chore(deps): Bump lycheeverse/lychee-action from 2.4.0 to 2.5.0

Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/lycheeverse/lychee-action/releases) - [Commits](1d97d84f0b...5c4ee84814) --- updated-dependencies: - dependency-name: lycheeverse/lychee-action dependency-version: 2.5.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
fix(charts/falco/tests): fixed Falco chart tests.
2025-08-08 08:29:15 +02:00 · 2025-08-04 22:36:52 +02:00 · 2025-08-04 22:36:52 +02:00 · 2025-08-04 22:36:52 +02:00 · 2025-08-04 22:36:52 +02:00 · 2025-07-24 15:15:40 +02:00
85 changed files with 8458 additions and 2268 deletions
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -35,15 +35,13 @@ Please remove the leading whitespace before the `/kind <>` you uncommented.

 > /area falco-chart

-> /area falco-exporter-chart
-
 > /area falcosidekick-chart

-> /area falco-talon
+> /area falco-talon-chart

 > /area event-generator-chart

-> /area k8s-metacollector
+> /area k8s-metacollector-chart

 <!--
 Please remove the leading whitespace before the `/area <>` you uncommented.
@ -63,6 +61,7 @@ Fixes #

 **Special notes for your reviewer**:

+
 **Checklist**
 <!--
 Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@ -4,7 +4,3 @@ updates:
    directory: "/"
    schedule:
      interval: "daily"
-    labels:
-      - "area/dependency"
-      - "release-note-none"
-      - "ok-to-test"
--- a/.github/workflows/links.yml
+++ b/.github/workflows/links.yml
@ -17,7 +17,7 @@ jobs:
          fetch-depth: 0

      - name: Link Checker
-        uses: lycheeverse/lychee-action@f81112d0d2814ded911bd23e3beaa9dda9093915 #v2.1.0
+        uses: lycheeverse/lychee-action@5c4ee84814c983aa7164eaee476f014e53ff3963 #v2.5.0
        with:
          args: --no-progress './**/*.yml' './**/*.yaml' './**/*.md' './**/*.gotmpl' './**/*.tpl' './**/OWNERS' './**/LICENSE'
          token: ${{ secrets.GITHUB_TOKE }}
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@ -24,7 +24,7 @@ jobs:
          fetch-depth: 0

      - name: Install Cosign
-        uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0
+        uses: sigstore/cosign-installer@398d4b0eeef1380460a10c8013a76f728fb906ac # v3.9.1

      - name: Configure Git
        run: |
@ -32,21 +32,22 @@ jobs:
          git config user.email "$GITHUB_ACTOR@users.noreply.github.com"

      - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0

      - name: Add dependency chart repos
        run: |
          helm repo add falcosecurity https://falcosecurity.github.io/charts

      - name: Run chart-releaser
-        uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0
+        uses: helm/chart-releaser-action@cae68fefc6b5f367a0275617c9f83181ba54714f # v1.7.0
        with:
          charts_dir: charts
+          config: cr.yaml
        env:
          CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

      - name: Login to GitHub Container Registry
-        uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
+        uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -13,16 +13,16 @@ jobs:
          fetch-depth: 0

      - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
        with:
-          version: '3.14.0'
+          version: "3.14.0"

-      - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0
+      - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
        with:
-          python-version: '3.x'
+          python-version: "3.x"

      - name: Set up chart-testing
-        uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1
+        uses: helm/chart-testing-action@0d28d3144d3a25ea2cc349d6e59901c4ff469b3b # v2.7.0

      - name: Run chart-testing (lint)
        run: ct lint --config ct.yaml
@ -37,26 +37,13 @@ jobs:

      - name: Create KIND Cluster
        if: steps.list-changed.outputs.changed == 'true'
-        uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0
+        uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0
        with:
          config: ./tests/kind-config.yaml

-      - name: install falco if needed (ie for falco-exporter)
-        if: steps.list-changed.outputs.changed == 'true'
-        run: |
-          changed=$(ct list-changed --config ct.yaml)
-          if [[ "$changed[@]" =~ "charts/falco-exporter" ]]; then
-            helm repo add falcosecurity https://falcosecurity.github.io/charts
-            helm repo update
-            helm install falco falcosecurity/falco -f ./tests/falco-test-ci.yaml
-            kubectl get po -A
-            sleep 120
-            kubectl get po -A
-          fi
-
      - name: Run chart-testing (install)
        if: steps.list-changed.outputs.changed == 'true'
-        run: ct install --config ct.yaml
+        run: ct install --exclude-deprecated --config ct.yaml

  go-unit-tests:
    runs-on: ubuntu-latest
@ -67,17 +54,17 @@ jobs:
          fetch-depth: 0

      - name: Set up Helm
-        uses: azure/setup-helm@fe7b79cd5ee1e45176fcad797de68ecaf3ca4814 # v4.2.0
+        uses: azure/setup-helm@b9e51907a09c216f16ebe8536097933489208112 # v4.3.0
        with:
-          version: '3.10.3'
+          version: "3.10.3"

      - name: Update repo deps
-        run:  helm dependency update ./charts/falco
+        run: helm dependency update ./charts/falco

      - name: Setup Go
-        uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0
+        uses: actions/setup-go@0aaccfd150d50ccaeb58ebd88d36e91967a5f35b # v5.4.0
        with:
-          go-version: '1.21'
+          go-version: "1.21"
          check-latest: true

      - name: K8s-metacollector unit tests
--- a/1
+++ b/1
@ -3,6 +3,7 @@ approvers:
  - Issif
  - cpanato
  - alacuku
+  - ekoops
 reviewers:
  - bencer
 emeritus_approvers:
--- a/README.md
+++ b/README.md
@ -23,7 +23,6 @@ The Charts in the `master` branch (with a corresponding [GitHub release](https:/
 Charts currently available are listed below.

