port on which the Service will listen.
13
port: 9376
14
# -- targetPort is the port on which the Pod is listening.
15
targetPort: 9376
16
# -- labels set of labels to be applied to the service.
17
labels: {}
18
# -- annotations set of annotations to be applied to the service.
19
annotations:
20
prometheus.io/scrape: "true"
21
prometheus.io/port: "9376"
22
# -- mTLS mutual TLS for HTTP metrics server.
23
mTLS:
24
# -- enabled specifies whether the mTLS should be enabled.
25
enabled: false
26
# -- healthChecks contains the configuration for liveness and readiness probes.
27
healthChecks:
28
# -- livenessProbe is a diagnostic mechanism used to determine weather a container within a Pod is still running and healthy.
29
livenessProbe:
30
# -- probesPort is liveness probes port.
31
probesPort: 19376
32
# -- initialDelaySeconds tells the kubelet that it should wait X seconds before performing the first probe.
33
initialDelaySeconds: 60
34
# -- timeoutSeconds number of seconds after which the probe times out.
35
timeoutSeconds: 5
36
# -- periodSeconds specifies the interval at which the liveness probe will be repeated.
37
periodSeconds: 15
38
# -- readinessProbe is a mechanism used to determine whether a container within a Pod is ready to serve traffic.
39
readinessProbe:
40
# probesPort is readiness probes port
41
probesPort: 19376
42
# -- initialDelaySeconds tells the kubelet that it should wait X seconds before performing the first probe.
43
initialDelaySeconds: 30
44
# -- timeoutSeconds is the number of seconds after which the probe times out.
45
timeoutSeconds: 5
46
# -- periodSeconds specifies the interval at which the readiness probe will be repeated.
47
periodSeconds: 15
48
# -- image is the configuration for the exporter image.
49
image:
50
# -- registry is the image registry to pull from.
51
registry: chainreg.biz
52
# -- repository is the image repository to pull from.
53
repository: chainguard-private/falco-exporter
54
# -- tag is image tag to pull.
55
tag: latest@sha256:8c166b19fbf7ac9f211e18bf6d37a97d4d478460ff9411d696bc255dc5e0294a
56
# -- pullPolicy is the policy used to determine when a node should attempt to pull the container image.
57
pullPolicy: IfNotPresent
58
# -- pullSecrets a list of secrets containing credentials used when pulling from private/secure registries.
59
imagePullSecrets: []
60
# -- nameOverride is the new name used to override the release name used for exporter's components.
61
nameOverride: ""
62
# -- fullNameOverride same as nameOverride but for the full name.
63
fullnameOverride: ""
64
# -- priorityClassName specifies the name of the PriorityClass for the pods.
65
priorityClassName: ""
66
# -- falco the configuration to connect falco.
67
falco:
68
# -- grpcUnixSocketPath path to the falco's grpc unix socket.
69
grpcUnixSocketPath: "unix:///run/falco/falco.sock"
70
# -- grpcTimeout timout value for grpc connection.
71
grpcTimeout: 2m
72
# -- serviceAccount is the configuration for the service account.
73
serviceAccount:
74
# create specifies whether a service account should be created.
75
create: true
76
# annotations to add to the service account
77
annotations: {}
78
# -- name is the name of the service account to use.
79
# If not set and create is true, a name is generated using the fullname template.
80
# If set and create is false, an already existing serviceAccount must be provided.
81
name: ""
82
# -- podSecurityPolicy holds the security policy settings for the pod.
83
podSecurityPolicy:
84
# -- create specifies whether a PSP, Role and RoleBinding should be created
85
create: false
86
# -- annotations to add to the PSP, Role and RoleBinding
87
annotations: {}
88
# -- name of the PSP, Role and RoleBinding to use.
89
# If not set and create is true, a name is generated using the fullname template
90
name: ""
91
# -- podSecurityPolicy holds the security policy settings for the pod.
92
podSecurityContext: {}
93
# fsGroup: 2000
94
95
# -- daemonset holds the configuration for the daemonset.
96
daemonset:
97
# updateStrategy perform rolling updates by default in the DaemonSet agent
98
# ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
99
updateStrategy:
100
# type of the strategy. Can also customize maxUnavailable or minReadySeconds based on your needs.
101
type: RollingUpdate
102
# -- annotations to add to the DaemonSet pods.
103
annotations: {}
104
# -- podLabels labels to add to the pods.
105
podLabels: {}
106
# -- securityContext holds the security context for the daemonset.
107
securityContext:
108
# -- capabilities to be assigned to the daemonset.
109
capabilities:
110
drop:
111
- ALL
112
readOnlyRootFilesystem: true
113
allowPrivilegeEscalation: false
114
privileged: false
115
seccompProfile:
116
type: RuntimeDefault
117
# -- resources defines the computing resources (CPU and memory) that are allocated to the containers running within the Pod.
