8000 integrate customizations from Malcolm-Helm as options in vanilla Malcolm (part 2) · Issue #657 · cisagov/Malcolm · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

integrate customizations from Malcolm-Helm as options in vanilla Malcolm (part 2) #657

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mmguero opened this issue Apr 25, 2025 · 0 comments
8000
Open

integrate customizations from Malcolm-Helm as options in vanilla Malcolm (part 2) #657

mmguero opened this issue Apr 25, 2025 · 0 comments
Assignees
@mmguero
Labels
cloud Relating to deployment of Malcolm in the cloud and/or with Kubernetes enhancement New feature or request external Depends on a bug or feature external to this project
Milestone
v25.05.0

Comments

@mmguero
Copy link
Collaborator
mmguero commented Apr 25, 2025

continuation of #642

Our friends that have developed the Malcolm-Helm chart have a few customizations that have required them to override some of the "stock" files/scripts in vanilla Malcolm. I'd like to examine these use cases and have Malcolm handle them natively (ie., configurable with environment variables) so that we can remove those customizations from Malcolm-Helm, which will make the chart more resilient to changes as new versions of Malcolm are released.

Here are the ones I've identified:

Malcolm-Helm file Malcolm file purpose notes
logstash_override.yml 99_opensearch_output.conf, malcolm_template.json, malcolm_template_suricata.json (?) custom handling of write indexes and ilm stuff I'm not sure if there's a way we can make this more generic, it's pretty specific to this user's use-case. Maybe we just need some sort of flag in the chart to turn these overrides on/off?
_helpers.tpl malcolm_template.json to customize different ILM parameters for zeek vs. suricata Related to the previous entry; I'm not sure what the best thing to do here is, as malcolm_template.json isn't broken out by data source (zeek, suricata) like it would have to be for this.
malcolm_configmaps.yaml various empty directories So that necessary empty directories exist (?) I know that Malcolm is expecting these directories to exist, but I think we could handle it in each service's dirinit container with PUSER_MKDIR (example) instead of having these empty-directory configmaps.
@mmguero mmguero added the enhancement New feature or request label Apr 25, 2025
@mmguero mmguero mentioned this issue Apr 25, 2025
Closed
@mmguero mmguero added external Depends on a bug or feature external to this project cloud Relating to deployment of Malcolm in the cloud and/or with Kubernetes labels Apr 25, 2025
@mmguero mmguero self-assigned this Apr 25, 2025
@mmguero mmguero added this to Malcolm Apr 25, 2025
@mmguero mmguero added this to the v25.05.0 milestone Apr 25, 2025
@mmguero mmguero moved this to In Progress in Malcolm Apr 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mmguero mmguero

Labels
cloud Relating to deployment of Malcolm in the cloud and/or with Kubernetes enhancement New feature or request external Depends on a bug or feature external to this project
Projects
Malcolm
Status: In Progress
Milestone
v25.05.0
Development

No branches or pull requests
1 participant
@mmguero
0