 - [falco](./charts/falco)
- [falco-exporter](./charts/falco-exporter)
 - [falcosidekick](./charts/falcosidekick)
 - [event-generator](./charts/event-generator)
 - [k8s-metacollector](./charts/k8s-metacollector)
--- a/charts/falco-exporter/CHANGELOG.md
+++ b/charts/falco-exporter/CHANGELOG.md
@ -1,239 +0,0 @@
-# Change Log
-
-This file documents all notable changes to `falco-exporter` Helm Chart. The release
-numbering uses [semantic versioning](http://semver.org).
-
-## v0.12.1
-
-* fix bug in 'for' for falco exporter prometheus rules
-
-## v0.12.0
-
-* make 'for' configurable for falco exporter prometheus rules
-
-## v0.11.0
-
-* updated grafana dashboard
-
-## v0.10.1
-
-* Enhanced the service Monitor to support additional Properties.
-
-## v0.10.0
-
-* added ability to set the grafana folder annotation name
-
-## v0.9.11
-
-* fix dead links in README.md
-
-## v0.9.10
-
-* update configuration values in README.md
-* introduce helm docs for the chart
-
-## v0.9.9
-
-* update tolerations
-
-## v0.9.8
-
-* add annotation for set of folder's grafana-chart
-
-## v0.9.7
-
-* noop change just to test the ci
-
-## v0.9.6
-
-### Minor Changes
-
-* Bump falco-exporter to v0.8.3
-
-## v0.9.5
-
-### Minor Changes
-
-* Removed unnecessary capabilities from security context
-* Setted filesystem on read-only
-
-## v0.9.4
-
-### Minor Changes
-
-* Add options to configure readiness/liveness probe values
-
-## v0.9.3
-
-### Minor Changes
-
-* Bump falco-exporter to v0.8.2
-
-## v0.9.2
-
-### Minor Changes
-
-* Add option to place Grafana dashboard in a folder
-
-## v0.9.1
-
-### Minor Changes
-
-* Fix PSP allowed host path prefix to match grpc socket path change.
-
-## v0.8.3
-
-### Major Changes
-
-* Changing the grpc socket path from `unix:///var/run/falco/falco.soc` to `unix:///run/falco/falco.sock`.
-
-### Minor Changes
-
-* Bump falco-exporter to v0.8.0
-
-## v0.8.2
-
-### Minor Changes
-
-* Support configuration of updateStrategy of the Daemonset
-
-## v0.8.0
-
-* Upgrade falco-exporter version to v0.7.0 (see the [falco-exporter changelog](https://github.com/falcosecurity/falco-exporter/releases/tag/v0.7.0)) 
-
-### Major Changes
-
-* Add option to add labels to the Daemonset pods
-
-## v0.7.2
-
-### Minor Changes
-
-* Add option to add labels to the Daemonset pods
-
-## v0.7.1
-
-### Minor Changes
-
-* Fix `FalcoExporterAbsent` expression
-
-## v0.7.0
-
-### Major Changes
-
-* Adds ability to create custom PrometheusRules for alerting
-
-## v0.6.2
-
-## Minor Changes
-
-* Add Check availability of 'monitoring.coreos.com/v1' api version
-
-## v0.6.1
-
-### Minor Changes
-
-* Add option the add annotations to the Daemonset
-
-## v0.6.0
-
-### Minor Changes
-
-* Upgrade falco-exporter version to v0.6.0 (see the [falco-exporter changelog](https://github.com/falcosecurity/falco-exporter/releases/tag/v0.6.0))
-
-## v0.5.2
-
-### Minor changes
-
-* Make image registry configurable
-
-## v0.5.1
-
-* Display only non-zero rates in Grafana dashboard template
-
-## v0.5.0
-
-### Minor Changes
-
-* Upgrade falco-exporter version to v0.5.0
-* Add metrics about Falco drops
-* Make `unix://` prefix optional
-
-## v0.4.2
-
-### Minor Changes
-
-* Fix Prometheus datasource name reference in grafana dashboard template
-
-## v0.4.1
-
-### Minor Changes
-
-* Support release namespace configuration
-
-## v0.4.0
-
-### Mayor Changes
-
-* Add Mutual TLS for falco-exporter enable/disabled feature
-
-## v0.3.8
-
-### Minor Changes
-
-* Replace extensions apiGroup/apiVersion because of deprecation
-
-## v0.3.7
-
-### Minor Changes
-
-* Fixed falco-exporter PSP by allowing secret volumes
-
-## v0.3.6
-
-### Minor Changes
-
-* Add SecurityContextConstraint to allow deploying in Openshift
-
-## v0.3.5
-
-### Minor Changes
-
-* Added the possibility to automatically add a PSP (in combination with a Role and a RoleBindung) via the podSecurityPolicy values
-* Namespaced the falco-exporter ServiceAccount and Service
-
-## v0.3.4
-
-### Minor Changes
-
-* Add priorityClassName to values
-
-## v0.3.3
-
-### Minor Changes
-
-* Add grafana dashboard to helm chart
-
-## v0.3.2
-
-### Minor Changes
-
-* Fix for additional labels for falco-exporter servicemonitor
-
-## v0.3.1
-
-### Minor Changes
-
-* Added the support to deploy a Prometheus Service Monitor. Is disables by default.
-
-## v0.3.0
-
-### Major Changes
-
-* Chart moved to [falcosecurity/charts](https://github.com/falcosecurity/charts) repository
-* gRPC over unix socket support (by default)
-* Updated falco-exporter version to `0.3.0`
-
-### Minor Changes
-
-* README.md and CHANGELOG.md added
--- a/charts/falco-exporter/Chart.yaml
+++ b/charts/falco-exporter/Chart.yaml
@ -1,36 +0,0 @@
-apiVersion: v2
-name: falco-exporter
-description: Prometheus Metrics Exporter for Falco output events
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-version: 0.12.1
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application.
-appVersion: 0.8.3
-
-keywords:
-  - monitoring
-  - security
-  - alerting
-  - metric
-  - troubleshooting
-  - run-time
-
-sources:
-  - https://github.com/falcosecurity/falco-exporter
-
-maintainers:
-  - name: leogr
-    email: me@leonardograsso.com
--- a/charts/falco-exporter/README.gotmpl
+++ b/charts/falco-exporter/README.gotmpl
@ -1,75 +0,0 @@
-# falco-exporter Helm Chart
-
-[falco-exporter](https://github.com/falcosecurity/falco-exporter) is a Prometheus Metrics Exporter for Falco output events.
-
-Before using this chart, you need [Falco installed](https://falco.org/docs/installation/) and running with the [gRPC Output](https://falco.org/docs/grpc/) enabled (over Unix socket by default).
-
-This chart is compatible with the [Falco Chart](https://github.com/falcosecurity/charts/tree/master/charts/falco) version `v1.2.0` or greater. Instructions to enable the gRPC Output in the Falco Helm Chart can be found [here](https://github.com/falcosecurity/charts/tree/master/charts/falco#enabling-grpc). We also strongly recommend using [gRPC over Unix socket](https://github.com/falcosecurity/charts/tree/master/charts/falco#grpc-over-unix-socket-default).
-
-## Introduction
-
-The chart deploys **falco-exporter** as Daemon Set on your the Kubernetes cluster. If a [Prometheus installation](https://github.com/helm/charts/tree/master/stable/prometheus) is running within your cluster, metrics provided by **falco-exporter** will be automatically discovered.
-
-## Adding `falcosecurity` repository
-
-Prior to installing the chart, add the `falcosecurity` charts repository:
-
-```bash
-helm repo add falcosecurity https://falcosecurity.github.io/charts
-helm repo update
-```
-
-## Installing the Chart
-
-To install the chart with the release name `falco-exporter` run:
-
-```bash
-helm install falco-exporter falcosecurity/falco-exporter
-```
-
-After a few seconds, **falco-exporter** should be running.
-
-> **Tip**: List all releases using `helm list`, a release is a name used to track a specific deployment
-
-## Uninstalling the Chart
-
-To uninstall the `falco-exporter` deployment:
-
-```bash
-helm uninstall falco-exporter
-```
-
-The command removes all the Kubernetes components associated with the chart and deletes the release.
-
-```bash
-helm install falco-exporter --set falco.grpcTimeout=3m falcosecurity/falco-exporter
-```
-
-Alternatively, a YAML file that specifies the parameters' values can be provided while installing the chart. For example,
-
-```bash
-helm install falco-exporter -f values.yaml falcosecurity/falco-exporter
-```
-
-### Enable Mutual TLS
-
-Mutual TLS for `/metrics` endpoint can be enabled to prevent alerts content from being consumed by unauthorized components.
-
-To install falco-exporter with Mutual TLS enabled, you have to:
-
-```shell
-helm install falco-exporter \
-  --set service.mTLS.enabled=true \
-  --set-file service.mTLS.server.key=/path/to/server.key \
-  --set-file service.mTLS.server.crt=/path/to/server.crt \
-  --set-file service.mTLS.ca.crt=/path/to/ca.crt \
-  falcosecurity/falco-exporter
-```
-
-> **Tip**: You can use the default [values.yaml](values.yaml)
-
-## Configuration
-
-The following table lists the main configurable parameters of the {{ template "chart.name" . }} chart v{{ template "chart.version" . }} and their default values. Please, refer to [values.yaml](./values.yaml) for the full list of configurable parameters.
-
-{{ template "chart.valuesSection" . }}
--- a/charts/falco-exporter/README.md
+++ b/charts/falco-exporter/README.md
@ -1,160 +0,0 @@
-# falco-exporter Helm Chart
-
-[falco-exporter](https://github.com/falcosecurity/falco-exporter) is a Prometheus Metrics Exporter for Falco output events.
-
-Before using this chart, you need [Falco installed](https://falco.org/docs/installation/) and running with the [gRPC Output](https://falco.org/docs/grpc/) enabled (over Unix socket by default).
-
-This chart is compatible with the [Falco Chart](https://github.com/falcosecurity/charts/tree/master/charts/falco) version `v1.2.0` or greater. Instructions to enable the gRPC Output in the Falco Helm Chart can be found [here](https://github.com/falcosecurity/charts/tree/master/charts/falco#enabling-grpc). We also strongly recommend using [gRPC over Unix socket](https://github.com/falcosecurity/charts/tree/master/charts/falco#grpc-over-unix-socket-default).
-
-## Introduction
-
-The chart deploys **falco-exporter** as Daemon Set on your the Kubernetes cluster. If a [Prometheus installation](https://github.com/helm/charts/tree/master/stable/prometheus) is running within your cluster, metrics provided by **falco-exporter** will be automatically discovered.
-
-## Adding `falcosecurity` repository
-
-Prior to installing the chart, add the `falcosecurity` charts repository:
-
-```bash
-helm repo add falcosecurity https://falcosecurity.github.io/charts
-helm repo update
-```
-
-## Installing the Chart
-
-To install the chart with the release name `falco-exporter` run:
-
-```bash
-helm install falco-exporter falcosecurity/falco-exporter
-```
-
-After a few seconds, **falco-exporter** should be running.
-
-> **Tip**: List all releases using `helm list`, a release is a name used to track a specific deployment
-
-## Uninstalling the Chart
-
-To uninstall the `falco-exporter` deployment:
-
-```bash
-helm uninstall falco-exporter
-```
-
-The command removes all the Kubernetes components associated with the chart and deletes the release.
-
-```bash
-helm install falco-exporter --set falco.grpcTimeout=3m falcosecurity/falco-exporter
-```
-
-Alternatively, a YAML file that specifies the parameters' values can be provided while installing the chart. For example,
-
-```bash
-helm install falco-exporter -f values.yaml falcosecurity/falco-exporter
-```
-
-### Enable Mutual TLS
-
-Mutual TLS for `/metrics` endpoint can be enabled to prevent alerts content from being consumed by unauthorized components.
-
-To install falco-exporter with Mutual TLS enabled, you have to:
-
-```shell
-helm install falco-exporter \
-  --set service.mTLS.enabled=true \
-  --set-file service.mTLS.server.key=/path/to/server.key \
-  --set-file service.mTLS.server.crt=/path/to/server.crt \
-  --set-file service.mTLS.ca.crt=/path/to/ca.crt \
-  falcosecurity/falco-exporter
-```
-
-> **Tip**: You can use the default [values.yaml](values.yaml)
-
-## Configuration
-
-The following table lists the main configurable parameters of the falco-exporter chart v0.12.1 and their default values. Please, refer to [values.yaml](./values.yaml) for the full list of configurable parameters.
-
-## Values
-
-| Key | Type | Default | Description |
-|-----|------|---------|-------------|
-| affinity | object | `{}` | affinity allows pod placement based on node characteristics, or any other custom labels assigned to nodes. |
-| daemonset | object | `{"annotations":{},"podLabels":{},"updateStrategy":{"type":"RollingUpdate"}}` | daemonset holds the configuration for the daemonset. |
-| daemonset.annotations | object | `{}` | annotations to add to the DaemonSet pods. |
-| daemonset.podLabels | object | `{}` | podLabels labels to add to the pods. |
-| falco | object | `{"grpcTimeout":"2m","grpcUnixSocketPath":"unix:///run/falco/falco.sock"}` | falco the configuration to connect falco. |
-| falco.grpcTimeout | string | `"2m"` | grpcTimeout timout value for grpc connection. |
-| falco.grpcUnixSocketPath | string | `"unix:///run/falco/falco.sock"` | grpcUnixSocketPath path to the falco's grpc unix socket. |
-| fullnameOverride | string | `""` | fullNameOverride same as nameOverride but for the full name. |
-| grafanaDashboard | object | `{"enabled":false,"folder":"","folderAnnotation":"grafana_dashboard_folder","namespace":"default","prometheusDatasourceName":"Prometheus"}` | grafanaDashboard contains the configuration related to grafana dashboards. |
-| grafanaDashboard.enabled | bool | `false` | enabled specifies whether the dashboard should be deployed. |
-| grafanaDashboard.folder | string | `""` | folder creates and set folderAnnotation to specify where the dashboard is stored in grafana. |
-| grafanaDashboard.folderAnnotation | string | `"grafana_dashboard_folder"` | folderAnnotation sets the annotation's name used by folderAnnotation in grafana's helm-chart. |
-| grafanaDashboard.namespace | string | `"default"` | namespace specifies the namespace for the configmap. |
-| grafanaDashboard.prometheusDatasourceName | string | `"Prometheus"` | prometheusDatasourceName name of the data source. |
-| healthChecks | object | `{"livenessProbe":{"initialDelaySeconds":60,"periodSeconds":15,"probesPort":19376,"timeoutSeconds":5},"readinessProbe":{"initialDelaySeconds":30,"periodSeconds":15,"probesPort":19376,"timeoutSeconds":5}}` | healthChecks contains the configuration for liveness and readiness probes. |
-| healthChecks.livenessProbe | object | `{"initialDelaySeconds":60,"periodSeconds":15,"probesPort":19376,"timeoutSeconds":5}` | livenessProbe is a diagnostic mechanism used to determine weather a container within a Pod is still running and healthy. |
-| healthChecks.livenessProbe.initialDelaySeconds | int | `60` | initialDelaySeconds tells the kubelet that it should wait X seconds before performing the first probe. |
-| healthChecks.livenessProbe.periodSeconds | int | `15` | periodSeconds specifies the interval at which the liveness probe will be repeated. |
-| healthChecks.livenessProbe.probesPort | int | `19376` | probesPort is liveness probes port. |
-| healthChecks.livenessProbe.timeoutSeconds | int | `5` | timeoutSeconds number of seconds after which the probe times out. |
-| healthChecks.readinessProbe | object | `{"initialDelaySeconds":30,"periodSeconds":15,"probesPort":19376,"timeoutSeconds":5}` | readinessProbe is a mechanism used to determine whether a container within a Pod is ready to serve traffic. |
-| healthChecks.readinessProbe.initialDelaySeconds | int | `30` | initialDelaySeconds tells the kubelet that it should wait X seconds before performing the first probe. |
-| healthChecks.readinessProbe.periodSeconds | int | `15` | periodSeconds specifies the interval at which the readiness probe will be repeated. |
-| healthChecks.readinessProbe.timeoutSeconds | int | `5` | timeoutSeconds is the number of seconds after which the probe times out. |
-| image | object | `{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"falcosecurity/falco-exporter","tag":"0.8.3"}` | image is the configuration for the exporter image. |
-| image.pullPolicy | string | `"IfNotPresent"` | pullPolicy is the policy used to determine when a node should attempt to pull the container image. |
-| image.registry | string | `"docker.io"` | registry is the image registry to pull from. |
-| image.repository | string | `"falcosecurity/falco-exporter"` | repository is the image repository to pull from. |
-| image.tag | string | `"0.8.3"` | tag is image tag to pull. |
-| imagePullSecrets | list | `[]` | pullSecrets a list of secrets containing credentials used when pulling from private/secure registries. |
-| nameOverride | string | `""` | nameOverride is the new name used to override the release name used for exporter's components. |
-| nodeSelector | object | `{}` | nodeSelector specifies a set of key-value pairs that must match labels assigned to nodes for the Pod to be eligible for scheduling on that node |
-| podSecurityContext | object | `{}` | podSecurityPolicy holds the security policy settings for the pod. |
-| podSecurityPolicy | object | `{"annotations":{},"create":false,"name":""}` | podSecurityPolicy holds the security policy settings for the pod. |
-| podSecurityPolicy.annotations | object | `{}` | annotations to add to the PSP, Role and RoleBinding |
-| podSecurityPolicy.create | bool | `false` | create specifies whether a PSP, Role and RoleBinding should be created |
-| podSecurityPolicy.name | string | `""` | name of the PSP, Role and RoleBinding to use. If not set and create is true, a name is generated using the fullname template |
-| priorityClassName | string | `""` | priorityClassName specifies the name of the PriorityClass for the pods. |
-| prometheusRules.alerts.additionalAlerts | object | `{}` |  |
-| prometheusRules.alerts.alert.enabled | bool | `true` |  |
-| prometheusRules.alerts.alert.for | string | `"5m"` |  |
-| prometheusRules.alerts.alert.rate_interval | string | `"5m"` |  |
-| prometheusRules.alerts.alert.threshold | int | `0` |  |
-| prometheusRules.alerts.critical.enabled | bool | `true` |  |
-| prometheusRules.alerts.critical.for | string | `"15m"` |  |
-| prometheusRules.alerts.critical.rate_interval | string | `"5m"` |  |
-| prometheusRules.alerts.critical.threshold | int | `0` |  |
-| prometheusRules.alerts.emergency.enabled | bool | `true` |  |
-| prometheusRules.alerts.emergency.for | string | `"1m"` |  |
-| prometheusRules.alerts.emergency.rate_interval | string | `"1m"` |  |
-| prometheusRules.alerts.emergency.threshold | int | `0` |  |
-| prometheusRules.alerts.error.enabled | bool | `true` |  |
-| prometheusRules.alerts.error.for | string | `"15m"` |  |
-| prometheusRules.alerts.error.rate_interval | string | `"5m"` |  |
-| prometheusRules.alerts.error.threshold | int | `0` |  |
-| prometheusRules.alerts.warning.enabled | bool | `true` |  |
-| prometheusRules.alerts.warning.for | string | `"15m"` |  |
-| prometheusRules.alerts.warning.rate_interval | string | `"5m"` |  |
-| prometheusRules.alerts.warning.threshold | int | `0` |  |
-| prometheusRules.enabled | bool | `false` | enabled specifies whether the prometheus rules should be deployed. |
-| resources | object | `{}` | resources defines the computing resources (CPU and memory) that are allocated to the containers running within the Pod. |
-| scc.create | bool | `true` |  |
-| securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]},"privileged":false,"readOnlyRootFilesystem":true,"seccompProfile":{"type":"RuntimeDefault"}}` | securityContext holds the security context for the daemonset. |
-| securityContext.capabilities | object | `{"drop":["ALL"]}` | capabilities to be assigned to the daemonset. |
-| service | object | `{"annotations":{"prometheus.io/port":"9376","prometheus.io/scrape":"true"},"clusterIP":"None","labels":{},"mTLS":{"enabled":false},"port":9376,"targetPort":9376,"type":"ClusterIP"}` | service exposes the exporter service to be accessed from within the cluster. |
-| service.annotations | object | `{"prometheus.io/port":"9376","prometheus.io/scrape":"true"}` | annotations set of annotations to be applied to the service. |
-| service.clusterIP | string | `"None"` | clusterIP set to none. It's headless service. |
-| service.labels | object | `{}` | labels set of labels to be applied to the service. |
-| service.mTLS | object | `{"enabled":false}` | mTLS mutual TLS for HTTP metrics server. |
-| service.mTLS.enabled | bool | `false` | enabled specifies whether the mTLS should be enabled. |
-| service.port | int | `9376` | port is the port on which the Service will listen. |
-| service.targetPort | int | `9376` | targetPort is the port on which the Pod is listening. |
-| service.type | string | `"ClusterIP"` | type denotes the service type. Setting it to "ClusterIP" we ensure that are accessible from within the cluster. |
-| serviceAccount | object | `{"annotations":{},"create":true,"name":""}` | serviceAccount is the configuration for the service account. |
-| serviceAccount.name | string | `""` | name is the name of the service account to use. If not set and create is true, a name is generated using the fullname template. If set and create is false, an already existing serviceAccount must be provided. |
-| serviceMonitor | object | `{"additionalLabels":{},"additionalProperties":{},"enabled":false,"interval":"","scrapeTimeout":""}` | serviceMonitor holds the configuration for the ServiceMonitor CRD. A ServiceMonitor is a custom resource definition (CRD) used to configure how Prometheus should discover and scrape metrics from the exporter service. |
-| serviceMonitor.additionalLabels | object | `{}` | additionalLabels specifies labels to be added on the Service Monitor. |
-| serviceMonitor.additionalProperties | object | `{}` | aditionalProperties allows setting additional properties on the endpoint such as relabelings, metricRelabelings etc. |
-| serviceMonitor.enabled | bool | `false` | enable the deployment of a Service Monitor for the Prometheus Operator. |
-| serviceMonitor.interval | string | `""` | interval specifies the time interval at which Prometheus should scrape metrics from the service. |
-| serviceMonitor.scrapeTimeout | string | `""` | scrapeTimeout determines the maximum time Prometheus should wait for a target to respond to a scrape request. If the target does not respond within the specified timeout, Prometheus considers the scrape as failed for that target. |
-| tolerations | list | `[{"effect":"NoSchedule","key":"node-role.kubernetes.io/master"},{"effect":"NoSchedule","key":"node-role.kubernetes.io/control-plane"}]` | tolerations are applied to pods and allow them to be scheduled on nodes with matching taints. |
--- a/charts/falco-exporter/templates/NOTES.txt
+++ b/charts/falco-exporter/templates/NOTES.txt
@ -1,16 +0,0 @@
-Get the falco-exporter metrics URL by running these commands:
-{{- if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "falco-exporter.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo {{- if .Values.service.mTLS.enabled }} https{{- else }} http{{- end }}://$NODE_IP:$NODE_PORT/metrics
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get svc -w {{ template "falco-exporter.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "falco-exporter.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo {{- if .Values.service.mTLS.enabled }} https{{- else }} http{{- end }}://$SERVICE_IP:{{ .Values.service.port }}/metrics
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "falco-exporter.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  echo "Visit {{- if .Values.service.mTLS.enabled }} https{{- else }} http{{- end }}://127.0.0.1:{{ .Values.service.targetPort }}/metrics to use your application"
-  kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.service.targetPort }}
-{{- end }}
-  echo {{- if .Values.service.mTLS.enabled }} "You'll need a valid client certificate and its corresponding key for Mutual TLS handshake" {{- end }}
--- a/charts/falco-exporter/templates/_helpers.tpl
+++ b/charts/falco-exporter/templates/_helpers.tpl
@ -1,98 +0,0 @@
-{{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "falco-exporter.name" -}}
-{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Create a default fully qualified app name.
-We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
-If release name contains chart name it will be used as a full name.
-*/}}
-{{- define "falco-exporter.fullname" -}}
-{{- if .Values.fullnameOverride -}}
-{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
-{{- else -}}
-{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create chart name and version as used by the chart label.
-*/}}
-{{- define "falco-exporter.chart" -}}
-{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
-{{- end -}}
-
-{{/*
-Common labels
-*/}}
-{{- define "falco-exporter.labels" -}}
-{{ include "falco-exporter.selectorLabels" . }}
-{{- if .Chart.AppVersion }}
-app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
-{{- end }}
-{{- if not .Values.skipHelm }}
-app.kubernetes.io/managed-by: {{ .Release.Service }}
-{{- end }}
-{{- if not .Values.skipHelm }}
-helm.sh/chart: {{ include "falco-exporter.chart" . }}
-{{- end }}
-{{- end -}}
-
-{{/*
-Selector labels
-*/}}
-{{- define "falco-exporter.selectorLabels" -}}
-app.kubernetes.io/name: {{ include "falco-exporter.name" . }}
-app.kubernetes.io/instance: {{ .Release.Name }}
-{{- end -}}
-
-{{/*
-Create the name of the service account to use
-*/}}
-{{- define "falco-exporter.serviceAccountName" -}}
-{{- if .Values.serviceAccount.create -}}
-    {{ default (include "falco-exporter.fullname" .) .Values.serviceAccount.name }}
-{{- else -}}
-    {{ default "default" .Values.serviceAccount.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Create the name of the PSP to use
-*/}}
-{{- define "falco-exporter.podSecurityPolicyName" -}}
-{{- if .Values.podSecurityPolicy.create -}}
-    {{ default (include "falco-exporter.fullname" .) .Values.podSecurityPolicy.name }}
-{{- else -}}
-    {{ default "default" .Values.podSecurityPolicy.name }}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Extract the unixSocket's directory path
-*/}}
-{{- define "falco-exporter.unixSocketDir" -}}
-{{- if .Values.falco.grpcUnixSocketPath -}}
-{{- .Values.falco.grpcUnixSocketPath | trimPrefix "unix://" | dir -}}
-{{- end -}}
-{{- end -}}
-
-{{/*
-Return the appropriate apiVersion for rbac.
-*/}}
-{{- define "rbac.apiVersion" -}}
-{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1" }}
-{{- print "rbac.authorization.k8s.io/v1" -}}
-{{- else -}}
-{{- print "rbac.authorization.k8s.io/v1beta1" -}}
-{{- end -}}
-{{- end -}}
--- a/charts/falco-exporter/templates/daemonset.yaml
+++ b/charts/falco-exporter/templates/daemonset.yaml
@ -1,132 +0,0 @@
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
-  name: {{ include "falco-exporter.fullname" . }}
-  labels:
-    {{- include "falco-exporter.labels" . | nindent 4 }}
-  namespace: {{ .Release.Namespace }}
-spec:
-  selector:
-    matchLabels:
-      {{- include "falco-exporter.selectorLabels" . | nindent 6 }}
-  updateStrategy:
-{{ toYaml .Values.daemonset.updateStrategy | indent 4 }}
-  template:
-    metadata:
-      labels:
-        {{- include "falco-exporter.selectorLabels" . | nindent 8 }}
-        {{- if .Values.daemonset.podLabels }}
-        {{ toYaml .Values.daemonset.podLabels | nindent 8 }}
-        {{- end }}
-      {{- if .Values.daemonset.annotations }}
-      annotations:
-      {{ toYaml .Values.daemonset.annotations | nindent 8 }}
-      {{- end }}
-    spec:
-    {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-      {{- if .Values.priorityClassName }}
-      priorityClassName: "{{ .Values.priorityClassName }}"
-      {{- end }}
-      serviceAccountName: {{ include "falco-exporter.serviceAccountName" . }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
-      containers:
-        - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
-          image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-          imagePullPolicy: {{ .Values.image.pullPolicy }}
-          args:
-            - /usr/bin/falco-exporter
-            {{- if .Values.falco.grpcUnixSocketPath }}
-            - --client-socket={{ .Values.falco.grpcUnixSocketPath }}
-            {{- else }}
-            - --client-hostname={{ .Values.falco.grpcHostname }}
-            - --client-port={{ .Values.falco.grpcPort }}
-            {{- end }}
-            - --timeout={{ .Values.falco.grpcTimeout }}
-            - --listen-address=0.0.0.0:{{ .Values.service.port }}
-            {{- if .Values.service.mTLS.enabled }}
-            - --server-ca=/etc/falco/server-certs/ca.crt
-            - --server-cert=/etc/falco/server-certs/server.crt
-            - --server-key=/etc/falco/server-certs/server.key
-            {{- end }}
-          ports:
-            - name: metrics
-              containerPort: {{ .Values.service.targetPort }}
-              protocol: TCP
-          livenessProbe:
-            initialDelaySeconds: {{ .Values.healthChecks.livenessProbe.initialDelaySeconds }}
-            timeoutSeconds: {{ .Values.healthChecks.livenessProbe.timeoutSeconds }}
-            periodSeconds: {{ .Values.healthChecks.livenessProbe.periodSeconds }}          
-            httpGet:
-              path: /liveness
-              port: {{ .Values.healthChecks.livenessProbe.probesPort }}
-          readinessProbe:
-            initialDelaySeconds: {{ .Values.healthChecks.readinessProbe.initialDelaySeconds }}
-            timeoutSeconds: {{ .Values.healthChecks.readinessProbe.timeoutSeconds }}
-            periodSeconds: {{ .Values.healthChecks.readinessProbe.periodSeconds }}
-            httpGet:
-              path: /readiness
-              port: {{ .Values.healthChecks.readinessProbe.probesPort }}
-          resources:
-            {{- toYaml .Values.resources | nindent 12 }}
-          volumeMounts:
-          {{- if .Values.falco.grpcUnixSocketPath }}
-            - mountPath: {{ include "falco-exporter.unixSocketDir" . }}
-              name: falco-socket-dir
-              readOnly: true
-          {{- else }}
-            - mountPath: /etc/falco/certs
-              name: certs-volume
-              readOnly: true
-          {{- end }}
-          {{- if .Values.service.mTLS.enabled }}
-            - mountPath: /etc/falco/server-certs
-              name: server-certs-volume
-              readOnly: true
-          {{- end }}
-      volumes:
-      {{- if .Values.falco.grpcUnixSocketPath }}
-        - name: falco-socket-dir
-          hostPath:
-            path: {{ include "falco-exporter.unixSocketDir" . }}
-      {{- else }}
-        - name: certs-volume
-          secret:
-            secretName: {{ include "falco-exporter.fullname" . }}-certs
-            items:
-              - key: client.key
-                path: client.key
-              - key: client.crt
-                path: client.crt
-              - key: ca.crt
-                path: ca.crt
-      {{- end }}
-      {{- if .Values.service.mTLS.enabled }}
-        - name: server-certs-volume
-          secret:
-            secretName: {{ include "falco-exporter.fullname" . }}-server-certs
-            items:
-              - key: server.key
-                path: server.key
-              - key: server.crt
-                path: server.crt
-              - key: ca.crt
-                path: ca.crt
-      {{- end }}
-      {{- with .Values.nodeSelector }}
-      nodeSelector:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
-    {{- with .Values.affinity }}
-      affinity:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
--- a/charts/falco-exporter/templates/grafana-dashboard.yaml
+++ b/charts/falco-exporter/templates/grafana-dashboard.yaml
@ -1,648 +0,0 @@
-{{- if .Values.grafanaDashboard.enabled }}
-apiVersion: v1
-data:
-  grafana-falco.json: |-
-    {
-        "__inputs": [
-        ],
-        "__requires": [
-          {
-            "type": "grafana",
-            "id": "grafana",
-            "name": "Grafana",
-            "version": "7.0.3"
-          },
-          {
-            "type": "panel",
-            "id": "graph",
-            "name": "Graph",
-            "version": ""
-          },
-          {
-            "type": "datasource",
-            "id": "prometheus",
-            "name": "Prometheus",
-            "version": "1.0.0"
-          },
-          {
-            "type": "panel",
-            "id": "table",
-            "name": "Table",
-            "version": ""
-          }
-        ],
-        "annotations": {
-          "list": [
-            {
-              "builtIn": 1,
-              "datasource": {
-                "type": "datasource",
-                "uid": "grafana"
-              },
-              "enable": true,
-              "hide": true,
-              "iconColor": "rgba(0, 211, 255, 1)",
-              "name": "Annotations & Alerts",
-              "target": {
-                "limit": 100,
-                "matchAny": false,
-                "tags": [],
-                "type": "dashboard"
-              },
-              "type": "dashboard"
-            }
-          ]
-        },
-        "description": "",
-        "editable": true,
-        "fiscalYearStartMonth": 0,
-        "graphTooltip": 1,
-        "id": null,
-        "links": [],
-        "liveNow": false,
-        "panels": [
-          {
-            "datasource": {
-              "type": "prometheus",
-              "uid": "${datasource}"
-            },
-            "fieldConfig": {
-              "defaults": {
-                "color": {
-                  "mode": "palette-classic",
-                  "seriesBy": "last"
-                },
-                "custom": {
-                  "axisBorderShow": false,
-                  "axisCenteredZero": false,
-                  "axisColorMode": "text",
-                  "axisLabel": "",
-                  "axisPlacement": "auto",
-                  "barAlignment": 0,
-                  "drawStyle": "line",
-                  "fillOpacity": 10,
-                  "gradientMode": "none",
-                  "hideFrom": {
-                    "legend": false,
-                    "tooltip": false,
-                    "viz": false
-                  },
-                  "insertNulls": false,
-                  "lineInterpolation": "smooth",
-                  "lineStyle": {
-                    "fill": "solid"
-                  },
-                  "lineWidth": 2,
-                  "pointSize": 5,
-                  "scaleDistribution": {
-                    "type": "linear"
-                  },
-                  "showPoints": "never",
-                  "spanNulls": false,
-                  "stacking": {
-                    "group": "A",
-                    "mode": "none"
-                  },
-                  "thresholdsStyle": {
-                    "mode": "off"
-                  }
-                },
-                "mappings": [],
-                "thresholds": {
-                  "mode": "absolute",
-                  "steps": [
-                    {
-                      "color": "green",
-                      "value": null
-                    }
-                  ]
-                },
-                "unit": "none"
-              },
-              "overrides": []
-            },
-            "gridPos": {
-              "h": 8,
-              "w": 12,
-              "x": 0,
-              "y": 0
-            },
-            "id": 90,
-            "options": {
-              "legend": {
-                "calcs": [],
-                "displayMode": "table",
-                "placement": "right",
-                "showLegend": true
-              },
-              "tooltip": {
-                "mode": "multi",
-                "sort": "asc"
-              }
-            },
-            "pluginVersion": "8.3.3",
-            "targets": [
-              {
-                "datasource": {
-                  "type": "prometheus",
-                  "uid": "${datasource}"
-                },
-                "editorMode": "code",
-                "expr": "sum(rate(falco_events[$__rate_interval])) by (rule)",
-                "hide": false,
-                "instant": false,
-                "legendFormat": "__auto",
-                "range": true,
-                "refId": "A"
-              }
-            ],
-            "title": "Events rate by rule",
-            "type": "timeseries"
-          },
-          {
-            "datasource": {
-              "type": "prometheus",
-              "uid": "${datasource}"
-            },
-            "fieldConfig": {
-              "defaults": {
-                "color": {
-                  "mode": "palette-classic",
-                  "seriesBy": "last"
-                },
-                "custom": {
-                  "axisBorderShow": false,
-                  "axisCenteredZero": false,
-                  "axisColorMode": "text",
-                  "axisLabel": "",
-                  "axisPlacement": "auto",
-                  "barAlignment": 0,
-                  "drawStyle": "line",
-                  "fillOpacity": 10,
-                  "gradientMode": "none",
-                  "hideFrom": {
-                    "legend": false,
-                    "tooltip": false,
-                    "viz": false
-                  },
-                  "insertNulls": false,
-                  "lineInterpolation": "smooth",
-                  "lineStyle": {
-                    "fill": "solid"
-                  },
-                  "lineWidth": 2,
-                  "pointSize": 5,
-                  "scaleDistribution": {
-                    "type": "linear"
-                  },
-                  "showPoints": "never",
-                  "spanNulls": false,
-                  "stacking": {
-                    "group": "A",
-                    "mode": "none"
-                  },
-                  "thresholdsStyle": {
-                    "mode": "off"
-                  }
-                },
-                "mappings": [],
-                "thresholds": {
-                  "mode": "absolute",
-                  "steps": [
-                    {
-                      "color": "green",
-                      "value": null
-                    }
-                  ]
-                },
-                "unit": "none"
-              },
-              "overrides": []
-            },
-            "gridPos": {
-              "h": 8,
-              "w": 12,
-              "x": 12,
-              "y": 0
-            },
-            "id": 72,
-            "options": {
-              "legend": {
-                "calcs": [],
-                "displayMode": "table",
-                "placement": "right",
-                "showLegend": true
-              },
-              "tooltip": {
-                "mode": "multi",
-                "sort": "asc"
-              }
-            },
-            "pluginVersion": "8.3.3",
-            "targets": [
-              {
-                "datasource": {
-                  "type": "prometheus",
-                  "uid": "${datasource}"
-                },
-                "editorMode": "code",
-                "expr": "sum(rate(falco_events[$__rate_interval])) by (priority)",
-                "hide": false,
-                "instant": false,
-                "legendFormat": "__auto",
-                "range": true,
-                "refId": "A"
-              }
-            ],
-            "title": "Events rate by priority",
-            "type": "timeseries"
-          },
-          {
-            "datasource": {
-              "type": "prometheus",
-              "uid": "${datasource}"
-            },
-            "fieldConfig": {
-              "defaults": {
-                "color": {
-                  "mode": "palette-classic",
-                  "seriesBy": "last"
-                },
-                "custom": {
-                  "axisBorderShow": false,
-                  "axisCenteredZero": false,
-                  "axisColorMode": "text",
-                  "axisLabel": "",
-                  "axisPlacement": "auto",
-                  "barAlignment": 0,
-                  "drawStyle": "line",
-                  "fillOpacity": 10,
-                  "gradientMode": "none",
-                  "hideFrom": {
-                    "legend": false,
-                    "tooltip": false,
-                    "viz": false
-                  },
-                  "insertNulls": false,
-                  "lineInterpolation": "smooth",
-                  "lineStyle": {
-                    "fill": "solid"
-                  },
-                  "lineWidth": 2,
-                  "pointSize": 5,
-                  "scaleDistribution": {
-                    "type": "linear"
-                  },
-                  "showPoints": "never",
-                  "spanNulls": false,
-                  "stacking": {
-                    "group": "A",
-                    "mode": "none"
-                  },
-                  "thresholdsStyle": {
-                    "mode": "off"
-                  }
-                },
-                "mappings": [],
-                "thresholds": {
-                  "mode": "absolute",
-                  "steps": [
-                    {
-                      "color": "green",
-                      "value": null
-                    }
-                  ]
-                },
-                "unit": "none"
-              },
-              "overrides": []
-            },
-            "gridPos": {
-              "h": 8,
-              "w": 12,
-              "x": 0,
-              "y": 8
-            },
-            "id": 89,
-            "options": {
-              "legend": {
-                "calcs": [],
-                "displayMode": "table",
-                "placement": "right",
-                "showLegend": true
-              },
-              "tooltip": {
-                "mode": "multi",
-                "sort": "asc"
-              }
-            },
-            "pluginVersion": "8.3.3",
-            "targets": [
-              {
-                "datasource": {
-                  "type": "prometheus",
-                  "uid": "${datasource}"
-                },
-                "editorMode": "code",
-                "expr": "sum(rate(falco_events[$__rate_interval])) by (tags)",
-                "hide": false,
-                "instant": false,
-                "legendFormat": "__auto",
-                "range": true,
-                "refId": "A"
-              }
-            ],
-            "title": "Events rate by tags",
-            "type": "timeseries"
-          },
-          {
-            "datasource": {
-              "type": "prometheus",
-              "uid": "${datasource}"
-            },
-            "fieldConfig": {
-              "defaults": {
-                "color": {
-                  "mode": "palette-classic",
-                  "seriesBy": "last"
-                },
-                "custom": {
-                  "axisBorderShow": false,
-                  "axisCenteredZero": false,
-                  "axisColorMode": "text",
-                  "axisLabel": "",
-                  "axisPlacement": "auto",
-                  "barAlignment": 0,
-                  "drawStyle": "line",
-                  "fillOpacity": 10,
-                  "gradientMode": "none",
-                  "hideFrom": {
-                    "legend": false,
-                    "tooltip": false,
-                    "viz": false
-                  },
-                  "insertNulls": false,
-                  "lineInterpolation": "smooth",
-                  "lineStyle": {
-                    "fill": "solid"
-                  },
-                  "lineWidth": 2,
-                  "pointSize": 5,
-                  "scaleDistribution": {
-                    "type": "linear"
-                  },
-                  "showPoints": "never",
-                  "spanNulls": false,
-                  "stacking": {
-                    "group": "A",
-                    "mode": "none"
-                  },
-                  "thresholdsStyle": {
-                    "mode": "off"
-                  }
-                },
-                "mappings": [],
-                "thresholds": {
-                  "mode": "absolute",
-                  "steps": [
-                    {
-                      "color": "green",
-                      "value": null
-                    }
-                  ]
-                },
-                "unit": "none"
-              },
-              "overrides": []
-            },
-            "gridPos": {
-              "h": 8,
-              "w": 12,
-              "x": 12,
-              "y": 8
-            },
-            "id": 91,
-            "options": {
-              "legend": {
-                "calcs": [],
-                "displayMode": "table",
-                "placement": "right",
-                "showLegend": true
-              },
-              "tooltip": {
-                "mode": "multi",
-                "sort": "asc"
-              }
-            },
-            "pluginVersion": "8.3.3",
-            "targets": [
-              {
-                "datasource": {
-                  "type": "prometheus",
-                  "uid": "${datasource}"
-                },
-                "editorMode": "code",
-                "expr": "sum(rate(falco_events[$__rate_interval])) by (pod, hostname)",
-                "hide": false,
-                "instant": false,
-                "legendFormat": "{{`{{ pod }} ({{hostname}})`}}",
-                "range": true,
-                "refId": "A"
-              }
-            ],
-            "title": "Events rate by pod, hostname",
-            "type": "timeseries"
-          },
-          {
-            "datasource": {
-              "type": "prometheus",
-              "uid": "$datasource"
-            },
-            "fieldConfig": {
-              "defaults": {
-                "color": {
-                  "mode": "thresholds"
-                },
-                "custom": {
-                  "align": "auto",
-                  "cellOptions": {
-                    "type": "color-text"
-                  },
-                  "filterable": true,
-                  "inspect": false,
-                  "minWidth": 50
-                },
-                "mappings": [],
-                "thresholds": {
-                  "mode": "absolute",
-                  "steps": [
-                    {
-                      "color": "text",
-                      "value": null
-                    },
-                    {
-                      "color": "#EAB839",
-                      "value": 100
-                    },
-                    {
-                      "color": "red",
-                      "value": 1000
-                    }
-                  ]
-                }
-              },
-              "overrides": []
-            },
-            "gridPos": {
-              "h": 12,
-              "w": 24,
-              "x": 0,
-              "y": 16
-            },
-            "id": 94,
-            "options": {
-              "cellHeight": "sm",
-              "footer": {
-                "countRows": false,
-                "enablePagination": true,
-                "fields": "",
-                "reducer": [
-                  "sum"
-                ],
-                "show": false
-              },
-              "showHeader": true,
-              "sortBy": [
-                {
-                  "desc": true,
-                  "displayName": "Count"
-                }
-              ]
-            },
-            "pluginVersion": "10.4.1",
-            "targets": [
-              {
-                "datasource": {
-                  "type": "prometheus",
-                  "uid": "prometheus"
-                },
-                "editorMode": "code",
-                "exemplar": false,
-                "expr": "falco_events",
-                "format": "table",
-                "instant": true,
-                "legendFormat": "__auto",
-                "range": false,
-                "refId": "A"
-              }
-            ],
-            "title": "Events Total",
-            "transformations": [
-              {
-                "id": "organize",
-                "options": {
-                  "excludeByName": {
-                    "Time": true,
-                    "__name__": true,
-                    "container": true,
-                    "endpoint": true,
-                    "instance": true,
-                    "job": true,
-                    "k8s_ns_name": true,
-                    "k8s_pod_name": true,
-                    "service": true
-                  },
-                  "includeByName": {},
-                  "indexByName": {},
-                  "renameByName": {
-                    "Value": "Count"
-                  }
-                }
-              }
-            ],
-            "type": "table"
-          }
-        ],
-        "refresh": "30s",
-        "schemaVersion": 39,
-        "tags": [
-          "security",
-          "falco"
-        ],
-        "templating": {
-          "list": [
-            {
-              "current": {
-                "selected": false,
-                "text": "Prometheus",
-                "value": "prometheus"
-              },
-              "hide": 0,
-              "includeAll": false,
-              "multi": false,
-              "name": "datasource",
-              "options": [],
-              "query": "prometheus",
-              "queryValue": "",
-              "refresh": 1,
-              "regex": "",
-              "skipUrlSync": false,
-              "type": "datasource"
-            },
-            {
-              "current": {
-                "isNone": true,
-                "selected": false,
-                "text": "None",
-                "value": ""
-              },
-              "datasource": {
-                "type": "prometheus",
-                "uid": "${datasource}"
-              },
-              "definition": "label_values(kube_node_info,cluster)",
-              "hide": 0,
-              "includeAll": false,
-              "multi": false,
-              "name": "cluster",
-              "options": [],
-              "query": {
-                "qryType": 1,
-                "query": "label_values(kube_node_info,cluster)",
-                "refId": "PrometheusVariableQueryEditor-VariableQuery"
-              },
-              "refresh": 1,
-              "regex": "",
-              "skipUrlSync": false,
-              "sort": 1,
-              "type": "query"
-            }
-          ]
-        },
-        "time": {
-          "from": "now-1h",
-          "to": "now"
-        },
-        "timepicker": {},
-        "timezone": "",
-        "title": "Falco Events",
-        "uid": "FvUFlfuZz",
-        "version": 2,
-        "weekStart": ""
-      }
-kind: ConfigMap
-metadata:
-  labels:
-    grafana_dashboard: "1"
-  {{- if .Values.grafanaDashboard.folder }}
-  annotations:
-    k8s-sidecar-target-directory: /tmp/dashboards/{{ .Values.grafanaDashboard.folder }}
-    {{ .Values.grafanaDashboard.folderAnnotation }}: {{ .Values.grafanaDashboard.folder }}
-  {{- end }}
-  name: grafana-falco
-  {{- if .Values.grafanaDashboard.namespace }}
-  namespace: {{ .Values.grafanaDashboard.namespace }}
-  {{- else }}
-  namespace: {{ .Release.Namespace }}
-  {{- end}}
-{{- end -}}
--- a/charts/falco-exporter/templates/podsecuritypolicy.yaml
+++ b/charts/falco-exporter/templates/podsecuritypolicy.yaml
@ -1,28 +0,0 @@
-{{- if and .Values.podSecurityPolicy.create (.Capabilities.APIVersions.Has "policy/v1beta1") }}
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
-  name: {{ include "falco-exporter.podSecurityPolicyName" . }}
-  labels:
-    {{- include "falco-exporter.labels" . | nindent 4 }}
-  {{- with .Values.podSecurityPolicy.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-spec:
-  allowPrivilegeEscalation: false
-  allowedHostPaths:
-  - pathPrefix: "/run/falco"
-    readOnly: true
-  fsGroup:
-    rule: RunAsAny
-  runAsUser:
-    rule: RunAsAny
-  seLinux:
-    rule: RunAsAny
-  supplementalGroups:
-    rule: RunAsAny
-  volumes:
-  - 'hostPath'
-  - 'secret'
-{{- end -}}
--- a/charts/falco-exporter/templates/prometheusrule.yaml
+++ b/charts/falco-exporter/templates/prometheusrule.yaml
@ -1,81 +0,0 @@
-{{- if and .Values.prometheusRules.enabled .Values.serviceMonitor.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: PrometheusRule
-metadata:
-  name: {{ include "falco-exporter.fullname" . }}
-  {{- if .Values.prometheusRules.namespace }}
-  namespace: {{ .Values.prometheusRules.namespace }}
-  {{- end }}
-  labels:
-    {{- include "falco-exporter.labels" . | nindent 4 }}
-    {{- if .Values.prometheusRules.additionalLabels }}
-    {{- toYaml .Values.prometheusRules.additionalLabels | nindent 4 }}
-    {{- end }}
-spec:
-  groups:
-  - name: falco-exporter
-    rules:
-    {{- if .Values.prometheusRules.enabled }}
-    - alert: FalcoExporterAbsent
-      expr: absent(up{job="{{- include "falco-exporter.fullname" . }}"})
-      for: 10m
-      annotations:
-        summary: Falco Exporter has dissapeared from Prometheus service discovery.
-        description: No metrics are being scraped from falco. No events will trigger any alerts.
-      labels:
-        severity: critical
-    {{- end }}
-    {{- if .Values.prometheusRules.alerts.warning.enabled }}
-    - alert: FalcoWarningEventsRateHigh
-      annotations:
-        summary: Falco is experiencing high rate of warning events
-        description: A high rate of warning events are being detected by Falco
-      expr: rate(falco_events{priority="4"}[{{ .Values.prometheusRules.alerts.warning.rate_interval }}]) > {{ .Values.prometheusRules.alerts.warning.threshold }}
-      for: {{ .Values.prometheusRules.alerts.warning.for }}
-      labels:
-        severity: warning
-    {{- end }}
-    {{- if .Values.prometheusRules.alerts.error.enabled }}
-    - alert: FalcoErrorEventsRateHigh
-      annotations:
-        summary: Falco is experiencing high rate of error events
-        description: A high rate of error events are being detected by Falco
-      expr: rate(falco_events{priority="3"}[{{ .Values.prometheusRules.alerts.error.rate_interval }}]) > {{ .Values.prometheusRules.alerts.error.threshold }}
-      for: {{ .Values.prometheusRules.alerts.error.for }}
-      labels:
-        severity: warning
-    {{- end }}
-    {{- if .Values.prometheusRules.alerts.critical.enabled }}
-    - alert: FalcoCriticalEventsRateHigh
-      annotations:
-        summary: Falco is experiencing high rate of critical events
-        description: A high rate of critical events are being detected by Falco
-      expr: rate(falco_events{priority="2"}[{{ .Values.prometheusRules.alerts.critical.rate_interval }}]) > {{ .Values.prometheusRules.alerts.critical.threshold }}
-      for: {{ .Values.prometheusRules.alerts.critical.for }}
-      labels:
-        severity: critical
-    {{- end }}
-    {{- if .Values.prometheusRules.alerts.alert.enabled }}
-    - alert: FalcoAlertEventsRateHigh
-      annotations:
-        summary: Falco is experiencing high rate of alert events
-        description: A high rate of alert events are being detected by Falco
-      expr: rate(falco_events{priority="1"}[{{ .Values.prometheusRules.alerts.alert.rate_interval }}]) > {{ .Values.prometheusRules.alerts.alert.threshold }}
-      for: {{ .Values.prometheusRules.alerts.alert.for }}
-      labels:
-        severity: critical
-    {{- end }}
-    {{- if .Values.prometheusRules.alerts.emergency.enabled }}
-    - alert: FalcoEmergencyEventsRateHigh
-      annotations:
-        summary: Falco is experiencing high rate of emergency events
-        description: A high rate of emergency events are being detected by Falco
-      expr: rate(falco_events{priority="0"}[{{ .Values.prometheusRules.alerts.emergency.rate_interval }}]) > {{ .Values.prometheusRules.alerts.emergency.threshold }}
-      for: {{ .Values.prometheusRules.alerts.emergency.for }}
-      labels:
-        severity: critical
-    {{- end }}
-    {{- with .Values.prometheusRules.additionalAlerts }}
-    {{ . | nindent 4 }}
-    {{- end }}
-{{- end }}
--- a/charts/falco-exporter/templates/role.yaml
+++ b/charts/falco-exporter/templates/role.yaml
@ -1,22 +0,0 @@
-{{- if .Values.podSecurityPolicy.create -}}
-kind: Role
-apiVersion: {{ template "rbac.apiVersion" . }}
-metadata:
-  name: {{ include "falco-exporter.podSecurityPolicyName" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "falco-exporter.labels" . | nindent 4 }}
-  {{- with .Values.podSecurityPolicy.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-rules:
- apiGroups:
-    - policy
-  resources:
-    - podsecuritypolicies
-  resourceNames:
-    - {{ include "falco-exporter.podSecurityPolicyName" . }}
-  verbs:
-    - use
-{{- end -}}
--- a/charts/falco-exporter/templates/rolebinding.yaml
+++ b/charts/falco-exporter/templates/rolebinding.yaml
@ -1,20 +0,0 @@
-{{- if .Values.podSecurityPolicy.create -}}
-kind: RoleBinding
-apiVersion: {{ template "rbac.apiVersion" . }}
-metadata:
-  name: {{ include "falco-exporter.podSecurityPolicyName" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "falco-exporter.labels" . | nindent 4 }}
-  {{- with .Values.podSecurityPolicy.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-subjects:
- kind: ServiceAccount
-  name: {{ include "falco-exporter.serviceAccountName" . }}
-roleRef:
-  kind: Role
-  name: {{ include "falco-exporter.podSecurityPolicyName" . }}
-  apiGroup: rbac.authorization.k8s.io
-{{- end -}}
--- a/charts/falco-exporter/templates/secret-certs.yaml
+++ b/charts/falco-exporter/templates/secret-certs.yaml
@ -1,24 +0,0 @@
-{{- if .Values.certs }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "falco-exporter.fullname" . }}-certs
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "falco-exporter.labels" . | nindent 4 }}
-type: Opaque
-data:
-{{- if .Values.certs }}
-{{- if and .Values.certs.ca .Values.certs.ca.crt }}
-  ca.crt: {{ .Values.certs.ca.crt | b64enc | quote }}
-{{- end }}
-{{- if .Values.certs.client }}
-{{- if .Values.certs.client.key }}
-  client.key: {{ .Values.certs.client.key | b64enc | quote }}
-{{- end }}
-{{- if .Values.certs.client.crt }}
-  client.crt: {{ .Values.certs.client.crt | b64enc | quote }}
-{{- end }}
-{{- end }}
-{{- end }}
-{{- end }}
--- a/charts/falco-exporter/templates/securitycontextconstraints.yaml
+++ b/charts/falco-exporter/templates/securitycontextconstraints.yaml
@ -1,41 +0,0 @@
-{{- if and .Values.scc.create (.Capabilities.APIVersions.Has "security.openshift.io/v1") }}
-apiVersion: security.openshift.io/v1
-kind: SecurityContextConstraints
-metadata:
-  annotations:
-    kubernetes.io/description: |
-      This provides the minimum requirements Falco-exporter to run in Openshift.
-  name: {{ template "falco-exporter.fullname" . }}
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "falco-exporter.labels" . | nindent 4 }}
-allowHostDirVolumePlugin: true
-allowHostIPC: false
-allowHostNetwork: false
-allowHostPID: false
-allowHostPorts: false
-allowPrivilegeEscalation: false
-allowPrivilegedContainer: false
-allowedCapabilities: []
-allowedUnsafeSysctls: []
-defaultAddCapabilities: []
-fsGroup:
-  type: RunAsAny
-groups: []
-priority: 0
-readOnlyRootFilesystem: false
-requiredDropCapabilities: []
-runAsUser:
-  type: RunAsAny
-seLinuxContext:
-  type: RunAsAny
-seccompProfiles:
- '*'
-supplementalGroups:
-  type: RunAsAny
-users:
- system:serviceaccount:{{ .Release.Namespace }}:{{ include "falco-exporter.serviceAccountName" . }}
-volumes:
- hostPath
- secret
-{{- end }}
--- a/charts/falco-exporter/templates/server-secret-certs.yaml
+++ b/charts/falco-exporter/templates/server-secret-certs.yaml
@ -1,14 +0,0 @@
-{{- if .Values.service.mTLS.enabled }}
-apiVersion: v1
-kind: Secret
-metadata:
-  name: {{ include "falco-exporter.fullname" . }}-server-certs
-  namespace: {{ .Release.Namespace }}
-  labels:
-    {{- include "falco-exporter.labels" . | nindent 4 }}
-type: Opaque
-data:
-  server.crt: {{ .Values.service.mTLS.server.crt | b64enc | quote }}
-  server.key: {{ .Values.service.mTLS.server.key | b64enc | quote }}
-  ca.crt: {{ .Values.service.mTLS.ca.crt | b64enc | quote }}
-{{- end }}
--- a/charts/falco-exporter/templates/service.yaml
+++ b/charts/falco-exporter/templates/service.yaml
@ -1,42 +0,0 @@
-apiVersion: v1
-kind: Service
-metadata:
-  name: {{ include "falco-exporter.fullname" . }}
-{{- if .Values.service.annotations }}
-  annotations:
-{{ toYaml .Values.service.annotations | indent 4 }}
-{{- end }}
-  labels:
-    {{- include "falco-exporter.labels" . | nindent 4 }}
-{{- if .Values.service.labels }}
-{{ toYaml .Values.service.labels | indent 4 }}
-{{- end }}
-  namespace: {{ .Release.Namespace }}
-spec:
-{{- if .Values.service.clusterIP }}
-  clusterIP: {{ .Values.service.clusterIP }}
-{{- end }}
-{{- if .Values.service.externalIPs }}
-  externalIPs:
-{{ toYaml .Values.service.externalIPs | indent 4 }}
-{{- end }}
-{{- if .Values.service.loadBalancerIP }}
-  loadBalancerIP: {{ .Values.service.loadBalancerIP }}
-{{- end }}
-{{- if .Values.service.loadBalancerSourceRanges }}
-  loadBalancerSourceRanges:
-  {{- range $cidr := .Values.service.loadBalancerSourceRanges }}
-    - {{ $cidr }}
-  {{- end }}
-{{- end }}
-  type: {{ .Values.service.type }}
-  ports:
-    - port: {{ .Values.service.port }}
-    {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }}
-      nodePort: {{ .Values.service.nodePort }}
-    {{- end }}
-      targetPort: {{ .Values.service.targetPort }}
-      protocol: TCP
-      name: metrics
-  selector:
-    {{- include "falco-exporter.selectorLabels" . | nindent 4 }}
--- a/charts/falco-exporter/templates/serviceaccount.yaml
+++ b/charts/falco-exporter/templates/serviceaccount.yaml
@ -1,13 +0,0 @@
-{{- if .Values.serviceAccount.create -}}
-apiVersion: v1
-kind: ServiceAccount
-metadata:
-  name: {{ include "falco-exporter.serviceAccountName" . }}
-  labels:
-    {{- include "falco-exporter.labels" . | nindent 4 }}
-  {{- with .Values.serviceAccount.annotations }}
-  annotations:
-    {{- toYaml . | nindent 4 }}
-  {{- end }}
-  namespace: {{ .Release.Namespace }}
-{{- end -}}
--- a/charts/falco-exporter/templates/servicemonitor.yaml
+++ b/charts/falco-exporter/templates/servicemonitor.yaml
@ -1,27 +0,0 @@
-{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) .Values.serviceMonitor.enabled }}
-apiVersion: monitoring.coreos.com/v1
-kind: ServiceMonitor
-metadata:
-  name: {{ include "falco-exporter.fullname" . }}
-  labels:
-    {{- include "falco-exporter.labels" . | nindent 4 }}
-    {{- range $key, $value := .Values.serviceMonitor.additionalLabels }}
-    {{ $key }}: {{ $value | quote }}
-    {{- end }}
-  namespace: {{ .Release.Namespace }}
-spec:
-  endpoints:
-  - port: metrics
-    {{- if .Values.serviceMonitor.interval }}
-    interval: {{ .Values.serviceMonitor.interval }}
-    {{- end }}
-    {{- if .Values.serviceMonitor.scrapeTimeout }}
-    scrapeTimeout: {{ .Values.serviceMonitor.scrapeTimeout }}
-    {{- end }}
-    {{- with .Values.serviceMonitor.additionalProperties }}
-      {{- toYaml . | nindent 4 }}
-    {{- end }}
-  selector:
-    matchLabels:
-      {{- include "falco-exporter.selectorLabels" . | nindent 6 }}
-{{- end }}
--- a/charts/falco-exporter/templates/tests/test-connection.yaml
+++ b/charts/falco-exporter/templates/tests/test-connection.yaml
@ -1,15 +0,0 @@
-apiVersion: v1
-kind: Pod
-metadata:
-  name: "{{ include "falco-exporter.fullname" . }}-test-connection"
-  labels:
-    {{- include "falco-exporter.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": test-success
-spec:
-  containers:
-    - name: wget
-      image: busybox
-      command: ['wget']
-      args: ['{{ include "falco-exporter.fullname" . }}:{{ .Values.service.port }}/metrics']
-  restartPolicy: Never
--- a/charts/falco-exporter/values.yaml
+++ b/charts/falco-exporter/values.yaml
@ -1,222 +0,0 @@
-# Default values for falco-exporter.
-# This is a YAML-formatted file.
-# Declare variables to be passed into your templates.
-
-# -- service exposes the exporter service to be accessed from within the cluster.
-service:
-  # -- type denotes the service type. Setting it to "ClusterIP" we ensure that are accessible
-  # from within the cluster.
-  type: ClusterIP
-  # -- clusterIP set to none. It's headless service.
-  clusterIP: None
-  # -- port is the port on which the Service will listen.
-  port: 9376
-  # -- targetPort is the port on which the Pod is listening.
-  targetPort: 9376
-  # -- labels set of labels to be applied to the service.
-  labels: {}
-  # -- annotations set of annotations to be applied to the service.
-  annotations:
-    prometheus.io/scrape: "true"
-    prometheus.io/port: "9376"
-  # -- mTLS mutual TLS for HTTP metrics server.
-  mTLS:
-    # -- enabled specifies whether the mTLS should be enabled.
-    enabled: false
-
-# -- healthChecks contains the configuration for liveness and readiness probes.
-healthChecks:
-  # -- livenessProbe is a diagnostic mechanism used to determine weather a container within a Pod is still running and healthy.
-  livenessProbe:
-    # -- probesPort is liveness probes port.
-    probesPort: 19376
-    # -- initialDelaySeconds tells the kubelet that it should wait X seconds before performing the first probe.
-    initialDelaySeconds: 60
-    # -- timeoutSeconds number of seconds after which the probe times out.
-    timeoutSeconds: 5
-    # -- periodSeconds specifies the interval at which the liveness probe will be repeated.
-    periodSeconds: 15
-  # -- readinessProbe is a mechanism used to determine whether a container within a Pod is ready to serve traffic.
-  readinessProbe:
-    # probesPort is readiness probes port
-    probesPort: 19376
-    # -- initialDelaySeconds tells the kubelet that it should wait X seconds before performing the first probe.
-    initialDelaySeconds: 30
-    # -- timeoutSeconds is the number of seconds after which the probe times out.
-    timeoutSeconds: 5
-    # -- periodSeconds specifies the interval at which the readiness probe will be repeated.
-    periodSeconds: 15
-
-# -- image is the configuration for the exporter image.
-image:
-  # -- registry is the image registry to pull from.
-  registry: docker.io
-  # -- repository is the image repository to pull from.
-  repository: falcosecurity/falco-exporter
-  # -- tag is image tag to pull.
-  tag: "0.8.3"
-  # -- pullPolicy is the policy used to determine when a node should attempt to pull the container image.
-  pullPolicy: IfNotPresent
-
-# -- pullSecrets a list of secrets containing credentials used when pulling from private/secure registries.
-imagePullSecrets: []
-# -- nameOverride is the new name used to override the release name used for exporter's components.
-nameOverride: ""
-# -- fullNameOverride same as nameOverride but for the full name.
-fullnameOverride: ""
-
-# -- priorityClassName specifies the name of the PriorityClass for the pods.
-priorityClassName: ""
-
-# -- falco the configuration to connect falco.
-falco:
-  # -- grpcUnixSocketPath path to the falco's grpc unix socket.
-  grpcUnixSocketPath: "unix:///run/falco/falco.sock"
-  # -- grpcTimeout timout value for grpc connection.
-  grpcTimeout: 2m
-
-# -- serviceAccount is the configuration for the service account.
-serviceAccount:
-  # create specifies whether a service account should be created.
-  create: true
-  # annotations to add to the service account
-  annotations: {}
-  # -- name is the name of the service account to use.
-  # If not set and create is true, a name is generated using the fullname template.
-  # If set and create is false, an already existing serviceAccount must be provided.
-  name: ""
-
-# -- podSecurityPolicy holds the security policy settings for the pod.
-podSecurityPolicy:
-  # -- create specifies whether a PSP, Role and RoleBinding should be created
-  create: false
-  # -- annotations to add to the PSP, Role and RoleBinding
-  annotations: {}
-  # -- name of the PSP, Role and RoleBinding to use.
-  # If not set and create is true, a name is generated using the fullname template
-  name: ""
-
-# -- podSecurityPolicy holds the security policy settings for the pod.
-podSecurityContext:
-  {}
-  # fsGroup: 2000
-
-# -- daemonset holds the configuration for the daemonset.
-daemonset:
-  # updateStrategy perform rolling updates by default in the DaemonSet agent
-  # ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/
-  updateStrategy:
-    # type of the strategy. Can also customize maxUnavailable or minReadySeconds based on your needs.
-    type: RollingUpdate
-
-  # -- annotations to add to the DaemonSet pods.
-  annotations: {}
-  # -- podLabels labels to add to the pods.
-  podLabels: {}
-
-# -- securityContext holds the security context for the daemonset.
-securityContext:
-  # -- capabilities to be assigned to the daemonset.
-  capabilities:
-    drop:
-    - ALL
-  readOnlyRootFilesystem: true
-  allowPrivilegeEscalation: false
-  privileged: false
-  seccompProfile:
-    type: RuntimeDefault
-
-
-# -- resources defines the computing resources (CPU and memory) that are allocated to the containers running within the Pod.
-resources:
-  {}
-  # We usually recommend not to specify default resources and to leave this as a conscious
-  # choice for the user. This also increases chances charts run on environments with little
-  # resources, such as Minikube. If you do want to specify resources, uncomment the following
-  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
-  # limits:
-  #   cpu: 100m
-  #   memory: 128Mi
-  # requests:
-  #   cpu: 100m
-  #   memory: 128Mi
-
-# -- nodeSelector specifies a set of key-value pairs that must match labels assigned to nodes
-# for the Pod to be eligible for scheduling on that node
-nodeSelector: {}
-
-# -- tolerations are applied to pods and allow them to be scheduled on nodes with matching taints.
-tolerations:
-  - effect: NoSchedule
-    key: node-role.kubernetes.io/master
-  - effect: NoSchedule
-    key: node-role.kubernetes.io/control-plane
-
-# -- affinity allows pod placement based on node characteristics, or any other custom labels assigned to nodes.
-affinity: {}
-
-
-# -- serviceMonitor holds the configuration for the ServiceMonitor CRD.
-# A ServiceMonitor is a custom resource definition (CRD) used to configure how Prometheus should
-# discover and scrape metrics from the exporter service.
-serviceMonitor:
-  # -- enable the deployment of a Service Monitor for the Prometheus Operator.
-  enabled: false
-  # -- additionalLabels specifies labels to be added on the Service Monitor.
-  additionalLabels: {}
-  # -- interval specifies the time interval at which Prometheus should scrape metrics from the service.
-  interval: ""
-  # -- scrapeTimeout determines the maximum time Prometheus should wait for a target to respond to a scrape request.
-  # If the target does not respond within the specified timeout, Prometheus considers the scrape as failed for
-  # that target.
-  scrapeTimeout: ""
-    # -- aditionalProperties allows setting additional properties on the endpoint such as relabelings, metricRelabelings etc.
-  additionalProperties: {}
-# -- grafanaDashboard contains the configuration related to grafana dashboards.
-grafanaDashboard:
-  # -- enabled specifies whether the dashboard should be deployed.
-  enabled: false
-  # -- folder creates and set folderAnnotation to specify where the dashboard is stored in grafana.
-  folder: ""
-  # -- folderAnnotation sets the annotation's name used by folderAnnotation in grafana's helm-chart.
-  folderAnnotation: "grafana_dashboard_folder"
-  # -- namespace specifies the namespace for the configmap.
-  namespace: default
-  # -- prometheusDatasourceName name of the data source.
-  prometheusDatasourceName: Prometheus
-
-scc:
-  # true here enabled creation of Security Context Constraints in Openshift
-  create: true
-
-# prometheusRules holds the configuration for alerting on priority events.
-prometheusRules:
-  # -- enabled specifies whether the prometheus rules should be deployed.
-  enabled: false
-  alerts:
-    warning:
-      enabled: true
-      rate_interval: "5m"
-      threshold: 0
-      for: "15m"
-    error:
-      enabled: true
-      rate_interval: "5m"
-      threshold: 0
-      for: "15m"
-    critical:
-      enabled: true
-      rate_interval: "5m"
-      threshold: 0
-      for: "15m"
-    alert:
-      enabled: true
-      rate_interval: "5m"
-      threshold: 0
-      for: "5m"
-    emergency:
-      enabled: true
-      rate_interval: "1m"
-      threshold: 0
-      for: "1m"
-    additionalAlerts: {}
--- a/charts/falco-talon/CHANGELOG.md
+++ b/charts/falco-talon/CHANGELOG.md
@ -3,6 +3,15 @@
 This file documents all notable changes to Falco Talon Helm Chart. The release
 numbering uses [semantic versioning](http://semver.org).