118
resources: {}
119
# We usually recommend not to specify default resources and to leave this as a conscious
120
# choice for the user. This also increases chances charts run on environments with little
121
# resources, such as Minikube. If you do want to specify resources, uncomment the following
122
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
123
# limits:
124
# cpu: 100m
125
# memory: 128Mi
126
# requests:
127
# cpu: 100m
128
# memory: 128Mi
129
130
# -- nodeSelector specifies a set of key-value pairs that must match labels assigned to nodes
131
# for the Pod to be eligible for scheduling on that node
132
nodeSelector: {}
133
# -- tolerations are applied to pods and allow them to be scheduled on nodes with matching taints.
134
tolerations:
135
- effect: NoSchedule
136
key: node-role.kubernetes.io/master
137
- effect: NoSchedule
138
key: node-role.kubernetes.io/control-plane
139
# -- affinity allows pod placement based on node characteristics, or any other custom labels assigned to nodes.
140
affinity: {}
141
# -- serviceMonitor holds the configuration for the ServiceMonitor CRD.
142
# A ServiceMonitor is a custom resource definition (CRD) used to configure how Prometheus should
143
# discover and scrape metrics from the exporter service.
144
serviceMonitor:
145
# -- enable the deployment of a Service Monitor for the Prometheus Operator.
146
enabled: false
147
# -- additionalLabels specifies labels to be added on the Service Monitor.
148
additionalLabels: {}
149
# -- interval specifies the time interval at which Prometheus should scrape metrics from the service.
150
interval: ""
151
# -- scrapeTimeout determines the maximum time Prometheus should wait for a target to respond to a scrape request.
152
# If the target does not respond within the specified timeout, Prometheus considers the scrape as failed for
153
# that target.
154
scrapeTimeout: ""
155
# -- aditionalProperties allows setting additional properties on the endpoint such as relabelings, metricRelabelings etc.
156
additionalProperties: {}
157
# -- grafanaDashboard contains the configuration related to grafana dashboards.
158
grafanaDashboard:
159
# -- enabled specifies whether the dashboard should be deployed.
160
enabled: false
161
# -- folder creates and set folderAnnotation to specify where the dashboard is stored in grafana.
162
folder: ""
163
# -- folderAnnotation sets the annotation's name used by folderAnnotation in grafana's helm-chart.
164
folderAnnotation: "grafana_dashboard_folder"
165
# -- namespace specifies the namespace for the configmap.
166
namespace: default
167
# -- prometheusDatasourceName name of the data source.
168
prometheusDatasourceName: Prometheus
169
scc:
170
# true here enabled creation of Security Context Constraints in Openshift
171
create: true
172
# prometheusRules holds the configuration for alerting on priority events.
173
prometheusRules:
174
# -- enabled specifies whether the prometheus rules should be deployed.
175
enabled: false
176
alerts:
177
warning:
178
enabled: true
179
rate_interval: "5m"
180
threshold: 0
181
for: "15m"
182
error:
183
enabled: true
184
rate_interval: "5m"
185
threshold: 0
186
for: "15m"
187
critical:
188
enabled: true
189
rate_interval: "5m"
190
threshold: 0
191
for: "15m"
192
alert:
193
enabled: true
194
rate_interval: "5m"
195
threshold: 0
196
for: "5m"
197
emergency:
198
enabled: true
199
rate_interval: "1m"
200
threshold: 0
201
for: "1m"
202
additionalAlerts: {}
203

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0SOC 2Golden ImagesCVE RemediationPublic SectorStartups

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogOpen Source LeadershipPartnersNewsroomCareersLegal
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.