+## 0.3.0 - 2024-02-07
+
+- bump up version to `v0.3.0`
+- fix missing usage of the `imagePullSecrets`
+
+## 0.2.3 - 2024-12-18
+
+- add a Grafana dashboard for the Prometheus metrics 
+
 ## 0.2.1 - 2024-12-09

 - bump up version to `v0.2.1` for bug fixes
--- a/charts/falco-talon/Chart.yaml
+++ b/charts/falco-talon/Chart.yaml
@ -1,8 +1,8 @@
 apiVersion: v1
-appVersion: 0.2.1
+appVersion: 0.3.0
 description: React to the events from Falco
 name: falco-talon
-version: 0.2.1
+version: 0.3.0
 keywords:
  - falco
  - monitoring
--- a/charts/falco-talon/README.md
+++ b/charts/falco-talon/README.md
@ -113,6 +113,14 @@ helm delete falco-talon -n falco
 | config.printAllEvents | bool | `false` | print in stdout all received events, not only those which match a rule |
 | config.watchRules | bool | `true` | auto reload the rules when the files change |
 | extraEnv | list | `[{"name":"LOG_LEVEL","value":"warning"}]` | extra env |
+| grafana | object | `{"dashboards":{"configMaps":{"talon":{"folder":"","name":"falco-talon-grafana-dashboard","namespace":""}},"enabled":false}}` | grafana contains the configuration related to grafana. |
+| grafana.dashboards | object | `{"configMaps":{"talon":{"folder":"","name":"falco-talon-grafana-dashboard","namespace":""}},"enabled":false}` | dashboards contains configuration for grafana dashboards. |
+| grafana.dashboards.configMaps | object | `{"talon":{"folder":"","name":"falco-talon-grafana-dashboard","namespace":""}}` | configmaps to be deployed that contain a grafana dashboard. |
+| grafana.dashboards.configMaps.talon | object | `{"folder":"","name":"falco-talon-grafana-dashboard","namespace":""}` | falco-talon contains the configuration for falco talon's dashboard. |
+| grafana.dashboards.configMaps.talon.folder | string | `""` | folder where the dashboard is stored by grafana. |
+| grafana.dashboards.configMaps.talon.name | string | `"falco-talon-grafana-dashboard"` | name specifies the name for the configmap. |
+| grafana.dashboards.configMaps.talon.namespace | string | `""` | namespace specifies the namespace for the configmap. |
+| grafana.dashboards.enabled | bool | `false` | enabled specifies whether the dashboards should be deployed. |
 | image | object | `{"pullPolicy":"Always","registry":"falco.docker.scarf.sh","repository":"falcosecurity/falco-talon","tag":""}` | image parameters |
 | image.pullPolicy | string | `"Always"` | The image pull policy |
 | image.registry | string | `"falco.docker.scarf.sh"` | The image registry to pull from |
--- a/charts/falco-talon/dashboards/falco-talon-grafana-dashboard.json
+++ b/charts/falco-talon/dashboards/falco-talon-grafana-dashboard.json
--- a/charts/falco-talon/templates/configmap-grafana-dashboard.yaml
+++ b/charts/falco-talon/templates/configmap-grafana-dashboard.yaml
@ -0,0 +1,22 @@
+{{- if .Values.grafana.dashboards.enabled -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.grafana.dashboards.configMaps.talon.name }}
+  {{ if .Values.grafana.dashboards.configMaps.talon.namespace }}
+  namespace: {{ .Values.grafana.dashboards.configMaps.talon.namespace }}
+  {{- else -}}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "falco-talon.labels" . | nindent 4 }}
+    grafana_dashboard: "1"
+  annotations:
+    {{- if .Values.grafana.dashboards.configMaps.talon.folder }}
+    k8s-sidecar-target-directory: /tmp/dashboards/{{ .Values.grafana.dashboards.configMaps.talon.folder}}
+    grafana_dashboard_folder: {{ .Values.grafana.dashboards.configMaps.talon.folder }}
+    {{- end }}
+data:
+  falco-talon-grafana-dashboard.json: |-
+    {{- .Files.Get "dashboards/falco-talon-grafana-dashboard.json" | nindent 4 }}
+ {{- end -}}
--- a/charts/falco-talon/templates/configmap.yaml
+++ b/charts/falco-talon/templates/configmap.yaml
@ -2,6 +2,7 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "falco-talon.name" . }}-rules
+  namespace: {{ .Release.Namespace }}
  labels:
    {{- include "falco-talon.labels" . | nindent 4 }}
 data:
--- a/charts/falco-talon/templates/deployment.yaml
+++ b/charts/falco-talon/templates/deployment.yaml
@ -24,6 +24,12 @@ spec:
        secret-checksum: {{ (lookup "v1" "Secret" .Release.Namespace (include "falco-talon.name" . | cat "-config")).data | toJson | sha256sum }}
    spec:
      serviceAccountName: {{ include "falco-talon.name" . }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+      {{- range .Values.imagePullSecrets }}
+        - name: {{ . }}
+      {{- end }}
+      {{- end }}
      {{- if .Values.priorityClassName }}
      priorityClassName: "{{ .Values.priorityClassName }}"
      {{- end }}
--- a/charts/falco-talon/values.yaml
+++ b/charts/falco-talon/values.yaml
@ -290,3 +290,20 @@ serviceMonitor:
    # caFile: /path/to/ca.crt
    # certFile: /path/to/client.crt
    # keyFile: /path/to/client.key
+
+# -- grafana contains the configuration related to grafana.
+grafana:
+  # -- dashboards contains configuration for grafana dashboards.
+  dashboards:
+    # -- enabled specifies whether the dashboards should be deployed.
+    enabled: false
+    # --configmaps to be deployed that contain a grafana dashboard.
+    configMaps:
+      # -- falco-talon contains the configuration for falco talon's dashboard.
+      talon:
+        # -- name specifies the name for the configmap.
+        name: falco-talon-grafana-dashboard
+        # -- namespace specifies the namespace for the configmap.
+        namespace: ""
+        # -- folder where the dashboard is stored by grafana.
+        folder: ""
--- a/charts/falco/BREAKING-CHANGES.md
+++ b/charts/falco/BREAKING-CHANGES.md
@ -1,4 +1,6 @@
 # Helm chart Breaking Changes
+ - [5.0.0](#500)
+   - [Default Falco Image](#default-falco-image)
 - [4.0.0](#400)
   - [Drivers](#drivers)
   - [K8s Collector](#k8s-collector)
@ -9,6 +11,21 @@
    - [Falco Images](#drop-support-for-falcosecurityfalco-image)
    - [Driver Loader Init Container](#driver-loader-simplified-logic)

+## 6.0.0
+
+### Falco Talon configuration changes
+
+The following backward-incompatible changes have been made to `values.yaml`:
+- `falcotalon` configuration has been renamed to `falco-talon`
+- `falcotalon.enabled` has been renamed to `responseActions.enabled`
+
+## 5.0.0
+### Default Falco Image
+**Starting with version 5.0.0, the Helm chart now uses the default Falco container image, which is a distroless image without any additional tools installed.**
+Previously, the chart used the `debian` image with the several tools included to avoid breaking changes during upgrades. The new image is more secure and lightweight, but it does not include these tools.
+
+If you rely on some tool—for example, when using the `program_output` feature—you can manually override the `image.tag` value to use a different image flavor. For instance, setting `image.tag` to `0.41.0-debian` will restore access to the tools available in the Debian-based image.
+
 ## 4.0.0
 ### Drivers
 The `driver` section has been reworked based on the following PR: https://github.com/falcosecurity/falco/pull/2413. 
--- a/charts/falco/CHANGELOG.md
+++ b/charts/falco/CHANGELOG.md
@ -3,6 +3,119 @@
 This file documents all notable changes to Falco Helm Chart. The release
 numbering uses [semantic versioning](http://semver.org).

+## v6.2.2
+
+* Bump container plugin to 0.3.5
+* Bump k8smeta plugin to 0.3.1
+
+## v6.2.1
+
+* Bump container plugin to 0.3.3
+
+## v6.2.0
+
+* Switch to `collectors.containerEngine` configuration by default
+* Update `collectors.containerEngine.engines` default values
+* Fix containerd socket path configuration
+* Address "container.name shows container.id" issue
+* Address "Missing k8s.pod name, container.name, other metadata with k3s" issue
+* Bump container plugin to 0.3.2
+
+## v6.1.0
+
+* feat(falco): Add possibility to custom falco pods hostname
+
+## v6.0.2
+
+* Bump Falco to 0.41.3
+* Bump container plugin to 0.3.1
+
+## v6.0.1
+
+* Bump Falco to 0.41.2
+* Bump container plugin to 0.3.0
+
+## v6.0.0
+
+* Rename Falco Talon configuration keys naming
+
+## v5.0.3
+
+* Bump container plugin to 0.2.6
+
+## v5.0.2
+
+* Bump container plugin to 0.2.5
+* Bump Falco to 0.41.1
+
+## v5.0.1
+
+* Correct installation issue when both artifact installation and follow are enabled
+
+## v5.0.0
+* Bump falcoctl to 0.11.2
+* Use default falco image flavor (wolfi) by default
+
+## v4.22.0
+* Bump Falco to 0.41.0;
+* Bump falco rules to 4.0.0;
+* Deprecate old container engines in favor of the new container plugin;
+* Add support for the new container plugin;
+* Update k8smeta plugin to 0.3.0;
+* Update falco configuration;
+
+## v4.21.2
+
+* add falco-talon as falco subchart
+
+## v4.21.1
+
+* removed falco-expoter (now deprecated) references from the readme 
+
+## v4.21.0
+
+* feat(falco): adding imagePullSecrets at the service account level
+
+## v4.20.1
+
+* correctly mount the volumes based on socket path
+* unit tests for container engines socket paths
+
+## v4.20.0
+
+* bump falcoctl to 0.11.0
+
+## v4.19.0
+
+* fix falco version to 0.40.0
+
+## v4.18.0
+
+* update the chart for falco 0.40;
+* remove deprecated cli flag `--cri` and use instead the configuration file. More info here: https://github.com/falcosecurity/falco/pull/3329
+* use new falco images, for more info see: https://github.com/falcosecurity/falco/issues/3165
+
+## v4.17.2
+
+* update(falco): add ports definition in falco container spec
+
+## v4.17.1
+
+* docs(falco): update README.md to reflect latest driver configuration and correct broken links
+
+## v4.17.0
+
+* update(falco): bump k8saudit version to 0.11
+
+## v4.16.2
+
+* fix(falco): set dnsPolicy to ClusterFirstWithHostNet when gvisor driver is enabled to prevent DNS lookup failures for cluster-internal services
+
+## v4.16.1
+
+* fix(falco/serviceMonitor): set service label selector
+* new(falco/tests): add unit tests for serviceMonitor label selector
+
 ## v4.16.0

 * bump falcosidekick dependency to v0.9.* to match with future versions
@ -315,7 +428,7 @@ The new chart introduces some breaking changes. For folks upgrading Falco please
 ## v3.3.0
 * Upgrade Falco to 0.35.1. For more info see the release notes: https://github.com/falcosecurity/falco/releases/tag/0.35.1
 * Upgrade falcoctl to 0.5.1. For more info see the release notes: https://github.com/falcosecurity/falcoctl/releases/tag/v0.5.1
-* Introduce least privileged mode in modern ebpf. For more info see: https://falco.org/docs/event-sources/kernel/#least-privileged-mode-2
+* Introduce least privileged mode in modern ebpf. For more info see: https://falco.org/docs/setup/container/#docker-least-privileged-modern-ebpf

 ## v3.2.1
 * Set falco.http_output.url to empty string in values.yaml file
--- a/charts/falco/Chart.yaml
+++ b/charts/falco/Chart.yaml
@ -1,7 +1,7 @@
 apiVersion: v2
 name: falco
-version: 4.16.0
-appVersion: "0.39.2"
+version: 6.2.2
+appVersion: "0.41.3"
 description: Falco
 keywords:
  - monitoring
@ -26,3 +26,7 @@ dependencies:
    version: 0.1.*
    repository: https://falcosecurity.github.io/charts
    condition: collectors.kubernetes.enabled
+  - name: falco-talon
+    version: 0.3.*
+    repository: https://falcosecurity.github.io/charts
+    condition: responseActions.enabled
--- a/charts/falco/README.gotmpl
+++ b/charts/falco/README.gotmpl
@ -53,11 +53,12 @@ Note that **a Falco instance can handle multiple event sources in parallel**. yo

 Falco needs a **driver** to analyze the system workload and pass security events to userspace. The supported drivers are:

-* [Kernel module](https://falco.org/docs/event-sources/drivers/#kernel-module)
-* [eBPF probe](https://falco.org/docs/event-sources/drivers/#ebpf-probe)
-* [Modern eBPF probe](https://falco.org/docs/event-sources/drivers/#modern-ebpf-probe)
+* [Modern eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#modern-ebpf-probe)
+* [Kernel module](https://falco.org/docs/concepts/event-sources/kernel/#kernel-module)
+* [Legacy eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#legacy-ebpf-probe)
+
+The driver must be loaded on the node where Falco is running. Falco now prefers the **Modern eBPF probe** by default. When using **falcoctl** with `driver.kind=auto`, it will automatically choose the best driver for your system. Specifically, it first attempts to use the Modern eBPF probe (which is shipped directly within the Falco binary) and will fall back to the _kernel module_ or the _original eBPF probe_ if the necessary BPF features are not available.

-The driver should be installed on the node where Falco is running. The _kernel module_ (default option) and the _eBPF probe_ are installed on the node through an *init container* (i.e. `falco-driver-loader`) that tries download a prebuilt driver or build it on-the-fly as a fallback. The _Modern eBPF probe_ doesn't require an init container because it is shipped directly into the Falco binary. However, the _Modern eBPF probe_ requires [recent BPF features](https://falco.org/docs/event-sources/kernel/#modern-ebpf-probe).

 ##### Pre-built drivers

@ -146,20 +147,24 @@ After the clarification of the different [**event sources**](#falco-event-source
 The chart deploys Falco using a `daemonset` or a `deployment` depending on the **event sources**.

 #### Daemonset
-When using the [drivers](#about-the-driver), Falco is deployed as `daemonset`. By using a `daemonset`, k8s assures that a Falco instance will be running in each of our nodes even when we add new nodes to our cluster. So it is the perfect match when we need to monitor all the nodes in our cluster.
+When using the [drivers](#about-the-driver), Falco is typically deployed as a `DaemonSet`. By using a DaemonSet, Kubernetes ensures that a Falco instance is running on each node even as new nodes are added to your cluster. This makes it a perfect fit for monitoring across the entire cluster.
+
+By default, with `driver.kind=auto`, the correct driver will will be automatically selected for each node. This is accomplished through the **driver loader** (implemented by `falcoctl`), which generates a new Falco configuration file and picks the right engine driver (Modern eBPF, kmod, or legacy eBPF) based on the underlying environment. If you prefer to manually force a specific driver, see the other available options below.

 **Kernel module**
-To run Falco with the [kernel module](https://falco.org/docs/event-sources/drivers/#kernel-module) you can use the default values of the helm chart:
+
+To run Falco with the [eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#kernel-module) you just need to set `driver.kind=kmod` as shown in the following snippet:

 ```bash
 helm install falco falcosecurity/falco \
    --create-namespace \
    --namespace falco
+    --set driver.kind=kmod
 ```

-**eBPF probe**
+**Legacy eBPF probe**

-To run Falco with the [eBPF probe](https://falco.org/docs/event-sources/drivers/#ebpf-probe) you just need to set `driver.kind=ebpf` as shown in the following snippet:
+To run Falco with the [eBPF probe](http://falco.org/docs/concepts/event-sources/kernel/#legacy-ebpf-probe) you just need to set `driver.kind=ebpf` as shown in the following snippet:

 ```bash
 helm install falco falcosecurity/falco \
@ -177,9 +182,9 @@ helm install falco falcosecurity/falco \
    -f "path-to-custom-values.yaml-file"
 ```

-**modern eBPF probe**
+**Modern eBPF probe**

-To run Falco with the [modern eBPF probe](https://falco.org/docs/event-sources/drivers/#modern-ebpf-probe-experimental) you just need to set `driver.kind=modern_bpf` as shown in the following snippet:
+To run Falco with the [modern eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#modern-ebpf-probe) you just need to set `driver.kind=modern_bpf` as shown in the following snippet:

 ```bash
 helm install falco falcosecurity/falco \
@ -505,8 +510,6 @@ Moreover, Falco supports running a gRPC server with two main binding types:
 - Over a local **Unix socket** with no authentication
 - Over the **network** with mandatory mutual TLS authentication (mTLS)

-> **Tip**: Once gRPC is enabled, you can deploy [falco-exporter](https://github.com/falcosecurity/falco-exporter) to export metrics to Prometheus.
-
 ### gRPC over unix socket (default)

 The preferred way to use the gRPC is over a Unix socket.
--- a/charts/falco/README.md
+++ b/charts/falco/README.md
@ -53,11 +53,11 @@ Note that **a Falco instance can handle multiple event sources in parallel**. yo

 Falco needs a **driver** to analyze the system workload and pass security events to userspace. The supported drivers are:

-* [Kernel module](https://falco.org/docs/event-sources/drivers/#kernel-module)
-* [eBPF probe](https://falco.org/docs/event-sources/drivers/#ebpf-probe)
-* [Modern eBPF probe](https://falco.org/docs/event-sources/drivers/#modern-ebpf-probe)
+* [Modern eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#modern-ebpf-probe)
+* [Kernel module](https://falco.org/docs/concepts/event-sources/kernel/#kernel-module)
+* [Legacy eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#legacy-ebpf-probe)

-The driver should be installed on the node where Falco is running. The _kernel module_ (default option) and the _eBPF probe_ are installed on the node through an *init container* (i.e. `falco-driver-loader`) that tries download a prebuilt driver or build it on-the-fly as a fallback. The _Modern eBPF probe_ doesn't require an init container because it is shipped directly into the Falco binary. However, the _Modern eBPF probe_ requires [recent BPF features](https://falco.org/docs/event-sources/kernel/#modern-ebpf-probe).
+The driver must be loaded on the node where Falco is running. Falco now prefers the **Modern eBPF probe** by default. When using **falcoctl** with `driver.kind=auto`, it will automatically choose the best driver for your system. Specifically, it first attempts to use the Modern eBPF probe (which is shipped directly within the Falco binary) and will fall back to the _kernel module_ or the _original eBPF probe_ if the necessary BPF features are not available.

 ##### Pre-built drivers

@ -146,20 +146,24 @@ After the clarification of the different [**event sources**](#falco-event-source
 The chart deploys Falco using a `daemonset` or a `deployment` depending on the **event sources**.

 #### Daemonset
-When using the [drivers](#about-the-driver), Falco is deployed as `daemonset`. By using a `daemonset`, k8s assures that a Falco instance will be running in each of our nodes even when we add new nodes to our cluster. So it is the perfect match when we need to monitor all the nodes in our cluster.
+When using the [drivers](#about-the-driver), Falco is typically deployed as a `DaemonSet`. By using a DaemonSet, Kubernetes ensures that a Falco instance is running on each node even as new nodes are added to your cluster. This makes it a perfect fit for monitoring across the entire cluster.
+
+By default, with `driver.kind=auto`, the correct driver will will be automatically selected for each node. This is accomplished through the **driver loader** (implemented by `falcoctl`), which generates a new Falco configuration file and picks the right engine driver (Modern eBPF, kmod, or legacy eBPF) based on the underlying environment. If you prefer to manually force a specific driver, see the other available options below.

 **Kernel module**
-To run Falco with the [kernel module](https://falco.org/docs/event-sources/drivers/#kernel-module) you can use the default values of the helm chart:
+
+To run Falco with the [eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#kernel-module) you just need to set `driver.kind=kmod` as shown in the following snippet:

 ```bash
 helm install falco falcosecurity/falco \
    --create-namespace \
    --namespace falco
+    --set driver.kind=kmod
 ```

-**eBPF probe**
+**Legacy eBPF probe**

-To run Falco with the [eBPF probe](https://falco.org/docs/event-sources/drivers/#ebpf-probe) you just need to set `driver.kind=ebpf` as shown in the following snippet:
+To run Falco with the [eBPF probe](http://falco.org/docs/concepts/event-sources/kernel/#legacy-ebpf-probe) you just need to set `driver.kind=ebpf` as shown in the following snippet:

 ```bash
 helm install falco falcosecurity/falco \
@ -177,9 +181,9 @@ helm install falco falcosecurity/falco \
    -f "path-to-custom-values.yaml-file"
 ```

-**modern eBPF probe**
+**Modern eBPF probe**

-To run Falco with the [modern eBPF probe](https://falco.org/docs/event-sources/drivers/#modern-ebpf-probe-experimental) you just need to set `driver.kind=modern_bpf` as shown in the following snippet:
+To run Falco with the [modern eBPF probe](https://falco.org/docs/concepts/event-sources/kernel/#modern-ebpf-probe) you just need to set `driver.kind=modern_bpf` as shown in the following snippet:

 ```bash
 helm install falco falcosecurity/falco \
@ -502,8 +506,6 @@ Moreover, Falco supports running a gRPC server with two main binding types:
 - Over a local **Unix socket** with no authentication
 - Over the **network** with mandatory mutual TLS authentication (mTLS)

-> **Tip**: Once gRPC is enabled, you can deploy [falco-exporter](https://github.com/falcosecurity/falco-exporter) to export metrics to Prometheus.
-
 ### gRPC over unix socket (default)

 The preferred way to use the gRPC is over a Unix socket.
@ -581,7 +583,7 @@ If you use a Proxy in your cluster, the requests between `Falco` and `Falcosidek

 ## Configuration

-The following table lists the main configurable parameters of the falco chart v4.16.0 and their default values. See [values.yaml](./values.yaml) for full list.
+The following table lists the main configurable parameters of the falco chart v6.2.2 and their default values. See [values.yaml](./values.yaml) for full list.

 ## Values

@ -595,18 +597,28 @@ The following table lists the main configurable parameters of the falco chart v4
 | certs.existingSecret | string | `""` | Existing secret containing the following key, crt and ca as well as the bundle pem. |
 | certs.server.crt | string | `""` | Certificate used by gRPC and webserver. |
 | certs.server.key | string | `""` | Key used by gRPC and webserver. |
-| collectors.containerd.enabled | bool | `true` | Enable ContainerD support. |
-| collectors.containerd.socket | string | `"/run/containerd/containerd.sock"` | The path of the ContainerD socket. |
-| collectors.crio.enabled | bool | `true` | Enable CRI-O support. |
+| collectors.containerEngine | object | `{"enabled":true,"engines":{"bpm":{"enabled":true},"containerd":{"enabled":true,"sockets":["/run/host-containerd/containerd.sock"]},"cri":{"enabled":true,"sockets":["/run/containerd/containerd.sock","/run/crio/crio.sock","/run/k3s/containerd/containerd.sock","/run/host-containerd/containerd.sock"]},"docker":{"enabled":true,"sockets":["/var/run/docker.sock"]},"libvirt_lxc":{"enabled":true},"lxc":{"enabled":true},"podman":{"enabled":true,"sockets":["/run/podman/podman.sock"]}},"hooks":["create"],"labelMaxLen":100,"pluginRef":"ghcr.io/falcosecurity/plugins/plugin/container:0.3.5","withSize":false}` | This collector is the new container engine collector that replaces the old docker, containerd, crio and podman collectors. It is designed to collect metadata from various container engines and provide a unified interface through the container plugin. When enabled, it will deploy the container plugin and use it to collect metadata from the container engines. Keep in mind that the old collectors (docker, containerd, crio, podman) will use the container plugin to collect metadata under the hood. |
+| collectors.containerEngine.enabled | bool | `true` | Enable Container Engine support. |
+| collectors.containerEngine.engines | object | `{"bpm":{"enabled":true},"containerd":{"enabled":true,"sockets":["/run/host-containerd/containerd.sock"]},"cri":{"enabled":true,"sockets":["/run/containerd/containerd.sock","/run/crio/crio.sock","/run/k3s/containerd/containerd.sock","/run/host-containerd/containerd.sock"]},"docker":{"enabled":true,"sockets":["/var/run/docker.sock"]},"libvirt_lxc":{"enabled":true},"lxc":{"enabled":true},"podman":{"enabled":true,"sockets":["/run/podman/podman.sock"]}}` | engines specify the container engines that will be used to collect metadata. See https://github.com/falcosecurity/plugins/blob/main/plugins/container/README.md#configuration |
+| collectors.containerEngine.hooks | list | `["create"]` | hooks specify the hooks that will be used to collect metadata from the container engine. The available hooks are: create, start. |
+| collectors.containerEngine.labelMaxLen | int | `100` | labelMaxLen is the maximum length of the labels that can be used in the container plugin. container labels larger than this value won't be collected. |
+| collectors.containerEngine.pluginRef | string | `"ghcr.io/falcosecurity/plugins/plugin/container:0.3.5"` | pluginRef is the OCI reference for the container plugin. It could be a full reference such as "ghcr.io/falcosecurity/plugins/plugin/container:0.3.5". Or just name + tag: container:0.3.5. |
+| collectors.containerEngine.withSize | bool | `false` | withSize specifies whether to enable container size inspection, which is inherently slow. |
+| collectors.containerd | object | `{"enabled":false,"socket":"/run/host-containerd/containerd.sock"}` | This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead. |
+| collectors.containerd.enabled | bool | `false` | Enable ContainerD support. |
+| collectors.containerd.socket | string | `"/run/host-containerd/containerd.sock"` | The path of the ContainerD socket. |
+| collectors.crio | object | `{"enabled":false,"socket":"/run/crio/crio.sock"}` | This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead. |
+| collectors.crio.enabled | bool | `false` | Enable CRI-O support. |
 | collectors.crio.socket | string | `"/run/crio/crio.sock"` | The path of the CRI-O socket. |
-| collectors.docker.enabled | bool | `true` | Enable Docker support. |
+| collectors.docker | object | `{"enabled":false,"socket":"/var/run/docker.sock"}` | This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead. |
+| collectors.docker.enabled | bool | `false` | Enable Docker support. |
 | collectors.docker.socket | string | `"/var/run/docker.sock"` | The path of the Docker daemon socket. |
 | collectors.enabled | bool | `true` | Enable/disable all the metadata collectors. |
-| collectors.kubernetes | object | `{"collectorHostname":"","collectorPort":"","enabled":false,"hostProc":"/host","pluginRef":"ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.2.1","verbosity":"info"}` | kubernetes holds the configuration for the kubernetes collector. Starting from version 0.37.0 of Falco, the legacy kubernetes client has been removed. A new standalone component named k8s-metacollector and a Falco plugin have been developed to solve the issues that were present in the old implementation. More info here: https://github.com/falcosecurity/falco/issues/2973 |
+| collectors.kubernetes | object | `{"collectorHostname":"","collectorPort":"","enabled":false,"hostProc":"/host","pluginRef":"ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.3.1","verbosity":"info"}` | kubernetes holds the configuration for the kubernetes collector. Starting from version 0.37.0 of Falco, the legacy kubernetes client has been removed. A new standalone component named k8s-metacollector and a Falco plugin have been developed to solve the issues that were present in the old implementation. More info here: https://github.com/falcosecurity/falco/issues/2973 |
 | collectors.kubernetes.collectorHostname | string | `""` | collectorHostname is the address of the k8s-metacollector. When not specified it will be set to match k8s-metacollector service. e.x: falco-k8smetacollecto.falco.svc. If for any reason you need to override it, make sure to set here the address of the k8s-metacollector. It is used by the k8smeta plugin to connect to the k8s-metacollector. |
 | collectors.kubernetes.collectorPort | string | `""` | collectorPort designates the port on which the k8s-metacollector gRPC service listens. If not specified the value of the port named `broker-grpc` in k8s-metacollector.service.ports is used. The default values is 45000. It is used by the k8smeta plugin to connect to the k8s-metacollector. |
 | collectors.kubernetes.enabled | bool | `false` | enabled specifies whether the Kubernetes metadata should be collected using the k8smeta plugin and the k8s-metacollector component. It will deploy the k8s-metacollector external component that fetches Kubernetes metadata and pushes them to Falco instances. For more info see: https://github.com/falcosecurity/k8s-metacollector https://github.com/falcosecurity/charts/tree/master/charts/k8s-metacollector When this option is disabled, Falco falls back to the container annotations to grab the metadata. In such a case, only the ID, name, namespace, labels of the pod will be available. |
-| collectors.kubernetes.pluginRef | string | `"ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.2.1"` | pluginRef is the OCI reference for the k8smeta plugin. It could be a full reference such as: "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.1.0". Or just name + tag: k8smeta:0.1.0. |
+| collectors.kubernetes.pluginRef | string | `"ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.3.1"` | pluginRef is the OCI reference for the k8smeta plugin. It could be a full reference such as: "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.1.0". Or just name + tag: k8smeta:0.1.0. |
 | containerSecurityContext | object | `{}` | Set securityContext for the Falco container.For more info see the "falco.securityContext" helper in "pod-template.tpl" |
 | controller.annotations | object | `{}` |  |
 | controller.daemonset.updateStrategy.type | string | `"RollingUpdate"` | Perform rolling updates by default in the DaemonSet agent ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ |
@ -618,7 +630,7 @@ The following table lists the main configurable parameters of the falco chart v4
 | driver.ebpf.bufSizePreset | int | `4` | bufSizePreset determines the size of the shared space between Falco and its drivers. This shared space serves as a temporary storage for syscall events. |
 | driver.ebpf.dropFailedExit | bool | `false` | dropFailedExit if set true drops failed system call exit events before pushing them to userspace. |
 | driver.ebpf.hostNetwork | bool | `false` | Needed to enable eBPF JIT at runtime for performance reasons. Can be skipped if eBPF JIT is enabled from outside the container |
-| driver.ebpf.leastPrivileged | bool | `false` | Constrain Falco with capabilities instead of running a privileged container. Ensure the eBPF driver is enabled (i.e., setting the `driver.kind` option to `ebpf`). Capabilities used: {CAP_SYS_RESOURCE, CAP_SYS_ADMIN, CAP_SYS_PTRACE}. On kernel versions >= 5.8 'CAP_PERFMON' and 'CAP_BPF' could replace 'CAP_SYS_ADMIN' but please pay attention to the 'kernel.perf_event_paranoid' value on your system. Usually 'kernel.perf_event_paranoid>2' means that you cannot use 'CAP_PERFMON' and you should fallback to 'CAP_SYS_ADMIN', but the behavior changes across different distros. Read more on that here: https://falco.org/docs/event-sources/kernel/#least-privileged-mode-1 |
+| driver.ebpf.leastPrivileged | bool | `false` | Constrain Falco with capabilities instead of running a privileged container. Ensure the eBPF driver is enabled (i.e., setting the `driver.kind` option to `ebpf`). Capabilities used: {CAP_SYS_RESOURCE, CAP_SYS_ADMIN, CAP_SYS_PTRACE}. On kernel versions >= 5.8 'CAP_PERFMON' and 'CAP_BPF' could replace 'CAP_SYS_ADMIN' but please pay attention to the 'kernel.perf_event_paranoid' value on your system. Usually 'kernel.perf_event_paranoid>2' means that you cannot use 'CAP_PERFMON' and you should fallback to 'CAP_SYS_ADMIN', but the behavior changes across different distros. Read more on that here: https://falco.org/docs/setup/container/#docker-least-privileged-ebpf-probe |
 | driver.ebpf.path | string | `"${HOME}/.falco/falco-bpf.o"` | path where the eBPF probe is located. It comes handy when the probe have been installed in the nodes using tools other than the init container deployed with the chart. |
 | driver.enabled | bool | `true` | Set it to false if you want to deploy Falco without the drivers. Always set it to false when using Falco with plugins. |
 | driver.gvisor | object | `{"runsc":{"config":"/run/containerd/runsc/config.toml","path":"/home/containerd/usr/local/sbin","root":"/run/containerd/runsc"}}` | Gvisor configuration. Based on your system you need to set the appropriate values. Please, remember to add pod tolerations and affinities in order to schedule the Falco pods in the gVisor enabled nodes. |
@ -642,20 +654,31 @@ The following table lists the main configurable parameters of the falco chart v4
 | driver.modernEbpf.bufSizePreset | int | `4` | bufSizePreset determines the size of the shared space between Falco and its drivers. This shared space serves as a temporary storage for syscall events. |
 | driver.modernEbpf.cpusForEachBuffer | int | `2` | cpusForEachBuffer is the index that controls how many CPUs to assign to a single syscall buffer. |
 | driver.modernEbpf.dropFailedExit | bool | `false` | dropFailedExit if set true drops failed system call exit events before pushing them to userspace. |
-| driver.modernEbpf.leastPrivileged | bool | `false` | Constrain Falco with capabilities instead of running a privileged container. Ensure the modern bpf driver is enabled (i.e., setting the `driver.kind` option to `modern-bpf`). Capabilities used: {CAP_SYS_RESOURCE, CAP_BPF, CAP_PERFMON, CAP_SYS_PTRACE}. Read more on that here: https://falco.org/docs/event-sources/kernel/#least-privileged-mode-2 |
+| driver.modernEbpf.leastPrivileged | bool | `false` | Constrain Falco with capabilities instead of running a privileged container. Ensure the modern bpf driver is enabled (i.e., setting the `driver.kind` option to `modern-bpf`). Capabilities used: {CAP_SYS_RESOURCE, CAP_BPF, CAP_PERFMON, CAP_SYS_PTRACE}. Read more on that here: https://falco.org/docs/setup/container/#docker-least-privileged-ebpf-probe |
 | extra.args | list | `[]` | Extra command-line arguments. |
 | extra.env | list | `[]` | Extra environment variables that will be pass onto Falco containers. |
 | extra.initContainers | list | `[]` | Additional initContainers for Falco pods. |
-| falco.append_output | list | `[]` |  |
+| falco-talon | object | `{}` | It must be used in conjunction with the response_actions.enabled option. |
+| falco.append_output[0].suggested_output | bool | `true` |  |
 | falco.base_syscalls | object | `{"custom_set":[],"repair":false}` | - [Suggestions]  NOTE: setting `base_syscalls.repair: true` automates the following suggestions for you.  These suggestions are subject to change as Falco and its state engine evolve.  For execve* events: Some Falco fields for an execve* syscall are retrieved from the associated `clone`, `clone3`, `fork`, `vfork` syscalls when spawning a new process. The `close` syscall is used to purge file descriptors from Falco's internal thread / process cache table and is necessary for rules relating to file descriptors (e.g. open, openat, openat2, socket, connect, accept, accept4 ... and many more)  Consider enabling the following syscalls in `base_syscalls.custom_set` for process rules: [clone, clone3, fork, vfork, execve, execveat, close]  For networking related events: While you can log `connect` or `accept*` syscalls without the socket syscall, the log will not contain the ip tuples. Additionally, for `listen` and `accept*` syscalls, the `bind` syscall is also necessary.  We recommend the following as the minimum set for networking-related rules: [clone, clone3, fork, vfork, execve, execveat, close, socket, bind, getsockopt]  Lastly, for tracking the correct `uid`, `gid` or `sid`, `pgid` of a process when the running process opens a file or makes a network connection, consider adding the following to the above recommended syscall sets: ... setresuid, setsid, setuid, setgid, setpgid, setresgid, setsid, capset, chdir, chroot, fchdir ... |
 | falco.buffered_outputs | bool | `false` | Enabling buffering for the output queue can offer performance optimization, efficient resource usage, and smoother data flow, resulting in a more reliable output mechanism. By default, buffering is disabled (false). |
 | falco.config_files[0] | string | `"/etc/falco/config.d"` |  |
+| falco.container_engines.bpm.enabled | bool | `false` |  |
+| falco.container_engines.cri.disable_async | bool | `false` |  |
+| falco.container_engines.cri.enabled | bool | `false` |  |
+| falco.container_engines.cri.sockets[0] | string | `"/run/containerd/containerd.sock"` |  |
+| falco.container_engines.cri.sockets[1] | string | `"/run/crio/crio.sock"` |  |
+| falco.container_engines.cri.sockets[2] | string | `"/run/k3s/containerd/containerd.sock"` |  |
+| falco.container_engines.docker.enabled | bool | `false` |  |
+| falco.container_engines.libvirt_lxc.enabled | bool | `false` |  |
+| falco.container_engines.lxc.enabled | bool | `false` |  |
+| falco.container_engines.podman.enabled | bool | `false` |  |
 | falco.falco_libs.thread_table_size | int | `262144` |  |
 | falco.file_output | object | `{"enabled":false,"filename":"./events.txt","keep_alive":false}` | When appending Falco alerts to a file, each new alert will be added to a new line. It's important to note that Falco does not perform log rotation for this file. If the `keep_alive` option is set to `true`, the file will be opened once and continuously written to, else the file will be reopened for each output message. Furthermore, the file will be closed and reopened if Falco receives the SIGUSR1 signal. |
 | falco.grpc | object | `{"bind_address":"unix:///run/falco/falco.sock","enabled":false,"threadiness":0}` | gRPC server using a local unix socket |
 | falco.grpc.threadiness | int | `0` | When the `threadiness` value is set to 0, Falco will automatically determine the appropriate number of threads based on the number of online cores in the system. |
 | falco.grpc_output | object | `{"enabled":false}` | Use gRPC as an output service.  gRPC is a modern and high-performance framework for remote procedure calls (RPC). It utilizes protocol buffers for efficient data serialization. The gRPC output in Falco provides a modern and efficient way to integrate with other systems. By default the setting is turned off. Enabling this option stores output events in memory until they are consumed by a gRPC client. Ensure that you have a consumer for the output events or leave it disabled. |
-| falco.http_output | object | `{"ca_bundle":"","ca_cert":"","ca_path":"/etc/falco/certs/","client_cert":"/etc/falco/certs/client/client.crt","client_key":"/etc/falco/certs/client/client.key","compress_uploads":false,"echo":false,"enabled":false,"insecure":false,"keep_alive":false,"mtls":false,"url":"","user_agent":"falcosecurity/falco"}` | Send logs to an HTTP endpoint or webhook. |
+| falco.http_output | object | `{"ca_bundle":"","ca_cert":"","ca_path":"/etc/falco/certs/","client_cert":"/etc/falco/certs/client/client.crt","client_key":"/etc/falco/certs/client/client.key","compress_uploads":false,"echo":false,"enabled":false,"insecure":false,"keep_alive":false,"max_consecutive_timeouts":5,"mtls":false,"url":"","user_agent":"falcosecurity/falco"}` | Send logs to an HTTP endpoint or webhook. |
 | falco.http_output.ca_bundle | string | `""` | Path to a specific file that will be used as the CA certificate store. |
 | falco.http_output.ca_cert | string | `""` | Path to the CA certificate that can verify the remote server. |
 | falco.http_output.ca_path | string | `"/etc/falco/certs/"` | Path to a folder that will be used as the CA certificate store. CA certificate need to be stored as indivitual PEM files in this directory. |
@ -667,10 +690,11 @@ The following table lists the main configurable parameters of the falco chart v4
 | falco.http_output.keep_alive | bool | `false` | keep_alive whether to keep alive the connection. |
 | falco.http_output.mtls | bool | `false` | Tell Falco to use mTLS |
 | falco.json_include_message_property | bool | `false` |  |
+| falco.json_include_output_fields_property | bool | `true` |  |
 | falco.json_include_output_property | bool | `true` | When using JSON output in Falco, you have the option to include the "output" property itself in the generated JSON output. The "output" property provides additional information about the purpose of the rule. To reduce the logging volume, it is recommended to turn it off if it's not necessary for your use case. |
 | falco.json_include_tags_property | bool | `true` | When using JSON output in Falco, you have the option to include the "tags" field of the rules in the generated JSON output. The "tags" field provides additional metadata associated with the rule. To reduce the logging volume, if the tags associated with the rule are not needed for your use case or can be added at a later stage, it is recommended to turn it off. |
 | falco.json_output | bool | `false` | When enabled, Falco will output alert messages and rules file loading/validation results in JSON format, making it easier for downstream programs to process and consume the data. By default, this option is disabled. |
-| falco.libs_logger | object | `{"enabled":false,"severity":"debug"}` | The `libs_logger` setting in Falco determines the minimum log level to include in the logs related to the functioning of the software of the underlying `libs` library, which Falco utilizes. This setting is independent of the `priority` field of rules and the `log_level` setting that controls Falco's operational logs. It allows you to specify the desired log level for the `libs` library specifically, providing more granular control over the logging behavior of the underlying components used by Falco. Only logs of a certain severity level or higher will be emitted. Supported levels: "emergency", "alert", "critical", "error", "warning", "notice", "info", "debug". It is not recommended for production use. |
+| falco.libs_logger | object | `{"enabled":true,"severity":"info"}` | The `libs_logger` setting in Falco determines the minimum log level to include in the logs related to the functioning of the software of the underlying `libs` library, which Falco utilizes. This setting is independent of the `priority` field of rules and the `log_level` setting that controls Falco's operational logs. It allows you to specify the desired log level for the `libs` library specifically, providing more granular control over the logging behavior of the underlying components used by Falco. Only logs of a certain severity level or higher will be emitted. Supported levels: "emergency", "alert", "critical", "error", "warning", "notice", "info", "debug". It is not recommended for production use. |
 | falco.load_plugins | list | `[]` | Add here all plugins and their configuration. Please consult the plugins documentation for more info. Remember to add the plugins name in "load_plugins: []" in order to load them in Falco. |
 | falco.log_level | string | `"info"` | The `log_level` setting determines the minimum log level to include in Falco's logs related to the functioning of the software. This setting is separate from the `priority` field of rules and specifically controls the log level of Falco's operational logging. By specifying a log level, you can control the verbosity of Falco's operational logs. Only logs of a certain severity level or higher will be emitted. Supported levels: "emergency", "alert", "critical", "error", "warning", "notice", "info", "debug". |
 | falco.log_stderr | bool | `true` | Send information logs to stderr. Note these are *not* security notification logs! These are just Falco lifecycle (and possibly error) logs. |
@ -707,23 +731,23 @@ The following table lists the main configurable parameters of the falco chart v4
 | falcoctl.artifact.install.mounts | object | `{"volumeMounts":[]}` | A list of volume mounts you want to add to the falcoctl-artifact-install init container. |
 | falcoctl.artifact.install.resources | object | `{}` | Resources requests and limits for the falcoctl-artifact-install init container. |
 | falcoctl.artifact.install.securityContext | object | `{}` | Security context for the falcoctl init container. |
-| falcoctl.config | object | `{"artifact":{"allowedTypes":["rulesfile","plugin"],"follow":{"every":"6h","falcoversions":"http://localhost:8765/versions","pluginsDir":"/plugins","refs":["falco-rules:3"],"rulesfilesDir":"/rulesfiles"},"install":{"pluginsDir":"/plugins","refs":["falco-rules:3"],"resolveDeps":true,"rulesfilesDir":"/rulesfiles"}},"indexes":[{"name":"falcosecurity","url":"https://falcosecurity.github.io/falcoctl/index.yaml"}]}` | Configuration file of the falcoctl tool. It is saved in a configmap and mounted on the falcotl containers. |
-| falcoctl.config.artifact | object | `{"allowedTypes":["rulesfile","plugin"],"follow":{"every":"6h","falcoversions":"http://localhost:8765/versions","pluginsDir":"/plugins","refs":["falco-rules:3"],"rulesfilesDir":"/rulesfiles"},"install":{"pluginsDir":"/plugins","refs":["falco-rules:3"],"resolveDeps":true,"rulesfilesDir":"/rulesfiles"}}` | Configuration used by the artifact commands. |
+| falcoctl.config | object | `{"artifact":{"allowedTypes":["rulesfile","plugin"],"follow":{"every":"6h","falcoversions":"http://localhost:8765/versions","pluginsDir":"/plugins","refs":["falco-rules:4"],"rulesfilesDir":"/rulesfiles"},"install":{"pluginsDir":"/plugins","refs":["falco-rules:4"],"resolveDeps":true,"rulesfilesDir":"/rulesfiles"}},"indexes":[{"name":"falcosecurity","url":"https://falcosecurity.github.io/falcoctl/index.yaml"}]}` | Configuration file of the falcoctl tool. It is saved in a configmap and mounted on the falcotl containers. |
+| falcoctl.config.artifact | object | `{"allowedTypes":["rulesfile","plugin"],"follow":{"every":"6h","falcoversions":"http://localhost:8765/versions","pluginsDir":"/plugins","refs":["falco-rules:4"],"rulesfilesDir":"/rulesfiles"},"install":{"pluginsDir":"/plugins","refs":["falco-rules:4"],"resolveDeps":true,"rulesfilesDir":"/rulesfiles"}}` | Configuration used by the artifact commands. |
 | falcoctl.config.artifact.allowedTypes | list | `["rulesfile","plugin"]` | List of artifact types that falcoctl will handle. If the configured refs resolves to an artifact whose type is not contained in the list it will refuse to downloade and install that artifact. |
 | falcoctl.config.artifact.follow.every | string | `"6h"` | How often the tool checks for new versions of the followed artifacts. |
 | falcoctl.config.artifact.follow.falcoversions | string | `"http://localhost:8765/versions"` | HTTP endpoint that serves the api versions of the Falco instance. It is used to check if the new versions are compatible with the running Falco instance. |
 | falcoctl.config.artifact.follow.pluginsDir | string | `"/plugins"` | See the fields of the artifact.install section. |
-| falcoctl.config.artifact.follow.refs | list | `["falco-rules:3"]` | List of artifacts to be followed by the falcoctl sidecar container. |
+| falcoctl.config.artifact.follow.refs | list | `["falco-rules:4"]` | List of artifacts to be followed by the falcoctl sidecar container. |
 | falcoctl.config.artifact.follow.rulesfilesDir | string | `"/rulesfiles"` | See the fields of the artifact.install section. |
 | falcoctl.config.artifact.install.pluginsDir | string | `"/plugins"` | Same as the one above but for the artifacts. |
-| falcoctl.config.artifact.install.refs | list | `["falco-rules:3"]` | List of artifacts to be installed by the falcoctl init container. |
+| falcoctl.config.artifact.install.refs | list | `["falco-rules:4"]` | List of artifacts to be installed by the falcoctl init container. |
 | falcoctl.config.artifact.install.resolveDeps | bool | `true` | Resolve the dependencies for artifacts. |
 | falcoctl.config.artifact.install.rulesfilesDir | string | `"/rulesfiles"` | Directory where the rulesfiles are saved. The path is relative to the container, which in this case is an emptyDir mounted also by the Falco pod. |
 | falcoctl.config.indexes | list | `[{"name":"falcosecurity","url":"https://falcosecurity.github.io/falcoctl/index.yaml"}]` | List of indexes that falcoctl downloads and uses to locate and download artiafcts. For more info see: https://github.com/falcosecurity/falcoctl/blob/main/proposals/20220916-rules-and-plugin-distribution.md#index-file-overview |
 | falcoctl.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy. |
 | falcoctl.image.registry | string | `"docker.io"` | The image registry to pull from. |
 | falcoctl.image.repository | string | `"falcosecurity/falcoctl"` | The image repository to pull from. |
-| falcoctl.image.tag | string | `"0.10.1"` | The image tag to pull. |
+| falcoctl.image.tag | string | `"0.11.2"` | The image tag to pull. |
 | falcosidekick | object | `{"enabled":false,"fullfqdn":false,"listenPort":""}` | For configuration values, see https://github.com/falcosecurity/charts/blob/master/charts/falcosidekick/values.yaml |
 | falcosidekick.enabled | bool | `false` | Enable falcosidekick deployment. |
 | falcosidekick.fullfqdn | bool | `false` | Enable usage of full FQDN of falcosidekick service (useful when a Proxy is used). |
@ -746,7 +770,7 @@ The following table lists the main configurable parameters of the falco chart v4
 | healthChecks.readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. |
 | image.pullPolicy | string | `"IfNotPresent"` | The image pull policy. |
 | image.registry | string | `"docker.io"` | The image registry to pull from. |
-| image.repository | string | `"falcosecurity/falco-no-driver"` | The image repository to pull from |
+| image.repository | string | `"falcosecurity/falco"` | The image repository to pull from |
 | image.tag | string | `""` | The image tag to pull. Overrides the image tag whose default is the chart appVersion. |
 | imagePullSecrets | list | `[]` | Secrets containing credentials when pulling from private/secure registries. |
 | metrics | object | `{"convertMemoryToMB":true,"enabled":false,"includeEmptyValues":false,"interval":"1h","kernelEventCountersEnabled":true,"kernelEventCountersPerCPUEnabled":false,"libbpfStatsEnabled":true,"outputRule":false,"resourceUtilizationEnabled":true,"rulesCountersEnabled":true,"service":{"annotations":{},"create":true,"labels":{},"ports":{"metrics":{"port":8765,"protocol":"TCP","targetPort":8765}},"type":"ClusterIP"},"stateCountersEnabled":true}` | metrics configures Falco to enable and expose the metrics. |
@ -775,15 +799,18 @@ The following table lists the main configurable parameters of the falco chart v4
 | namespaceOverride | string | `""` | Override the deployment namespace |
 | nodeSelector | object | `{}` | Selectors used to deploy Falco on a given node/nodes. |
 | podAnnotations | object | `{}` | Add additional pod annotations |
+| podHostname | string | `nil` | Override hostname in falco pod |
 | podLabels | object | `{}` | Add additional pod labels |
 | podPriorityClassName | string | `nil` | Set pod priorityClassName |
 | podSecurityContext | object | `{}` | Set securityContext for the pods These security settings are overriden by the ones specified for the specific containers when there is overlap. |
 | rbac.create | bool | `true` |  |
 | resources.limits | object | `{"cpu":"1000m","memory":"1024Mi"}` | Maximum amount of resources that Falco container could get. If you are enabling more than one source in falco, than consider to increase the cpu limits. |
 | resources.requests | object | `{"cpu":"100m","memory":"512Mi"}` | Although resources needed are subjective on the actual workload we provide a sane defaults ones. If you have more questions or concerns, please refer to #falco slack channel for more info about it. |
+| responseActions | object | `{"enabled":false}` | Enable the response actions using Falco Talon. |
 | scc.create | bool | `true` | Create OpenShift's Security Context Constraint. |
 | serviceAccount.annotations | object | `{}` | Annotations to add to the service account. |
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created. |
+| serviceAccount.imagePullSecrets | list | `[]` | Secrets containing credentials when pulling from private/secure registries. |
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | serviceMonitor | object | `{"create":false,"endpointPort":"metrics","interval":"15s","labels":{},"path":"/metrics","relabelings":[],"scheme":"http","scrapeTimeout":"10s","selector":{},"targetLabels":[],"tlsConfig":{}}` | serviceMonitor holds the configuration for the ServiceMonitor CRD. A ServiceMonitor is a custom resource definition (CRD) used to configure how Prometheus should discover and scrape metrics from the Falco service. |
 | serviceMonitor.create | bool | `false` | create specifies whether a ServiceMonitor CRD should be created for a prometheus operator. https://github.com/coreos/prometheus-operator Enable it only if the ServiceMonitor CRD is installed in your cluster. |
--- a/charts/falco/ci/ci-values.yaml
+++ b/charts/falco/ci/ci-values.yaml
@ -1,16 +0,0 @@
-# CI values for Falco.
-# The following values will bypass the installation of the kernel module
-# and disable the kernel space driver.
-
-# disable the kernel space driver
-driver:
-  enabled: false
-
-# make Falco run in userspace only mode
-extra:
-  args:
-    - --userspace
-
-# enforce /proc mounting since Falco still tries to scan it
-mounts:
-  enforceProcMount: true
--- a/charts/falco/templates/NOTES.txt
+++ b/charts/falco/templates/NOTES.txt
@ -41,6 +41,7 @@ WARNING(drivers):

 {{- if and (not (empty .Values.falco.load_plugins)) (or .Values.falcoctl.artifact.follow.enabled .Values.falcoctl.artifact.install.enabled) }}

-WARNING:
-{{ printf "It seems you are loading the following plugins %v, please make sure to install them by adding the correct reference to falcoctl.config.artifact.install.refs: %v" .Values.falco.load_plugins .Values.falcoctl.config.artifact.install.refs -}}
+NOTICE:
+{{ printf "It seems you are loading the following plugins %v, please make sure to install them by specifying the correct reference to falcoctl.config.artifact.install.refs: %v" .Values.falco.load_plugins .Values.falcoctl.config.artifact.install.refs -}}
+{{ printf "Ignore this notice if the value of falcoctl.config.artifact.install.refs is correct already." -}}
 {{- end }}
--- a/charts/falco/templates/_helpers.tpl
+++ b/charts/falco/templates/_helpers.tpl
@ -89,7 +89,7 @@ Return the proper Falco image name
    {{- . }}/
 {{- end -}}
 {{- .Values.image.repository }}:
-{{- .Values.image.tag | default .Chart.AppVersion -}}
+{{- .Values.image.tag | default (printf "%s" .Chart.AppVersion) -}}
 {{- end -}}

 {{/*
@ -414,7 +414,7 @@ true
 {{- end -}}

 {{/*
-Based on the use input it populates the metrics configuration in the falco config map.
+Based on the user input it populates the metrics configuration in the falco config map.
 */}}
 {{- define "falco.metricsConfiguration" -}}
 {{- if .Values.metrics.enabled -}}
@ -433,3 +433,129 @@ Based on the use input it populates the metrics configuration in the falco confi
 {{- $_ = set .Values.falco.metrics "include_empty_values" .Values.metrics.includeEmptyValues -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+This helper is used to add the container plugin to the falco configuration.
+*/}}
+{{ define "falco.containerPlugin" -}}
+{{ if and .Values.driver.enabled .Values.collectors.enabled -}}
+{{ if and (or .Values.collectors.docker.enabled .Values.collectors.crio.enabled .Values.collectors.containerd.enabled) .Values.collectors.containerEngine.enabled -}}
+{{ fail "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated." }}
+{{ else if or .Values.collectors.docker.enabled .Values.collectors.crio.enabled .Values.collectors.containerd.enabled .Values.collectors.containerEngine.enabled -}}
+{{ if or .Values.collectors.docker.enabled .Values.collectors.crio.enabled .Values.collectors.containerd.enabled -}}
+{{ $_ := set .Values.collectors.containerEngine.engines.docker "enabled" .Values.collectors.docker.enabled -}}
+{{ $_ = set .Values.collectors.containerEngine.engines.docker "sockets" (list .Values.collectors.docker.socket) -}}
+{{ $_ = set .Values.collectors.containerEngine.engines.containerd "enabled" .Values.collectors.containerd.enabled -}}
+{{ $_ = set .Values.collectors.containerEngine.engines.containerd "sockets" (list .Values.collectors.containerd.socket) -}}
+{{ $_ = set .Values.collectors.containerEngine.engines.cri "enabled" .Values.collectors.crio.enabled -}}
+{{ $_ = set .Values.collectors.containerEngine.engines.cri "sockets" (list .Values.collectors.crio.socket) -}}
+{{ $_ = set .Values.collectors.containerEngine.engines.podman "enabled" false -}}
+{{ $_ = set .Values.collectors.containerEngine.engines.lxc "enabled" false -}}
+{{ $_ = set .Values.collectors.containerEngine.engines.libvirt_lxc "enabled" false -}}
+{{ $_ = set .Values.collectors.containerEngine.engines.bpm "enabled" false -}}
+{{ end -}}
+{{ $hasConfig := false -}}
+{{ range .Values.falco.plugins -}}
+{{ if eq (get . "name") "container" -}}
+{{ $hasConfig = true -}}
+{{ end -}}
+{{ end -}}
+{{ if not $hasConfig -}}
+{{ $pluginConfig := dict -}}
+{{ with .Values.collectors.containerEngine -}}
+{{ $pluginConfig = dict "name" "container" "library_path" "libcontainer.so" "init_config" (dict "label_max_len" .labelMaxLen "with_size" .withSize "hooks" .hooks "engines" .engines) -}}
+{{ end -}}
+{{ $newConfig := append .Values.falco.plugins $pluginConfig -}}
+{{ $_ := set .Values.falco "plugins" ($newConfig | uniq) -}}
+{{ $loadedPlugins := append .Values.falco.load_plugins "container" -}}
+{{ $_ = set .Values.falco "load_plugins" ($loadedPlugins | uniq) -}}
+{{ end -}}
+{{ $_ := set .Values.falcoctl.config.artifact.install "refs" ((append .Values.falcoctl.config.artifact.install.refs .Values.collectors.containerEngine.pluginRef) | uniq) -}}
+{{ $_ = set .Values.falcoctl.config.artifact "allowedTypes" ((append .Values.falcoctl.config.artifact.allowedTypes "plugin") | uniq) -}}
+{{ end -}}
+{{ end -}}
+{{ end -}}
+
+{{/*
+This helper is used to add container plugin volumes to the falco pod.
+*/}}
+{{- define "falco.containerPluginVolumes" -}}
+{{- if and .Values.driver.enabled .Values.collectors.enabled -}}
+{{- if and (or .Values.collectors.docker.enabled .Values.collectors.crio.enabled .Values.collectors.containerd.enabled) .Values.collectors.containerEngine.enabled -}}
+{{ fail "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated." }}
+{{- end -}}
+{{ $volumes := list -}}
+{{- if .Values.collectors.docker.enabled -}}
+{{ $volumes = append $volumes (dict "name" "docker-socket" "hostPath" (dict "path" .Values.collectors.docker.socket)) -}}
+{{- end -}}
+{{- if .Values.collectors.crio.enabled -}}
+{{ $volumes = append $volumes (dict "name" "crio-socket" "hostPath" (dict "path" .Values.collectors.crio.socket)) -}}
+{{- end -}}
+{{- if .Values.collectors.containerd.enabled -}}
+{{ $volumes = append $volumes (dict "name" "containerd-socket" "hostPath" (dict "path" .Values.collectors.containerd.socket)) -}}
+{{- end -}}
+{{- if .Values.collectors.containerEngine.enabled -}}
+{{- $seenPaths := dict -}}
+{{- $idx := 0 -}}
+{{- $engineOrder := list "docker" "podman" "containerd" "cri" "lxc" "libvirt_lxc" "bpm" -}}
+{{- range $engineName := $engineOrder -}}
+{{- $val := index $.Values.collectors.containerEngine.engines $engineName -}}
+{{- if and $val $val.enabled -}}
+{{- range $index, $socket := $val.sockets -}}
+{{- $mountPath := print "/host" $socket -}}
+{{- if not (hasKey $seenPaths $mountPath) -}}
+{{ $volumes = append $volumes (dict "name" (printf "container-engine-socket-%d" $idx) "hostPath" (dict "path" $socket)) -}}
+{{- $idx = add $idx 1 -}}
+{{- $_ := set $seenPaths $mountPath true -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- if gt (len $volumes) 0 -}}
+{{ toYaml $volumes -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+This helper is used to add container plugin volumeMounts to the falco pod.
+*/}}
+{{- define "falco.containerPluginVolumeMounts" -}}
+{{- if and .Values.driver.enabled .Values.collectors.enabled -}}
+{{- if and (or .Values.collectors.docker.enabled .Values.collectors.crio.enabled .Values.collectors.containerd.enabled) .Values.collectors.containerEngine.enabled -}}
+{{ fail "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated." }}
+{{- end -}}
+{{ $volumeMounts := list -}}
+{{- if .Values.collectors.docker.enabled -}}
+{{ $volumeMounts = append $volumeMounts (dict "name" "docker-socket" "mountPath" (print "/host" .Values.collectors.docker.socket)) -}}
+{{- end -}}
+{{- if .Values.collectors.crio.enabled -}}
+{{ $volumeMounts = append $volumeMounts (dict "name" "crio-socket" "mountPath" (print "/host" .Values.collectors.crio.socket)) -}}
+{{- end -}}
+{{- if .Values.collectors.containerd.enabled -}}
+{{ $volumeMounts = append $volumeMounts (dict "name" "containerd-socket" "mountPath" (print "/host" .Values.collectors.containerd.socket)) -}}
+{{- end -}}
+{{- if .Values.collectors.containerEngine.enabled -}}
+{{- $seenPaths := dict -}}
+{{- $idx := 0 -}}
+{{- $engineOrder := list "docker" "podman" "containerd" "cri" "lxc" "libvirt_lxc" "bpm" -}}
+{{- range $engineName := $engineOrder -}}
+{{- $val := index $.Values.collectors.containerEngine.engines $engineName -}}
+{{- if and $val $val.enabled -}}
+{{- range $index, $socket := $val.sockets -}}
+{{- $mountPath := print "/host" $socket -}}
+{{- if not (hasKey $seenPaths $mountPath) -}}
+{{ $volumeMounts = append $volumeMounts (dict "name" (printf "container-engine-socket-%d" $idx) "mountPath" $mountPath) -}}
+{{- $idx = add $idx 1 -}}
+{{- $_ := set $seenPaths $mountPath true -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+{{- if gt (len $volumeMounts) 0 -}}
+{{ toYaml ($volumeMounts) }}
+{{- end -}}
+{{- end -}}
+{{- end -}}
--- a/charts/falco/templates/configmap.yaml
+++ b/charts/falco/templates/configmap.yaml
@ -11,4 +11,5 @@ data:
    {{- include "k8smeta.configuration" . -}}
    {{- include "falco.engineConfiguration" . -}}
    {{- include "falco.metricsConfiguration" . -}}
+    {{- include "falco.containerPlugin" . -}}
    {{- toYaml .Values.falco | nindent 4 }}
--- a/charts/falco/templates/falcoctl-configmap.yaml
+++ b/charts/falco/templates/falcoctl-configmap.yaml
@ -9,5 +9,6 @@ metadata:
 data:
  falcoctl.yaml: |-
    {{- include "k8smeta.configuration" . -}}
+    {{- include "falco.containerPlugin" . -}}
    {{- toYaml .Values.falcoctl.config | nindent 4 }}
 {{- end }}
--- a/charts/falco/templates/pod-template.tpl
+++ b/charts/falco/templates/pod-template.tpl
@ -27,6 +27,9 @@ metadata:
      {{- toYaml . | nindent 4 }}
    {{- end }}
 spec:
+  {{- if .Values.falco.podHostname }}
+  hostname: {{ .Values.falco.podHostname }}
+  {{- end }}
  serviceAccountName: {{ include "falco.serviceAccountName" . }}
  {{- with .Values.podSecurityContext }}
  securityContext:
@ -60,6 +63,7 @@ spec:
  {{- if eq .Values.driver.kind "gvisor" }}
  hostNetwork: true
  hostPID: true
+  dnsPolicy: ClusterFirstWithHostNet
  {{- end }}
  containers:
    - name: {{ .Chart.Name }}
@ -72,23 +76,6 @@ spec:
      args:
        - /usr/bin/falco
        {{- include "falco.configSyscallSource" . | indent 8 }}
-        {{- with .Values.collectors }}
-        {{- if .enabled }}
-        {{- if .docker.enabled }}
-        - --cri
-        - /var/run/{{ base .docker.socket }}
-        {{- end }}
-        {{- if .containerd.enabled }}
-        - --cri
-        - /run/containerd/{{ base .containerd.socket }}
-        {{- end }}
-        {{- if .crio.enabled }}
-        - --cri
-        - /run/crio/{{ base .crio.socket }}
-        {{- end }}
-        - -pk
-        {{- end }}
-        {{- end }}
    {{- with .Values.extra.args }}
      {{- toYaml . | nindent 8 }}
    {{- end }}
@ -108,6 +95,10 @@ spec:
      {{- end }}
      tty: {{ .Values.tty }}
      {{- if .Values.falco.webserver.enabled }}
+      ports:
+        - containerPort: {{ .Values.falco.webserver.listen_port }}
+          name: web
+          protocol: TCP
      livenessProbe:
        initialDelaySeconds: {{ .Values.healthChecks.livenessProbe.initialDelaySeconds }}
        timeoutSeconds: {{ .Values.healthChecks.livenessProbe.timeoutSeconds }}
@ -130,6 +121,7 @@ spec:
          {{- end }}
      {{- end }}
      volumeMounts:
+      {{- include "falco.containerPluginVolumeMounts" . | nindent 8 -}}
      {{- if or .Values.falcoctl.artifact.install.enabled .Values.falcoctl.artifact.follow.enabled }}
      {{- if has "rulesfile" .Values.falcoctl.config.artifact.allowedTypes }}
        - mountPath: /etc/falco
@ -175,22 +167,6 @@ spec:
        - name: debugfs
          mountPath: /sys/kernel/debug
        {{- end }}
-        {{- with .Values.collectors }}
-        {{- if .enabled }}
-        {{- if .docker.enabled }}
-        - mountPath: /host/var/run/
-          name: docker-socket
-        {{- end }}
-        {{- if .containerd.enabled }}
-        - mountPath: /host/run/containerd/
-          name: containerd-socket
-        {{- end }}
-        {{- if .crio.enabled }}
-        - mountPath: /host/run/crio/
-          name: crio-socket
-        {{- end }}
-        {{- end }}
-        {{- end }}
        - mountPath: /etc/falco/falco.yaml
          name: falco-yaml
          subPath: falco.yaml
@ -240,6 +216,7 @@ spec:
    {{- include "falcoctl.initContainer" . | nindent 4 }}
  {{- end }}
  volumes:
+    {{- include "falco.containerPluginVolumes" . | nindent 4 -}}
    {{- if eq (include "driverLoader.enabled" .) "true" }}
    - name: specialized-falco-configs
      emptyDir: {}
@ -279,25 +256,6 @@ spec:
      hostPath:
        path: /sys/kernel/debug
    {{- end }}
-    {{- with .Values.collectors }}
-    {{- if .enabled }}
-    {{- if .docker.enabled }}
-    - name: docker-socket
-      hostPath:
-        path: {{ dir .docker.socket }}
-    {{- end }}
-    {{- if .containerd.enabled }}
-    - name: containerd-socket
-      hostPath:
-        path: {{ dir .containerd.socket }}
-    {{- end }}
-    {{- if .crio.enabled }}
-    - name: crio-socket
-      hostPath:
-        path: {{ dir .crio.socket }}
-    {{- end }}
-    {{- end }}
-    {{- end }}
    - name: proc-fs
      hostPath:
        path: /proc
--- a/charts/falco/templates/serviceMonitor.yaml
+++ b/charts/falco/templates/serviceMonitor.yaml
@ -37,6 +37,9 @@ spec:
  selector:
    matchLabels:
      {{- include "falco.selectorLabels" . | nindent 6 }}
+      {{- with .Values.serviceMonitor.selector }}
+      {{- toYaml . | nindent 6 }}
+      {{- end }}
      type: "falco-metrics"
  namespaceSelector:
    matchNames:
--- a/charts/falco/templates/serviceaccount.yaml
+++ b/charts/falco/templates/serviceaccount.yaml
@ -1,6 +1,10 @@

 {{- if .Values.serviceAccount.create -}}
 apiVersion: v1
+{{- with .Values.serviceAccount.imagePullSecrets }}
+imagePullSecrets:
+  {{- toYaml . | nindent 2 }}
+{{- end }}
 kind: ServiceAccount
 metadata:
  name: {{ include "falco.serviceAccountName" . }}
--- a/charts/falco/tests/unit/chartInfo.go
+++ b/charts/falco/tests/unit/chartInfo.go
@ -22,7 +22,8 @@ import (
 	"gopkg.in/yaml.v3"
 )

-func chartInfo(t *testing.T, chartPath string) (map[string]interface{}, error) {
+// ChartInfo returns chart's information.
+func ChartInfo(t *testing.T, chartPath string) (map[string]interface{}, error) {
 	// Get chart info.
 	output, err := helm.RunHelmCommandAndGetOutputE(t, &helm.Options{}, "show", "chart", chartPath)
 	if err != nil {
--- a/charts/falco/tests/unit/consts.go
+++ b/charts/falco/tests/unit/consts.go
@ -16,7 +16,14 @@
 package unit

 const (
-	releaseName                  = "rendered-resources"
-	patternK8sMetacollectorFiles = `# Source: falco/charts/k8s-metacollector/templates/([^\n]+)`
-	k8sMetaPluginName            = "k8smeta"
+	// ReleaseName is the name of the release we expect in the rendered resources.
+	ReleaseName = "rendered-resources"
+	// PatternK8sMetacollectorFiles is the regex pattern we expect to find in the rendered resources.
+	PatternK8sMetacollectorFiles = `# Source: falco/charts/k8s-metacollector/templates/([^\n]+)`
+	// K8sMetaPluginName is the name of the k8smeta plugin we expect in the falco configuration.
+	K8sMetaPluginName = "k8smeta"
+	// ContainerPluginName name of the container plugin we expect in the falco configuration.
+	ContainerPluginName = "container"
+	// ChartPath is the path to the chart.
+	ChartPath = "../../.."
 )
--- a/charts/falco/tests/unit/containerPlugin/common.go
+++ b/charts/falco/tests/unit/containerPlugin/common.go
@ -0,0 +1,13 @@
+package containerPlugin
+
+var volumeNames = []string{
+	"docker-socket",
+	"containerd-socket",
+	"crio-socket",
+	"container-engine-socket-0",
+	"container-engine-socket-1",
+	"container-engine-socket-2",
+	"container-engine-socket-3",
+	"container-engine-socket-4",
+	"container-engine-socket-5",
+}
--- a/charts/falco/tests/unit/containerPlugin/containerPluginConfig_test.go
+++ b/charts/falco/tests/unit/containerPlugin/containerPluginConfig_test.go
@ -0,0 +1,767 @@
+package containerPlugin
+
+import (
+	"path/filepath"
+	"slices"
+	"testing"
+
+	"github.com/stretchr/testify/require"
+
+	"gopkg.in/yaml.v3"
+	corev1 "k8s.io/api/core/v1"
+
+	"github.com/falcosecurity/charts/charts/falco/tests/unit"
+	"github.com/gruntwork-io/terratest/modules/helm"
+)
+
+func TestContainerPluginConfiguration(t *testing.T) {
+	t.Parallel()
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
+	require.NoError(t, err)
+
+	testCases := []struct {
+		name     string
+		values   map[string]string
+		expected func(t *testing.T, config any)
+	}{
+		{
+			"defaultValues",
+			nil,
+			func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+
+				// Check engines configurations.
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok, "checking if engines section exists")
+				require.Len(t, engines, 7, "checking number of engines")
+				var engineConfig ContainerEngineConfig
+				// Unmarshal the engines configuration.
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+				// Check the default values for each engine.
+				require.True(t, engineConfig.Docker.Enabled)
+				require.Equal(t, []string{"/var/run/docker.sock"}, engineConfig.Docker.Sockets)
+
+				require.True(t, engineConfig.Podman.Enabled)
+				require.Equal(t, []string{"/run/podman/podman.sock"}, engineConfig.Podman.Sockets)
+
+				require.True(t, engineConfig.Containerd.Enabled)
+				require.Equal(t, []string{"/run/host-containerd/containerd.sock"}, engineConfig.Containerd.Sockets)
+
+				require.True(t, engineConfig.CRI.Enabled)
+				require.Equal(t, []string{"/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock", "/run/host-containerd/containerd.sock"}, engineConfig.CRI.Sockets)
+
+				require.True(t, engineConfig.LXC.Enabled)
+				require.True(t, engineConfig.LibvirtLXC.Enabled)
+				require.True(t, engineConfig.BPM.Enabled)
+			},
+		},
+		{
+			name: "changeDockerSocket",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled":    "true",
+				"collectors.containerEngine.engines.docker.sockets[0]": "/custom/docker.sock",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok)
+
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				require.True(t, engineConfig.Docker.Enabled)
+				require.Equal(t, []string{"/custom/docker.sock"}, engineConfig.Docker.Sockets)
+			},
+		},
+		{
+			name: "changeCriSocket",
+			values: map[string]string{
+				"collectors.containerEngine.engines.cri.enabled":    "true",
+				"collectors.containerEngine.engines.cri.sockets[0]": "/custom/cri.sock",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok)
+
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				require.True(t, engineConfig.CRI.Enabled)
+				require.Equal(t, []string{"/custom/cri.sock"}, engineConfig.CRI.Sockets)
+			},
+		},
+		{
+			name: "disableDockerSocket",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled": "false",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok)
+
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				require.False(t, engineConfig.Docker.Enabled)
+			},
+		},
+		{
+			name: "disableCriSocket",
+			values: map[string]string{
+				"collectors.containerEngine.engines.cri.enabled": "false",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok)
+
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				require.False(t, engineConfig.CRI.Enabled)
+			},
+		},
+		{
+			name: "changeContainerdSocket",
+			values: map[string]string{
+				"collectors.containerEngine.engines.containerd.enabled":    "true",
+				"collectors.containerEngine.engines.containerd.sockets[0]": "/custom/containerd.sock",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok)
+
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				require.True(t, engineConfig.Containerd.Enabled)
+				require.Equal(t, []string{"/custom/containerd.sock"}, engineConfig.Containerd.Sockets)
+			},
+		},
+		{
+			name: "disableContainerdSocket",
+			values: map[string]string{
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok)
+
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				require.False(t, engineConfig.Containerd.Enabled)
+			},
+		},
+		{
+			name:   "defaultContainerEngineConfig",
+			values: map[string]string{},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				require.Equal(t, float64(100), initConfigMap["label_max_len"])
+				require.False(t, initConfigMap["with_size"].(bool))
+
+				hooks := initConfigMap["hooks"].([]interface{})
+				require.Len(t, hooks, 1)
+				require.Contains(t, hooks, "create")
+
+				engines := initConfigMap["engines"].(map[string]interface{})
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				// Check default engine configurations
+				require.True(t, engineConfig.Docker.Enabled)
+				require.Equal(t, []string{"/var/run/docker.sock"}, engineConfig.Docker.Sockets)
+
+				require.True(t, engineConfig.Podman.Enabled)
+				require.Equal(t, []string{"/run/podman/podman.sock"}, engineConfig.Podman.Sockets)
+
+				require.True(t, engineConfig.Containerd.Enabled)
+				require.Equal(t, []string{"/run/host-containerd/containerd.sock"}, engineConfig.Containerd.Sockets)
+
+				require.True(t, engineConfig.CRI.Enabled)
+				require.Equal(t, []string{"/run/containerd/containerd.sock", "/run/crio/crio.sock", "/run/k3s/containerd/containerd.sock", "/run/host-containerd/containerd.sock"}, engineConfig.CRI.Sockets)
+
+				require.True(t, engineConfig.LXC.Enabled)
+				require.True(t, engineConfig.LibvirtLXC.Enabled)
+				require.True(t, engineConfig.BPM.Enabled)
+			},
+		},
+		{
+			name: "customContainerEngineConfig",
+			values: map[string]string{
+				"collectors.docker.enabled":                                "false",
+				"collectors.containerd.enabled":                            "false",
+				"collectors.crio.enabled":                                  "false",
+				"collectors.containerEngine.enabled":                       "true",
+				"collectors.containerEngine.labelMaxLen":                   "200",
+				"collectors.containerEngine.withSize":                      "true",
+				"collectors.containerEngine.hooks[0]":                      "create",
+				"collectors.containerEngine.hooks[1]":                      "start",
+				"collectors.containerEngine.engines.docker.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":        "false",
+				"collectors.containerEngine.engines.containerd.sockets[0]": "/custom/containerd.sock",
+				"collectors.containerEngine.engines.cri.sockets[0]":        "/custom/crio.sock",
+				"collectors.containerEngine.engines.lxc.enabled":           "false",
+				"collectors.containerEngine.engines.libvirt_lxc.enabled":   "false",
+				"collectors.containerEngine.engines.bpm.enabled":           "false",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				require.Equal(t, float64(200), initConfigMap["label_max_len"])
+				require.True(t, initConfigMap["with_size"].(bool))
+
+				hooks := initConfigMap["hooks"].([]interface{})
+				require.Len(t, hooks, 2)
+				require.Contains(t, hooks, "create")
+				require.Contains(t, hooks, "start")
+
+				engines := initConfigMap["engines"].(map[string]interface{})
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				// Check custom engine configurations
+				require.False(t, engineConfig.Docker.Enabled)
+				require.False(t, engineConfig.Podman.Enabled)
+
+				require.True(t, engineConfig.Containerd.Enabled)
+				require.Equal(t, []string{"/custom/containerd.sock"}, engineConfig.Containerd.Sockets)
+
+				require.True(t, engineConfig.CRI.Enabled)
+				require.Equal(t, []string{"/custom/crio.sock"}, engineConfig.CRI.Sockets)
+
+				require.False(t, engineConfig.LXC.Enabled)
+				require.False(t, engineConfig.LibvirtLXC.Enabled)
+				require.False(t, engineConfig.BPM.Enabled)
+			},
+		},
+		{
+			name: "customDockerEngineConfigInContainerEngine",
+			values: map[string]string{
+				"collectors.docker.enabled":                            "false",
+				"collectors.containerd.enabled":                        "false",
+				"collectors.crio.enabled":                              "false",
+				"collectors.containerEngine.enabled":                   "true",
+				"collectors.containerEngine.engines.docker.enabled":    "false",
+				"collectors.containerEngine.engines.docker.sockets[0]": "/custom/docker.sock",
+				"collectors.containerEngine.engines.docker.sockets[1]": "/custom/docker.sock2",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok)
+
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				// Check Docker engine configuration
+				require.False(t, engineConfig.Docker.Enabled)
+				require.Equal(t, []string{"/custom/docker.sock", "/custom/docker.sock2"}, engineConfig.Docker.Sockets)
+			},
+		},
+		{
+			name: "customContainerdEngineConfigInContainerEngine",
+			values: map[string]string{
+				"collectors.docker.enabled":                                "false",
+				"collectors.containerd.enabled":                            "false",
+				"collectors.crio.enabled":                                  "false",
+				"collectors.containerEngine.enabled":                       "true",
+				"collectors.containerEngine.engines.containerd.enabled":    "false",
+				"collectors.containerEngine.engines.containerd.sockets[0]": "/custom/containerd.sock",
+				"collectors.containerEngine.engines.containerd.sockets[1]": "/custom/containerd.sock2",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok)
+
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				// Check Containerd engine configuration
+				require.False(t, engineConfig.Containerd.Enabled)
+				require.Equal(t, []string{"/custom/containerd.sock", "/custom/containerd.sock2"}, engineConfig.Containerd.Sockets)
+			},
+		},
+		{
+			name: "customPodmanEngineConfigInContainerEngine",
+			values: map[string]string{
+				"collectors.docker.enabled":                            "false",
+				"collectors.containerd.enabled":                        "false",
+				"collectors.crio.enabled":                              "false",
+				"collectors.containerEngine.enabled":                   "true",
+				"collectors.containerEngine.engines.podman.enabled":    "true",
+				"collectors.containerEngine.engines.podman.sockets[0]": "/custom/podman.sock",
+				"collectors.containerEngine.engines.podman.sockets[1]": "/custom/podman.sock2",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok)
+
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				// Check Podman engine configuration
+				require.True(t, engineConfig.Podman.Enabled)
+				require.Equal(t, []string{"/custom/podman.sock", "/custom/podman.sock2"}, engineConfig.Podman.Sockets)
+			},
+		},
+		{
+			name: "customCRIEngineConfigInContainerEngine",
+			values: map[string]string{
+				"collectors.docker.enabled":                         "false",
+				"collectors.containerd.enabled":                     "false",
+				"collectors.crio.enabled":                           "false",
+				"collectors.containerEngine.enabled":                "true",
+				"collectors.containerEngine.engines.cri.enabled":    "true",
+				"collectors.containerEngine.engines.cri.sockets[0]": "/custom/cri.sock",
+				"collectors.containerEngine.engines.cri.sockets[1]": "/custom/cri.sock2",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok)
+
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				// Check CRI engine configuration
+				require.True(t, engineConfig.CRI.Enabled)
+				require.Equal(t, []string{"/custom/cri.sock", "/custom/cri.sock2"}, engineConfig.CRI.Sockets)
+			},
+		},
+		{
+			name: "customLXCEngineConfigInContainerEngine",
+			values: map[string]string{
+				"collectors.docker.enabled":                      "false",
+				"collectors.containerd.enabled":                  "false",
+				"collectors.crio.enabled":                        "false",
+				"collectors.containerEngine.enabled":             "true",
+				"collectors.containerEngine.engines.lxc.enabled": "true",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok)
+
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				// Check LXC engine configuration
+				require.True(t, engineConfig.LXC.Enabled)
+			},
+		},
+		{
+			name: "customLibvirtLXCEngineConfigInContainerEngine",
+			values: map[string]string{
+				"collectors.docker.enabled":                              "false",
+				"collectors.containerd.enabled":                          "false",
+				"collectors.crio.enabled":                                "false",
+				"collectors.containerEngine.enabled":                     "true",
+				"collectors.containerEngine.engines.libvirt_lxc.enabled": "true",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok)
+
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				// Check LibvirtLXC engine configuration
+				require.True(t, engineConfig.LibvirtLXC.Enabled)
+			},
+		},
+		{
+			name: "customBPMEngineConfigInContainerEngine",
+			values: map[string]string{
+				"collectors.docker.enabled":                      "false",
+				"collectors.containerd.enabled":                  "false",
+				"collectors.crio.enabled":                        "false",
+				"collectors.containerEngine.enabled":             "true",
+				"collectors.containerEngine.engines.bpm.enabled": "true",
+			},
+			expected: func(t *testing.T, config any) {
+				plugin := config.(map[string]interface{})
+				initConfig, ok := plugin["init_config"]
+				require.True(t, ok)
+
+				initConfigMap := initConfig.(map[string]interface{})
+				engines, ok := initConfigMap["engines"].(map[string]interface{})
+				require.True(t, ok)
+
+				var engineConfig ContainerEngineConfig
+				data, err := yaml.Marshal(engines)
+				require.NoError(t, err)
+				err = yaml.Unmarshal(data, &engineConfig)
+				require.NoError(t, err)
+
+				// Check BPM engine configuration
+				require.True(t, engineConfig.BPM.Enabled)
+			},
+		},
+		{
+			name: "allCollectorsDisabled",
+			values: map[string]string{
+				"collectors.docker.enabled":          "false",
+				"collectors.containerd.enabled":      "false",
+				"collectors.crio.enabled":            "false",
+				"collectors.containerEngine.enabled": "false",
+			},
+			expected: func(t *testing.T, config any) {
+				// When config is nil, it means the plugin wasn't found in the configuration
+				require.Nil(t, config, "container plugin should not be present in configuration when all collectors are disabled")
+
+				// If somehow the config exists (which it shouldn't), verify there are no engine configurations
+				if config != nil {
+					plugin := config.(map[string]interface{})
+					initConfig, ok := plugin["init_config"]
+					if ok {
+						initConfigMap := initConfig.(map[string]interface{})
+						engines, ok := initConfigMap["engines"]
+						if ok {
+							engineMap := engines.(map[string]interface{})
+							require.Empty(t, engineMap, "engines configuration should be empty when all collectors are disabled")
+						}
+					}
+				}
+			},
+		},
+		{
+			name: "allCollectorsDisabledTopLevel",
+			values: map[string]string{
+				"collectors.enabled": "false",
+			},
+			expected: func(t *testing.T, config any) {
+				// When config is nil, it means the plugin wasn't found in the configuration
+				require.Nil(t, config, "container plugin should not be present in configuration when all collectors are disabled")
+
+				// If somehow the config exists (which it shouldn't), verify there are no engine configurations
+				if config != nil {
+					plugin := config.(map[string]interface{})
+					initConfig, ok := plugin["init_config"]
+					if ok {
+						initConfigMap := initConfig.(map[string]interface{})
+						engines, ok := initConfigMap["engines"]
+						if ok {
+							engineMap := engines.(map[string]interface{})
+							require.Empty(t, engineMap, "engines configuration should be empty when all collectors are disabled")
+						}
+					}
+				}
+			},
+		},
+	}
+
+	for _, testCase := range testCases {
+		testCase := testCase
+		t.Run(testCase.name, func(t *testing.T) {
+			t.Parallel()
+
+			options := &helm.Options{SetValues: testCase.values}
+			// Render the chart with the given options.
+			output := helm.RenderTemplate(t, options, helmChartPath, unit.ReleaseName, []string{"templates/configmap.yaml"})
+
+			var cm corev1.ConfigMap
+			// Unmarshal the output into a ConfigMap object.
+			helm.UnmarshalK8SYaml(t, output, &cm)
+
+			// Unmarshal the data field of the ConfigMap into a map.
+			var config map[string]interface{}
+			helm.UnmarshalK8SYaml(t, cm.Data["falco.yaml"], &config)
+
+			// Extract the container plugin configuration.
+			plugins, ok := config["plugins"]
+			require.True(t, ok, "checking if plugins section exists")
+			pluginsList := plugins.([]interface{})
+			found := false
+
+			// Get the container plugin configuration.
+			for _, plugin := range pluginsList {
+				if name, ok := plugin.(map[string]interface{})["name"]; ok && name == unit.ContainerPluginName {
+					testCase.expected(t, plugin)
+					found = true
+				}
+			}
+
+			if found {
+				// Check that the plugin has been added to the ones that are enabled.
+				loadPlugins := config["load_plugins"]
+				require.True(t, slices.Contains(loadPlugins.([]interface{}), unit.ContainerPluginName))
+			} else {
+				testCase.expected(t, nil)
+				loadPlugins := config["load_plugins"]
+				require.False(t, slices.Contains(loadPlugins.([]interface{}), unit.ContainerPluginName))
+			}
+		})
+	}
+}
+
+func TestInvalidCollectorConfiguration(t *testing.T) {
+	t.Parallel()
+
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
+	require.NoError(t, err)
+
+	testCases := []struct {
+		name        string
+		values      map[string]string
+		expectedErr string
+	}{
+		{
+			name: "dockerAndContainerEngine",
+			values: map[string]string{
+				"collectors.docker.enabled":          "true",
+				"collectoars.containerd.enabled":     "false",
+				"collectors.crio.enabled":            "false",
+				"collectors.containerEngine.enabled": "true",
+			},
+			expectedErr: "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated.",
+		},
+		{
+			name: "containerdAndContainerEngine",
+			values: map[string]string{
+				"collectors.docker.enabled":          "false",
+				"collectors.containerd.enabled":      "true",
+				"collectors.crio.enabled":            "false",
+				"collectors.containerEngine.enabled": "true",
+			},
+			expectedErr: "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated.",
+		},
+		{
+			name: "crioAndContainerEngine",
+			values: map[string]string{
+				"collectors.docker.enabled":          "false",
+				"collectoars.containerd.enabled":     "false",
+				"collectors.crio.enabled":            "true",
+				"collectors.containerEngine.enabled": "true",
+			},
+			expectedErr: "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time. Please use the containerEngine configuration since the old configurations are deprecated.",
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			options := &helm.Options{
+				SetValues: tc.values,
+			}
+
+			// Attempt to render the template, expect an error
+			_, err := helm.RenderTemplateE(t, options, helmChartPath, unit.ReleaseName, []string{"templates/configmap.yaml"})
+			require.Error(t, err)
+			require.Contains(t, err.Error(), tc.expectedErr)
+		})
+	}
+}
+
+// Test that the helper does not overwrite user's configuration.
+// And that the container reference is added to the configmap.
+func TestFalcoctlRefs(t *testing.T) {
+	t.Parallel()
+
+	refShouldBeSet := func(t *testing.T, config any) {
+		// Get artifact configuration map.
+		configMap := config.(map[string]interface{})
+		artifactConfig := (configMap["artifact"]).(map[string]interface{})
+		// Test allowed types.
+		allowedTypes := artifactConfig["allowedTypes"]
+		require.Len(t, allowedTypes, 2)
+		require.True(t, slices.Contains(allowedTypes.([]interface{}), "plugin"))
+		require.True(t, slices.Contains(allowedTypes.([]interface{}), "rulesfile"))
+		// Test plugin reference.
+		refs := artifactConfig["install"].(map[string]interface{})["refs"].([]interface{})
+		require.Len(t, refs, 2)
+		require.True(t, slices.Contains(refs, "falco-rules:4"))
+		require.True(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/container:0.3.5"))
+	}
+
+	refShouldNotBeSet := func(t *testing.T, config any) {
+		// Get artifact configuration map.
+		configMap := config.(map[string]interface{})
+		artifactConfig := (configMap["artifact"]).(map[string]interface{})
+		// Test allowed types.
+		allowedTypes := artifactConfig["allowedTypes"]
+		require.Len(t, allowedTypes, 2)
+		require.True(t, slices.Contains(allowedTypes.([]interface{}), "plugin"))
+		require.True(t, slices.Contains(allowedTypes.([]interface{}), "rulesfile"))
+		// Test plugin reference.
+		refs := artifactConfig["install"].(map[string]interface{})["refs"].([]interface{})
+		require.Len(t, refs, 1)
+		require.True(t, slices.Contains(refs, "falco-rules:4"))
+		require.False(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/container:0.3.5"))
+	}
+
+	testCases := []struct {
+		name     string
+		values   map[string]string
+		expected func(t *testing.T, config any)
+	}{
+		{
+			"defaultValues",
+			nil,
+			refShouldBeSet,
+		},
+		{
+			"setPluginConfiguration",
+			map[string]string{
+				"collectors.enabled": "false",
+			},
+			refShouldNotBeSet,
+		},
+		{
+			"driver disabled",
+			map[string]string{
+				"driver.enabled": "false",
+			},
+			refShouldNotBeSet,
+		},
+	}
+
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
+	require.NoError(t, err)
+
+	for _, testCase := range testCases {
+		testCase := testCase
+
+		t.Run(testCase.name, func(t *testing.T) {
+			t.Parallel()
+
+			options := &helm.Options{SetValues: testCase.values}
+			output := helm.RenderTemplate(t, options, helmChartPath, unit.ReleaseName, []string{"templates/falcoctl-configmap.yaml"})
+
+			var cm corev1.ConfigMap
+			helm.UnmarshalK8SYaml(t, output, &cm)
+			var config map[string]interface{}
+			helm.UnmarshalK8SYaml(t, cm.Data["falcoctl.yaml"], &config)
+			testCase.expected(t, config)
+		})
+	}
+}
+
+type ContainerEngineSocket struct {
+	Enabled bool     `yaml:"enabled"`
+	Sockets []string `yaml:"sockets,omitempty"`
+}
+
+type ContainerEngineConfig struct {
+	Docker     ContainerEngineSocket `yaml:"docker"`
+	Podman     ContainerEngineSocket `yaml:"podman"`
+	Containerd ContainerEngineSocket `yaml:"containerd"`
+	CRI        ContainerEngineSocket `yaml:"cri"`
+	LXC        ContainerEngineSocket `yaml:"lxc"`
+	LibvirtLXC ContainerEngineSocket `yaml:"libvirt_lxc"`
+	BPM        ContainerEngineSocket `yaml:"bpm"`
+}
--- a/charts/falco/tests/unit/containerPlugin/volumeMounts_test.go
+++ b/charts/falco/tests/unit/containerPlugin/volumeMounts_test.go
@ -0,0 +1,310 @@
+package containerPlugin
+
+import (
+	"path/filepath"
+	"slices"
+	"testing"
+
+	"github.com/falcosecurity/charts/charts/falco/tests/unit"
+	"github.com/gruntwork-io/terratest/modules/helm"
+	"github.com/stretchr/testify/require"
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+)
+
+func TestContainerPluginVolumeMounts(t *testing.T) {
+	t.Parallel()
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
+	require.NoError(t, err)
+
+	testCases := []struct {
+		name     string
+		values   map[string]string
+		expected func(t *testing.T, volumeMounts []corev1.VolumeMount)
+	}{
+		{
+			name:   "defaultValues",
+			values: nil,
+			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
+				require.Len(t, volumeMounts, 6)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
+				require.Equal(t, "/host/var/run/docker.sock", volumeMounts[0].MountPath)
+				require.Equal(t, "container-engine-socket-1", volumeMounts[1].Name)
+				require.Equal(t, "/host/run/podman/podman.sock", volumeMounts[1].MountPath)
+				require.Equal(t, "container-engine-socket-2", volumeMounts[2].Name)
+				require.Equal(t, "/host/run/host-containerd/containerd.sock", volumeMounts[2].MountPath)
+				require.Equal(t, "container-engine-socket-3", volumeMounts[3].Name)
+				require.Equal(t, "/host/run/containerd/containerd.sock", volumeMounts[3].MountPath)
+				require.Equal(t, "container-engine-socket-4", volumeMounts[4].Name)
+				require.Equal(t, "/host/run/crio/crio.sock", volumeMounts[4].MountPath)
+				require.Equal(t, "container-engine-socket-5", volumeMounts[5].Name)
+				require.Equal(t, "/host/run/k3s/containerd/containerd.sock", volumeMounts[5].MountPath)
+			},
+		},
+		{
+			name: "defaultDockerVolumeMount",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled":     "true",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
+				require.Len(t, volumeMounts, 1)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
+				require.Equal(t, "/host/var/run/docker.sock", volumeMounts[0].MountPath)
+			},
+		},
+		{
+			name: "customDockerSocket",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled":     "true",
+				"collectors.containerEngine.engines.docker.sockets[0]":  "/custom/docker.sock",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
+				require.Len(t, volumeMounts, 1)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
+				require.Equal(t, "/host/custom/docker.sock", volumeMounts[0].MountPath)
+			},
+		},
+		{
+			name: "defaultCriVolumeMount",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "true",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
+				require.Len(t, volumeMounts, 4)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
+				require.Equal(t, "/host/run/containerd/containerd.sock", volumeMounts[0].MountPath)
+				require.Equal(t, "container-engine-socket-1", volumeMounts[1].Name)
+				require.Equal(t, "/host/run/crio/crio.sock", volumeMounts[1].MountPath)
+				require.Equal(t, "container-engine-socket-2", volumeMounts[2].Name)
+				require.Equal(t, "/host/run/k3s/containerd/containerd.sock", volumeMounts[2].MountPath)
+				require.Equal(t, "container-engine-socket-3", volumeMounts[3].Name)
+				require.Equal(t, "/host/run/host-containerd/containerd.sock", volumeMounts[3].MountPath)
+			},
+		},
+		{
+			name: "customCriSocket",
+			values: map[string]string{
+				"collectors.containerEngine.engines.cri.enabled":        "true",
+				"collectors.containerEngine.engines.cri.sockets[0]":     "/custom/crio.sock",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
+				require.Len(t, volumeMounts, 1)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
+				require.Equal(t, "/host/custom/crio.sock", volumeMounts[0].MountPath)
+			},
+		},
+		{
+			name: "defaultContainerdVolumeMount",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.containerd.enabled": "true",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
+				require.Len(t, volumeMounts, 1)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
+				require.Equal(t, "/host/run/host-containerd/containerd.sock", volumeMounts[0].MountPath)
+			},
+		},
+		{
+			name: "customContainerdSocket",
+			values: map[string]string{
+				"collectors.containerEngine.engines.containerd.enabled":    "true",
+				"collectors.containerEngine.engines.containerd.sockets[0]": "/custom/containerd.sock",
+				"collectors.containerEngine.engines.cri.enabled":           "false",
+				"collectors.containerEngine.engines.docker.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":        "false",
+			},
+			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
+				require.Len(t, volumeMounts, 1)
+				require.Equal(t, "container-engine-socket-0", volumeMounts[0].Name)
+				require.Equal(t, "/host/custom/containerd.sock", volumeMounts[0].MountPath)
+			},
+		},
+		{
+			name:   "ContainerEnginesDefaultValues",
+			values: map[string]string{},
+			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
+				require.Len(t, volumeMounts, 6)
+
+				// dockerV := findVolumeMount("docker-socket-0", volumeMounts)
+				// require.NotNil(t, dockerV)
+				// require.Equal(t, "/host/var/run/docker.sock", dockerV.MountPath)
+
+				// podmanV := findVolumeMount("podman-socket-0", volumeMounts)
+				// require.NotNil(t, podmanV)
+				// require.Equal(t, "/host/run/podman/podman.sock", podmanV.MountPath)
+
+				// containerdV := findVolumeMount("containerd-socket-0", volumeMounts)
+				// require.NotNil(t, containerdV)
+				// require.Equal(t, "/host/run/host-containerd/containerd.sock", containerdV.MountPath)
+
+				// crioV0 := findVolumeMount("cri-socket-0", volumeMounts)
+				// require.NotNil(t, crioV0)
+				// require.Equal(t, "/host/run/containerd/containerd.sock", crioV0.MountPath)
+
+				// crioV1 := findVolumeMount("cri-socket-1", volumeMounts)
+				// require.NotNil(t, crioV1)
+				// require.Equal(t, "/host/run/crio/crio.sock", crioV1.MountPath)
+
+				// crioV2 := findVolumeMount("cri-socket-2", volumeMounts)
+				// require.NotNil(t, crioV2)
+				// require.Equal(t, "/host/run/k3s/containerd/containerd.sock", crioV2.MountPath)
+			},
+		},
+		{
+			name: "ContainerEnginesDockerWithMultipleSockets",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled":     "true",
+				"collectors.containerEngine.engines.docker.sockets[0]":  "/var/run/docker.sock",
+				"collectors.containerEngine.engines.docker.sockets[1]":  "/custom/docker.sock",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
+				require.Len(t, volumeMounts, 2)
+
+				dockerV0 := findVolumeMount("container-engine-socket-0", volumeMounts)
+				require.NotNil(t, dockerV0)
+				require.Equal(t, "/host/var/run/docker.sock", dockerV0.MountPath)
+
+				dockerV1 := findVolumeMount("container-engine-socket-1", volumeMounts)
+				require.NotNil(t, dockerV1)
+				require.Equal(t, "/host/custom/docker.sock", dockerV1.MountPath)
+			},
+		},
+		{
+			name: "ContainerEnginesCrioWithMultipleSockets",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "true",
+				"collectors.containerEngine.engines.cri.sockets[0]":     "/run/crio/crio.sock",
+				"collectors.containerEngine.engines.cri.sockets[1]":     "/custom/crio.sock",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
+				require.Len(t, volumeMounts, 2)
+
+				crioV0 := findVolumeMount("container-engine-socket-0", volumeMounts)
+				require.NotNil(t, crioV0)
+				require.Equal(t, "/host/run/crio/crio.sock", crioV0.MountPath)
+
+				crioV1 := findVolumeMount("container-engine-socket-1", volumeMounts)
+				require.NotNil(t, crioV1)
+				require.Equal(t, "/host/custom/crio.sock", crioV1.MountPath)
+			},
+		},
+		{
+			name: "noVolumeMountsWhenCollectorsDisabled",
+			values: map[string]string{
+				"collectors.enabled": "false",
+			},
+			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
+				require.Len(t, volumeMounts, 0)
+			},
+		},
+		{
+			name: "noVolumeMountsWhenDriverDisabled",
+			values: map[string]string{
+				"driver.enabled": "false",
+			},
+			expected: func(t *testing.T, volumeMounts []corev1.VolumeMount) {
+				require.Len(t, volumeMounts, 0)
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			options := &helm.Options{
+				SetValues: tc.values,
+			}
+
+			// Render the template
+			output := helm.RenderTemplate(t, options, helmChartPath, unit.ReleaseName, []string{"templates/daemonset.yaml"})
+
+			// Parse the YAML output
+			var daemonset appsv1.DaemonSet
+			helm.UnmarshalK8SYaml(t, output, &daemonset)
+
+			// Find volumeMounts in the falco container
+			var pluginVolumeMounts []corev1.VolumeMount
+			for _, container := range daemonset.Spec.Template.Spec.Containers {
+				if container.Name == "falco" {
+					for _, volumeMount := range container.VolumeMounts {
+						if slices.Contains(volumeNames, volumeMount.Name) {
+							pluginVolumeMounts = append(pluginVolumeMounts, volumeMount)
+						}
+					}
+				}
+			}
+
+			// Run the test case's assertions
+			tc.expected(t, pluginVolumeMounts)
+		})
+	}
+}
+
+func TestInvalidVolumeMountConfiguration(t *testing.T) {
+	t.Parallel()
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
+	require.NoError(t, err)
+
+	testCases := []struct {
+		name        string
+		values      map[string]string
+		expectedErr string
+	}{
+		{
+			name: "bothOldAndNewConfigEnabled",
+			values: map[string]string{
+				"collectors.docker.enabled":          "true",
+				"collectors.containerEngine.enabled": "true",
+			},
+			expectedErr: "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time",
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			options := &helm.Options{
+				SetValues: tc.values,
+			}
+
+			// Attempt to render the template, expect an error
+			_, err := helm.RenderTemplateE(t, options, helmChartPath, unit.ReleaseName, []string{"templates/daemonset.yaml"})
+			require.Error(t, err)
+			require.Contains(t, err.Error(), tc.expectedErr)
+		})
+	}
+}
+
+func findVolumeMount(name string, volumeMounts []corev1.VolumeMount) *corev1.VolumeMount {
+	for _, v := range volumeMounts {
+		if v.Name == name {
+			return &v
+		}
+	}
+	return nil
+}
--- a/charts/falco/tests/unit/containerPlugin/volumes_test.go
+++ b/charts/falco/tests/unit/containerPlugin/volumes_test.go
@ -0,0 +1,373 @@
+package containerPlugin
+
+import (
+	"path/filepath"
+	"slices"
+	"testing"
+
+	appsv1 "k8s.io/api/apps/v1"
+	corev1 "k8s.io/api/core/v1"
+
+	"github.com/falcosecurity/charts/charts/falco/tests/unit"
+	"github.com/gruntwork-io/terratest/modules/helm"
+	"github.com/stretchr/testify/require"
+)
+
+func TestContainerPluginVolumes(t *testing.T) {
+	t.Parallel()
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
+	require.NoError(t, err)
+
+	testCases := []struct {
+		name     string
+		values   map[string]string
+		expected func(t *testing.T, volumes []corev1.Volume)
+	}{
+		{
+			name:   "defaultValues",
+			values: nil,
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 6)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/var/run/docker.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/run/podman/podman.sock", volumes[1].HostPath.Path)
+				require.Equal(t, "container-engine-socket-2", volumes[2].Name)
+				require.Equal(t, "/run/host-containerd/containerd.sock", volumes[2].HostPath.Path)
+				require.Equal(t, "container-engine-socket-3", volumes[3].Name)
+				require.Equal(t, "/run/containerd/containerd.sock", volumes[3].HostPath.Path)
+				require.Equal(t, "container-engine-socket-4", volumes[4].Name)
+				require.Equal(t, "/run/crio/crio.sock", volumes[4].HostPath.Path)
+				require.Equal(t, "container-engine-socket-5", volumes[5].Name)
+				require.Equal(t, "/run/k3s/containerd/containerd.sock", volumes[5].HostPath.Path)
+			},
+		},
+		{
+			name: "defaultDockerVolume",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled":     "true",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 1)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/var/run/docker.sock", volumes[0].HostPath.Path)
+			},
+		},
+		{
+			name: "customDockerSocket",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled":     "true",
+				"collectors.containerEngine.engines.docker.sockets[0]":  "/custom/docker.sock",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 1)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/custom/docker.sock", volumes[0].HostPath.Path)
+			},
+		},
+		{
+			name: "defaultCriVolume",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "true",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 4)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/run/containerd/containerd.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/run/crio/crio.sock", volumes[1].HostPath.Path)
+				require.Equal(t, "container-engine-socket-2", volumes[2].Name)
+				require.Equal(t, "/run/k3s/containerd/containerd.sock", volumes[2].HostPath.Path)
+				require.Equal(t, "container-engine-socket-3", volumes[3].Name)
+				require.Equal(t, "/run/host-containerd/containerd.sock", volumes[3].HostPath.Path)
+			},
+		},
+		{
+			name: "customCrioSocket",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.cri.enabled":        "true",
+				"collectors.containerEngine.engines.cri.sockets[0]":     "/custom/crio.sock",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 1)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/custom/crio.sock", volumes[0].HostPath.Path)
+			},
+		},
+		{
+			name: "defaultContainerdVolume",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.containerd.enabled": "true",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 1)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/run/host-containerd/containerd.sock", volumes[0].HostPath.Path)
+			},
+		},
+		{
+			name: "customContainerdSocket",
+			values: map[string]string{
+				"collectors.containerEngine.engines.docker.enabled":        "false",
+				"collectors.containerEngine.engines.containerd.enabled":    "true",
+				"collectors.containerEngine.engines.containerd.sockets[0]": "/custom/containerd.sock",
+				"collectors.containerEngine.engines.cri.enabled":           "false",
+				"collectors.containerEngine.engines.podman.enabled":        "false",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 1)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/custom/containerd.sock", volumes[0].HostPath.Path)
+			},
+		},
+
+		{
+			name: "ContainerEnginesDefaultValues",
+			values: map[string]string{
+				"collectors.docker.enabled":          "false",
+				"collectors.containerd.enabled":      "false",
+				"collectors.crio.enabled":            "false",
+				"collectors.containerEngine.enabled": "true",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 6)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/var/run/docker.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/run/podman/podman.sock", volumes[1].HostPath.Path)
+				require.Equal(t, "container-engine-socket-2", volumes[2].Name)
+				require.Equal(t, "/run/host-containerd/containerd.sock", volumes[2].HostPath.Path)
+				require.Equal(t, "container-engine-socket-3", volumes[3].Name)
+				require.Equal(t, "/run/containerd/containerd.sock", volumes[3].HostPath.Path)
+				require.Equal(t, "container-engine-socket-4", volumes[4].Name)
+				require.Equal(t, "/run/crio/crio.sock", volumes[4].HostPath.Path)
+				require.Equal(t, "container-engine-socket-5", volumes[5].Name)
+				require.Equal(t, "/run/k3s/containerd/containerd.sock", volumes[5].HostPath.Path)
+			},
+		},
+		{
+			name: "ContainerEnginesDockerWithMultipleSockets",
+			values: map[string]string{
+				"collectors.docker.enabled":                             "false",
+				"collectors.containerd.enabled":                         "false",
+				"collectors.crio.enabled":                               "false",
+				"collectors.containerEngine.enabled":                    "true",
+				"collectors.containerEngine.engines.docker.enabled":     "true",
+				"collectors.containerEngine.engines.docker.sockets[0]":  "/var/run/docker.sock",
+				"collectors.containerEngine.engines.docker.sockets[1]":  "/custom/docker.sock",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 2)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/var/run/docker.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/custom/docker.sock", volumes[1].HostPath.Path)
+			},
+		},
+		{
+			name: "ContainerEnginesCrioWithMultipleSockets",
+			values: map[string]string{
+				"collectors.docker.enabled":                             "false",
+				"collectors.containerd.enabled":                         "false",
+				"collectors.crio.enabled":                               "false",
+				"collectors.containerEngine.enabled":                    "true",
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "true",
+				"collectors.containerEngine.engines.cri.sockets[0]":     "/run/crio/crio.sock",
+				"collectors.containerEngine.engines.cri.sockets[1]":     "/custom/crio.sock",
+				"collectors.containerEngine.engines.podman.enabled":     "false",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 2)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/run/crio/crio.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/custom/crio.sock", volumes[1].HostPath.Path)
+			},
+		},
+		{
+			name: "ContainerEnginesPodmanWithMultipleSockets",
+			values: map[string]string{
+				"collectors.docker.enabled":                             "false",
+				"collectors.containerd.enabled":                         "false",
+				"collectors.crio.enabled":                               "false",
+				"collectors.containerEngine.enabled":                    "true",
+				"collectors.containerEngine.engines.docker.enabled":     "false",
+				"collectors.containerEngine.engines.containerd.enabled": "false",
+				"collectors.containerEngine.engines.cri.enabled":        "false",
+				"collectors.containerEngine.engines.podman.enabled":     "true",
+				"collectors.containerEngine.engines.podman.sockets[0]":  "/run/podman/podman.sock",
+				"collectors.containerEngine.engines.podman.sockets[1]":  "/custom/podman.sock",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 2)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/run/podman/podman.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/custom/podman.sock", volumes[1].HostPath.Path)
+			},
+		},
+		{
+			name: "ContainerEnginesContainerdWithMultipleSockets",
+			values: map[string]string{
+				"collectors.docker.enabled":                                "false",
+				"collectors.containerd.enabled":                            "false",
+				"collectors.crio.enabled":                                  "false",
+				"collectors.containerEngine.enabled":                       "true",
+				"collectors.containerEngine.engines.docker.enabled":        "false",
+				"collectors.containerEngine.engines.containerd.enabled":    "true",
+				"collectors.containerEngine.engines.containerd.sockets[0]": "/run/containerd/containerd.sock",
+				"collectors.containerEngine.engines.containerd.sockets[1]": "/custom/containerd.sock",
+				"collectors.containerEngine.engines.cri.enabled":           "false",
+				"collectors.containerEngine.engines.podman.enabled":        "false",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 2)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/run/containerd/containerd.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/custom/containerd.sock", volumes[1].HostPath.Path)
+			},
+		},
+		{
+			name: "ContainerEnginesMultipleWithCustomSockets",
+			values: map[string]string{
+				"collectors.docker.enabled":                             "false",
+				"collectors.containerd.enabled":                         "false",
+				"collectors.crio.enabled":                               "false",
+				"collectors.containerEngine.enabled":                    "true",
+				"collectors.containerEngine.engines.docker.enabled":     "true",
+				"collectors.containerEngine.engines.docker.sockets[0]":  "/custom/docker/socket.sock",
+				"collectors.containerEngine.engines.containerd.enabled": "true",
+				"collectors.containerEngine.engines.cri.enabled":        "true",
+				"collectors.containerEngine.engines.cri.sockets[0]":     "/var/custom/crio.sock",
+				"collectors.containerEngine.engines.podman.enabled":     "true",
+				"collectors.containerEngine.engines.podman.sockets[0]":  "/run/podman/podman.sock",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 4)
+				require.Equal(t, "container-engine-socket-0", volumes[0].Name)
+				require.Equal(t, "/custom/docker/socket.sock", volumes[0].HostPath.Path)
+				require.Equal(t, "container-engine-socket-1", volumes[1].Name)
+				require.Equal(t, "/run/podman/podman.sock", volumes[1].HostPath.Path)
+				require.Equal(t, "container-engine-socket-2", volumes[2].Name)
+				require.Equal(t, "/run/host-containerd/containerd.sock", volumes[2].HostPath.Path)
+				require.Equal(t, "container-engine-socket-3", volumes[3].Name)
+				require.Equal(t, "/var/custom/crio.sock", volumes[3].HostPath.Path)
+			},
+		},
+		{
+			name: "noVolumesWhenCollectorsDisabled",
+			values: map[string]string{
+				"collectors.enabled": "false",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 0)
+			},
+		},
+		{
+			name: "noVolumesWhenDriverDisabled",
+			values: map[string]string{
+				"driver.enabled": "false",
+			},
+			expected: func(t *testing.T, volumes []corev1.Volume) {
+				require.Len(t, volumes, 0)
+			},
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			options := &helm.Options{
+				SetValues: tc.values,
+			}
+
+			// Render the template
+			output := helm.RenderTemplate(t, options, helmChartPath, unit.ReleaseName, []string{"templates/daemonset.yaml"})
+
+			// Parse the YAML output
+			var daemonset appsv1.DaemonSet
+			helm.UnmarshalK8SYaml(t, output, &daemonset)
+
+			// Find volumes that match our container plugin pattern
+			var pluginVolumes []corev1.Volume
+			for _, volume := range daemonset.Spec.Template.Spec.Volumes {
+				// Check if the volume is for container sockets
+				if volume.HostPath != nil && slices.Contains(volumeNames, volume.Name) {
+					pluginVolumes = append(pluginVolumes, volume)
+				}
+			}
+
+			// Run the test case's assertions
+			tc.expected(t, pluginVolumes)
+		})
+	}
+}
+
+func TestInvalidVolumeConfiguration(t *testing.T) {
+	t.Parallel()
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
+	require.NoError(t, err)
+
+	testCases := []struct {
+		name        string
+		values      map[string]string
+		expectedErr string
+	}{
+		{
+			name: "bothOldAndNewConfigEnabled",
+			values: map[string]string{
+				"collectors.docker.enabled":          "true",
+				"collectors.containerEngine.enabled": "true",
+			},
+			expectedErr: "You can not enable any of the [docker, containerd, crio] collectors configuration and the containerEngine configuration at the same time",
+		},
+	}
+
+	for _, tc := range testCases {
+		tc := tc
+		t.Run(tc.name, func(t *testing.T) {
+			t.Parallel()
+
+			options := &helm.Options{
+				SetValues: tc.values,
+			}
+
+			// Attempt to render the template, expect an error
+			_, err := helm.RenderTemplateE(t, options, helmChartPath, unit.ReleaseName, []string{"templates/daemonset.yaml"})
+			require.Error(t, err)
+			require.Contains(t, err.Error(), tc.expectedErr)
+		})
+	}
+}
+
+func findVolume(name string, volumes []corev1.Volume) *corev1.Volume {
+	for _, v := range volumes {
+		if v.Name == name {
+			return &v
+		}
+	}
+	return nil
+}
--- a/charts/falco/tests/unit/falcoTemplates/driverConfig_test.go
+++ b/charts/falco/tests/unit/falcoTemplates/driverConfig_test.go
@ -13,10 +13,11 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-package unit
+package falcoTemplates

 import (
 	"fmt"
+	"github.com/falcosecurity/charts/charts/falco/tests/unit"
 	"path/filepath"
 	"strings"
 	"testing"
@ -29,7 +30,7 @@ import (
 func TestDriverConfigInFalcoConfig(t *testing.T) {
 	t.Parallel()

-	helmChartPath, err := filepath.Abs(chartPath)
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
 	require.NoError(t, err)

 	testCases := []struct {
@ -241,7 +242,7 @@ func TestDriverConfigInFalcoConfig(t *testing.T) {
 			t.Parallel()

 			options := &helm.Options{SetValues: testCase.values}
-			output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/configmap.yaml"})
+			output := helm.RenderTemplate(t, options, helmChartPath, unit.ReleaseName, []string{"templates/configmap.yaml"})

 			var cm corev1.ConfigMap
 			helm.UnmarshalK8SYaml(t, output, &cm)
@ -257,14 +258,14 @@ func TestDriverConfigInFalcoConfig(t *testing.T) {
 func TestDriverConfigWithUnsupportedDriver(t *testing.T) {
 	t.Parallel()

-	helmChartPath, err := filepath.Abs(chartPath)
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
 	require.NoError(t, err)

 	values := map[string]string{
 		"driver.kind": "notExisting",
 	}
 	options := &helm.Options{SetValues: values}
-	_, err = helm.RenderTemplateE(t, options, helmChartPath, releaseName, []string{"templates/configmap.yaml"})
+	_, err = helm.RenderTemplateE(t, options, helmChartPath, unit.ReleaseName, []string{"templates/configmap.yaml"})
 	require.Error(t, err)
 	require.True(t, strings.Contains(err.Error(),
 		"unsupported driver kind: \"notExisting\". Supported drivers [kmod ebpf modern_ebpf gvisor auto], alias [module modern-bpf]"))
--- a/charts/falco/tests/unit/falcoTemplates/driverLoader_test.go
+++ b/charts/falco/tests/unit/falcoTemplates/driverLoader_test.go
@ -13,9 +13,10 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-package unit
+package falcoTemplates

 import (
+	"github.com/falcosecurity/charts/charts/falco/tests/unit"
 	"path/filepath"
 	"testing"

@ -38,7 +39,7 @@ var (

 	configmapEnvVar = v1.EnvVar{
 		Name:  "FALCOCTL_DRIVER_CONFIG_CONFIGMAP",
-		Value: releaseName + "-falco",
+		Value: unit.ReleaseName + "-falco",
 	}

 	updateConfigMapEnvVar = v1.EnvVar{
@ -51,7 +52,7 @@ var (
 func TestDriverLoaderEnabled(t *testing.T) {
 	t.Parallel()

-	helmChartPath, err := filepath.Abs(chartPath)
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
 	require.NoError(t, err)

 	testCases := []struct {
@ -197,7 +198,7 @@ func TestDriverLoaderEnabled(t *testing.T) {
 			t.Parallel()

 			options := &helm.Options{SetValues: testCase.values}
-			output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/daemonset.yaml"})
+			output := helm.RenderTemplate(t, options, helmChartPath, unit.ReleaseName, []string{"templates/daemonset.yaml"})

 			var ds appsv1.DaemonSet
 			helm.UnmarshalK8SYaml(t, output, &ds)
--- a/charts/falco/tests/unit/falcoTemplates/grafanaDashboards_test.go
+++ b/charts/falco/tests/unit/falcoTemplates/grafanaDashboards_test.go
@ -13,10 +13,11 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-package unit
+package falcoTemplates

 import (
 	"fmt"
+	"github.com/falcosecurity/charts/charts/falco/tests/unit"
 	"io"
 	"os"
 	"path/filepath"
@ -40,7 +41,7 @@ type grafanaDashboardsTemplateTest struct {
 func TestGrafanaDashboardsTemplate(t *testing.T) {
 	t.Parallel()

-	chartFullPath, err := filepath.Abs(chartPath)
+	chartFullPath, err := filepath.Abs(unit.ChartPath)
 	require.NoError(t, err)

 	suite.Run(t, &grafanaDashboardsTemplateTest{
@ -131,7 +132,7 @@ func (g *grafanaDashboardsTemplateTest) TestConfig() {
 			// Check that contains the right label.
 			g.Contains(cfgMap.Labels, "grafana_dashboard")
 			// Check that the dashboard is contained in the config map.
-			file, err := os.Open("../../dashboards/falco-dashboard.json")
+			file, err := os.Open("../../../dashboards/falco-dashboard.json")
 			g.NoError(err)
 			content, err := io.ReadAll(file)
 			g.NoError(err)
--- a/charts/falco/tests/unit/falcoTemplates/metricsConfig_test.go
+++ b/charts/falco/tests/unit/falcoTemplates/metricsConfig_test.go
@ -13,9 +13,10 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-package unit
+package falcoTemplates

 import (
+	"github.com/falcosecurity/charts/charts/falco/tests/unit"
 	"path/filepath"
 	"testing"

@ -52,7 +53,7 @@ type webServerConfig struct {
 func TestMetricsConfigInFalcoConfig(t *testing.T) {
 	t.Parallel()

-	helmChartPath, err := filepath.Abs(chartPath)
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
 	require.NoError(t, err)

 	testCases := []struct {
@ -167,7 +168,7 @@ func TestMetricsConfigInFalcoConfig(t *testing.T) {
 			t.Parallel()

 			options := &helm.Options{SetValues: testCase.values}
-			output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/configmap.yaml"})
+			output := helm.RenderTemplate(t, options, helmChartPath, unit.ReleaseName, []string{"templates/configmap.yaml"})

 			var cm corev1.ConfigMap
 			helm.UnmarshalK8SYaml(t, output, &cm)
--- a/charts/falco/tests/unit/falcoTemplates/serviceAccount_test.go
+++ b/charts/falco/tests/unit/falcoTemplates/serviceAccount_test.go
@ -1,6 +1,7 @@
-package unit
+package falcoTemplates

 import (
+	"github.com/falcosecurity/charts/charts/falco/tests/unit"
 	"github.com/gruntwork-io/terratest/modules/helm"
 	"github.com/stretchr/testify/require"
 	corev1 "k8s.io/api/core/v1"
@ -12,7 +13,7 @@ import (
 func TestServiceAccount(t *testing.T) {
 	t.Parallel()

-	helmChartPath, err := filepath.Abs(chartPath)
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
 	require.NoError(t, err)

 	testCases := []struct {
@ -45,7 +46,7 @@ func TestServiceAccount(t *testing.T) {
 			t.Parallel()

 			options := &helm.Options{SetValues: testCase.values}
-			output, err := helm.RenderTemplateE(t, options, helmChartPath, releaseName, []string{"templates/serviceaccount.yaml"})
+			output, err := helm.RenderTemplateE(t, options, helmChartPath, unit.ReleaseName, []string{"templates/serviceaccount.yaml"})
 			if err != nil {
 				require.True(t, strings.Contains(err.Error(), "Error: could not find template templates/serviceaccount.yaml in chart"))
 			}
--- a/charts/falco/tests/unit/falcoTemplates/serviceMonitorTemplate_test.go
+++ b/charts/falco/tests/unit/falcoTemplates/serviceMonitorTemplate_test.go
@ -13,10 +13,11 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-package unit
+package falcoTemplates

 import (
 	"encoding/json"
+	"github.com/falcosecurity/charts/charts/falco/tests/unit"
 	"path/filepath"
 	"reflect"
 	"testing"
@ -38,7 +39,7 @@ type serviceMonitorTemplateTest struct {
 func TestServiceMonitorTemplate(t *testing.T) {
 	t.Parallel()

-	chartFullPath, err := filepath.Abs(chartPath)
+	chartFullPath, err := filepath.Abs(unit.ChartPath)
 	require.NoError(t, err)

 	suite.Run(t, &serviceMonitorTemplateTest{
@ -83,7 +84,12 @@ func (s *serviceMonitorTemplateTest) TestEndpoint() {
 }

 func (s *serviceMonitorTemplateTest) TestNamespaceSelector() {
-	options := &helm.Options{SetValues: map[string]string{"serviceMonitor.create": "true"}}
+	selectorsLabelJson := `{
+			"app.kubernetes.io/instance": "my-falco",
+			"foo": "bar"
+		}`
+	options := &helm.Options{SetValues: map[string]string{"serviceMonitor.create": "true"},
+		SetJsonValues: map[string]string{"serviceMonitor.selector": selectorsLabelJson}}
 	output := helm.RenderTemplate(s.T(), options, s.chartPath, s.releaseName, s.templates)

 	var svcMonitor monitoringv1.ServiceMonitor
@ -91,3 +97,64 @@ func (s *serviceMonitorTemplateTest) TestNamespaceSelector() {
 	s.Len(svcMonitor.Spec.NamespaceSelector.MatchNames, 1)
 	s.Equal("default", svcMonitor.Spec.NamespaceSelector.MatchNames[0])
 }
+
+func (s *serviceMonitorTemplateTest) TestServiceMonitorSelector() {
+	testCases := []struct {
+		name     string
+		values   string
+		expected map[string]string
+	}{
+		{
+			"defaultValues",
+			"",
+			map[string]string{
+				"app.kubernetes.io/instance": "falco-test",
+				"app.kubernetes.io/name":     "falco",
+				"type":                       "falco-metrics",
+			},
+		},
+		{
+			"customValues",
+			`{
+			"foo": "bar"
+		}`,
+			map[string]string{
+				"app.kubernetes.io/instance": "falco-test",
+				"app.kubernetes.io/name":     "falco",
+				"foo":                        "bar",
+				"type":                       "falco-metrics",
+			},
+		},
+		{
+			"overwriteDefaultValues",
+			`{
+			"app.kubernetes.io/instance": "falco-overwrite",
+			"foo": "bar"
+		}`,
+			map[string]string{
+				"app.kubernetes.io/instance": "falco-overwrite",
+				"app.kubernetes.io/name":     "falco",
+				"foo":                        "bar",
+				"type":                       "falco-metrics",
+			},
+		},
+	}
+
+	for _, testCase := range testCases {
+		testCase := testCase
+
+		s.Run(testCase.name, func() {
+			subT := s.T()
+			subT.Parallel()
+
+			options := &helm.Options{SetValues: map[string]string{"serviceMonitor.create": "true"},
+				SetJsonValues: map[string]string{"serviceMonitor.selector": testCase.values}}
+			output := helm.RenderTemplate(s.T(), options, s.chartPath, s.releaseName, s.templates)
+
+			var svcMonitor monitoringv1.ServiceMonitor
+			helm.UnmarshalK8SYaml(s.T(), output, &svcMonitor)
+
+			s.Equal(testCase.expected, svcMonitor.Spec.Selector.MatchLabels, "should be the same")
+		})
+	}
+}
--- a/charts/falco/tests/unit/falcoTemplates/serviceTemplate_test.go
+++ b/charts/falco/tests/unit/falcoTemplates/serviceTemplate_test.go
@ -13,10 +13,11 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-package unit
+package falcoTemplates

 import (
 	"fmt"
+	"github.com/falcosecurity/charts/charts/falco/tests/unit"
 	"path/filepath"
 	"testing"

@ -37,7 +38,7 @@ type serviceTemplateTest struct {
 func TestServiceTemplate(t *testing.T) {
 	t.Parallel()

-	chartFullPath, err := filepath.Abs(chartPath)
+	chartFullPath, err := filepath.Abs(unit.ChartPath)
 	require.NoError(t, err)

 	suite.Run(t, &serviceTemplateTest{
@ -61,7 +62,7 @@ func (s *serviceTemplateTest) TestDefaultLabelsValues() {
 	output, err := helm.RenderTemplateE(s.T(), options, s.chartPath, s.releaseName, s.templates)
 	s.NoError(err, "should render template")

-	cInfo, err := chartInfo(s.T(), s.chartPath)
+	cInfo, err := unit.ChartInfo(s.T(), s.chartPath)
 	s.NoError(err)
 	// Get app version.
 	appVersion, found := cInfo["appVersion"]
@ -96,16 +97,14 @@ func (s *serviceTemplateTest) TestDefaultLabelsValues() {
 	}
 }

-
 func (s *serviceTemplateTest) TestCustomLabelsValues() {
 	options := &helm.Options{SetValues: map[string]string{"metrics.enabled": "true",
 		"metrics.service.labels.customLabel": "customLabelValues"}}
 	output, err := helm.RenderTemplateE(s.T(), options, s.chartPath, s.releaseName, s.templates)

-
 	s.NoError(err, "should render template")

-	cInfo, err := chartInfo(s.T(), s.chartPath)
+	cInfo, err := unit.ChartInfo(s.T(), s.chartPath)
 	s.NoError(err)
 	// Get app version.
 	appVersion, found := cInfo["appVersion"]
@ -139,7 +138,7 @@ func (s *serviceTemplateTest) TestCustomLabelsValues() {
 		expectedVal := labels[key]
 		s.Equal(expectedVal, value)
 	}
- 
+
 }

 func (s *serviceTemplateTest) TestDefaultAnnotationsValues() {
@ -149,7 +148,7 @@ func (s *serviceTemplateTest) TestDefaultAnnotationsValues() {
 	s.NoError(err)

 	var svc corev1.Service
- 	helm.UnmarshalK8SYaml(s.T(), output, &svc)
+	helm.UnmarshalK8SYaml(s.T(), output, &svc)
 	s.Nil(svc.Annotations, "should be nil")
 }

@ -175,4 +174,4 @@ func (s *serviceTemplateTest) TestCustomAnnotationsValues() {
 		expectedVal := annotations[key]
 		s.Equal(expectedVal, value)
 	}
-}
+}
--- a/charts/falco/tests/unit/k8smetaPlugin/k8smetacollectorDependency_test.go
+++ b/charts/falco/tests/unit/k8smetaPlugin/k8smetacollectorDependency_test.go
@ -13,7 +13,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.

-package unit
+package k8smetaPlugin

 import (
 	"encoding/json"
@ -23,6 +23,8 @@ import (
 	"strings"
 	"testing"

+	"github.com/falcosecurity/charts/charts/falco/tests/unit"
+
 	"slices"

 	"github.com/gruntwork-io/terratest/modules/helm"
@ -30,22 +32,20 @@ import (
 	corev1 "k8s.io/api/core/v1"
 )

-const chartPath = "../../"
-
 // Using the default values we want to test that all the expected resources for the k8s-metacollector are rendered.
 func TestRenderedResourcesWithDefaultValues(t *testing.T) {
 	t.Parallel()

-	helmChartPath, err := filepath.Abs(chartPath)
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
 	require.NoError(t, err)

 	options := &helm.Options{}
 	// Template the chart using the default values.yaml file.
-	output, err := helm.RenderTemplateE(t, options, helmChartPath, releaseName, nil)
+	output, err := helm.RenderTemplateE(t, options, helmChartPath, unit.ReleaseName, nil)
 	require.NoError(t, err)

 	// Extract all rendered files from the output.
-	re := regexp.MustCompile(patternK8sMetacollectorFiles)
+	re := regexp.MustCompile(unit.PatternK8sMetacollectorFiles)
 	matches := re.FindAllStringSubmatch(output, -1)
 	require.Len(t, matches, 0)

@ -54,7 +54,7 @@ func TestRenderedResourcesWithDefaultValues(t *testing.T) {
 func TestRenderedResourcesWhenNotEnabled(t *testing.T) {
 	t.Parallel()

-	helmChartPath, err := filepath.Abs(chartPath)
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
 	require.NoError(t, err)

 	// Template files that we expect to be rendered.
@ -73,11 +73,11 @@ func TestRenderedResourcesWhenNotEnabled(t *testing.T) {
 	}}

 	// Template the chart using the default values.yaml file.
-	output, err := helm.RenderTemplateE(t, options, helmChartPath, releaseName, nil)
+	output, err := helm.RenderTemplateE(t, options, helmChartPath, unit.ReleaseName, nil)
 	require.NoError(t, err)

 	// Extract all rendered files from the output.
-	re := regexp.MustCompile(patternK8sMetacollectorFiles)
+	re := regexp.MustCompile(unit.PatternK8sMetacollectorFiles)
 	matches := re.FindAllStringSubmatch(output, -1)

 	var renderedTemplates []string
@ -99,7 +99,7 @@ func TestRenderedResourcesWhenNotEnabled(t *testing.T) {
 func TestPluginConfigurationInFalcoConfig(t *testing.T) {
 	t.Parallel()

-	helmChartPath, err := filepath.Abs(chartPath)
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
 	require.NoError(t, err)

 	testCases := []struct {
@ -125,7 +125,7 @@ func TestPluginConfigurationInFalcoConfig(t *testing.T) {
 				require.Equal(t, "${FALCO_K8S_NODE_NAME}", nodeName.(string))
 				// Check that the collector hostname is correctly set.
 				hostName := initConfigMap["collectorHostname"]
-				require.Equal(t, fmt.Sprintf("%s-k8s-metacollector.default.svc", releaseName), hostName.(string))
+				require.Equal(t, fmt.Sprintf("%s-k8s-metacollector.default.svc", unit.ReleaseName), hostName.(string))
 				// Check that the loglevel has been set.
 				verbosity := initConfigMap["verbosity"]
 				require.Equal(t, "info", verbosity.(string))
@ -157,7 +157,7 @@ func TestPluginConfigurationInFalcoConfig(t *testing.T) {
 				require.Equal(t, "${FALCO_K8S_NODE_NAME}", nodeName.(string))
 				// Check that the collector hostname is correctly set.
 				hostName := initConfigMap["collectorHostname"]
-				require.Equal(t, fmt.Sprintf("%s-k8s-metacollector.test.svc", releaseName), hostName.(string))
+				require.Equal(t, fmt.Sprintf("%s-k8s-metacollector.test.svc", unit.ReleaseName), hostName.(string))
 				// Check that the loglevel has been set.
 				verbosity := initConfigMap["verbosity"]
 				require.Equal(t, "info", verbosity.(string))
@ -327,7 +327,7 @@ func TestPluginConfigurationInFalcoConfig(t *testing.T) {
 				require.Equal(t, "${FALCO_K8S_NODE_NAME}", nodeName.(string))
 				// Check that the collector hostname is correctly set.
 				hostName := initConfigMap["collectorHostname"]
-				require.Equal(t, fmt.Sprintf("%s-k8s-metacollector.default.svc", releaseName), hostName.(string))
+				require.Equal(t, fmt.Sprintf("%s-k8s-metacollector.default.svc", unit.ReleaseName), hostName.(string))
 				// Check that the loglevel has been set.
 				verbosity := initConfigMap["verbosity"]
 				require.Equal(t, "info", verbosity.(string))
@ -361,7 +361,7 @@ func TestPluginConfigurationInFalcoConfig(t *testing.T) {
 				require.Equal(t, "${FALCO_K8S_NODE_NAME}", nodeName.(string))
 				// Check that the collector hostname is correctly set.
 				hostName := initConfigMap["collectorHostname"]
-				require.Equal(t, fmt.Sprintf("%s-k8s-metacollector.default.svc", releaseName), hostName.(string))
+				require.Equal(t, fmt.Sprintf("%s-k8s-metacollector.default.svc", unit.ReleaseName), hostName.(string))
 				// Check that the loglevel has been set.
 				verbosity := initConfigMap["verbosity"]
 				require.Equal(t, "trace", verbosity.(string))
@ -398,7 +398,7 @@ func TestPluginConfigurationInFalcoConfig(t *testing.T) {
 			}

 			options := &helm.Options{SetValues: testCase.values}
-			output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/configmap.yaml"})
+			output := helm.RenderTemplate(t, options, helmChartPath, unit.ReleaseName, []string{"templates/configmap.yaml"})

 			var cm corev1.ConfigMap
 			helm.UnmarshalK8SYaml(t, output, &cm)
@ -410,7 +410,7 @@ func TestPluginConfigurationInFalcoConfig(t *testing.T) {
 			found := false
 			// Find the k8smeta plugin configuration.
 			for _, plugin := range pluginsArray {
-				if name, ok := plugin.(map[string]interface{})["name"]; ok && name == k8sMetaPluginName {
+				if name, ok := plugin.(map[string]interface{})["name"]; ok && name == unit.K8sMetaPluginName {
 					testCase.expected(t, plugin)
 					found = true
 				}
@ -418,11 +418,11 @@ func TestPluginConfigurationInFalcoConfig(t *testing.T) {
 			if found {
 				// Check that the plugin has been added to the ones that need to be loaded.
 				loadplugins := config["load_plugins"]
-				require.True(t, slices.Contains(loadplugins.([]interface{}), k8sMetaPluginName))
+				require.True(t, slices.Contains(loadplugins.([]interface{}), unit.K8sMetaPluginName))
 			} else {
 				testCase.expected(t, nil)
 				loadplugins := config["load_plugins"]
-				require.True(t, !slices.Contains(loadplugins.([]interface{}), k8sMetaPluginName))
+				require.True(t, !slices.Contains(loadplugins.([]interface{}), unit.K8sMetaPluginName))
 			}
 		})
 	}
@ -456,21 +456,68 @@ func TestPluginConfigurationUniqueEntries(t *testing.T) {
        },
        "library_path": "libk8smeta.so",
        "name": "k8smeta"
+    },
+    {
+        "init_config": {
+            "engines": {
+                "bpm": {
+                    "enabled": false
+                },
+                "containerd": {
+                    "enabled": true,
+                    "sockets": [
+                        "/run/containerd/containerd.sock"
+                    ]
+                },
+                "cri": {
+                    "enabled": true,
+                    "sockets": [
+                        "/run/crio/crio.sock"
+                    ]
+                },
+                "docker": {
+                    "enabled": true,
+                    "sockets": [
+                        "/var/run/docker.sock"
+                    ]
+                },
+                "libvirt_lxc": {
+                    "enabled": false
+                },
+                "lxc": {
+                    "enabled": false
+                },
+                "podman": {
+                    "enabled": false,
+                    "sockets": [
+                        "/run/podman/podman.sock"
+                    ]
+                }
+            },
+            "hooks": [
+                "create"
+            ],
+            "label_max_len": 100,
+            "with_size": false
+        },
+        "library_path": "libcontainer.so",
+        "name": "container"
    }
 ]`

 	loadPluginsJSON := `[
    "k8smeta",
-	"k8saudit"
+	"k8saudit",
+	"container"
 ]`
-	helmChartPath, err := filepath.Abs(chartPath)
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
 	require.NoError(t, err)

 	options := &helm.Options{SetJsonValues: map[string]string{
 		"falco.plugins":      pluginsJSON,
 		"falco.load_plugins": loadPluginsJSON,
 	}, SetValues: map[string]string{"collectors.kubernetes.enabled": "true"}}
-	output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/configmap.yaml"})
+	output := helm.RenderTemplate(t, options, helmChartPath, unit.ReleaseName, []string{"templates/configmap.yaml"})

 	var cm corev1.ConfigMap
 	helm.UnmarshalK8SYaml(t, output, &cm)
@ -486,7 +533,7 @@ func TestPluginConfigurationUniqueEntries(t *testing.T) {
 	// Find the k8smeta plugin configuration.
 	numConfigK8smeta := 0
 	for _, plugin := range pluginsArray {
-		if name, ok := plugin.(map[string]interface{})["name"]; ok && name == k8sMetaPluginName {
+		if name, ok := plugin.(map[string]interface{})["name"]; ok && name == unit.K8sMetaPluginName {
 			numConfigK8smeta++
 		}
 	}
@ -495,8 +542,8 @@ func TestPluginConfigurationUniqueEntries(t *testing.T) {

 	// Check that the plugin has been added to the ones that need to be loaded.
 	loadplugins := config["load_plugins"]
-	require.Len(t, loadplugins.([]interface{}), 2)
-	require.True(t, slices.Contains(loadplugins.([]interface{}), k8sMetaPluginName))
+	require.Len(t, loadplugins.([]interface{}), 3)
+	require.True(t, slices.Contains(loadplugins.([]interface{}), unit.K8sMetaPluginName))
 }

 // Test that the helper does not overwrite user's configuration.
@ -541,9 +588,10 @@ func TestFalcoctlRefs(t *testing.T) {
 		require.True(t, slices.Contains(allowedTypes.([]interface{}), "rulesfile"))
 		// Test plugin reference.
 		refs := artifactConfig["install"].(map[string]interface{})["refs"].([]interface{})
-		require.Len(t, refs, 2)
-		require.True(t, slices.Contains(refs, "falco-rules:3"))
-		require.True(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.2.1"))
+		require.Len(t, refs, 3)
+		require.True(t, slices.Contains(refs, "falco-rules:4"))
+		require.True(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.3.1"))
+		require.True(t, slices.Contains(refs, "ghcr.io/falcosecurity/plugins/plugin/container:0.3.5"))
 	}

 	testCases := []struct {
@ -579,7 +627,7 @@ func TestFalcoctlRefs(t *testing.T) {
 		},
 	}

-	helmChartPath, err := filepath.Abs(chartPath)
+	helmChartPath, err := filepath.Abs(unit.ChartPath)
 	require.NoError(t, err)

 	for _, testCase := range testCases {
@ -589,7 +637,7 @@ func TestFalcoctlRefs(t *testing.T) {
 			t.Parallel()

 			options := &helm.Options{SetJsonValues: testCase.valuesJSON, SetValues: map[string]string{"collectors.kubernetes.enabled": "true"}}
-			output := helm.RenderTemplate(t, options, helmChartPath, releaseName, []string{"templates/falcoctl-configmap.yaml"})
+			output := helm.RenderTemplate(t, options, helmChartPath, unit.ReleaseName, []string{"templates/falcoctl-configmap.yaml"})

 			var cm corev1.ConfigMap
 			helm.UnmarshalK8SYaml(t, output, &cm)
--- a/charts/falco/values-gvisor-gke.yaml
+++ b/charts/falco/values-gvisor-gke.yaml
@ -53,11 +53,11 @@ falcoctl:
      install:
        # -- List of artifacts to be installed by the falcoctl init container.
        # We do not recommend installing (or following) plugins for security reasons since they are executable objects.
-        refs: [falco-rules:3]
+        refs: [falco-rules:4]
      follow:
        # -- List of artifacts to be followed by the falcoctl sidecar container.
        # We do not recommend installing (or following) plugins for security reasons since they are executable objects.
-        refs: [falco-rules:3]
+        refs: [falco-rules:4]

 # Set this to true to force Falco so output the logs as soon as they are emmitted.
 tty: false
--- a/charts/falco/values-k8saudit.yaml
+++ b/charts/falco/values-k8saudit.yaml
@ -14,7 +14,6 @@ controller:
    # For more info check the section on Plugins in the README.md file.
    replicas: 1

-
 falcoctl:
  artifact:
    install:
@ -27,10 +26,10 @@ falcoctl:
    artifact:
      install:
        # -- List of artifacts to be installed by the falcoctl init container.
-        refs: [k8saudit-rules:0.7]
+        refs: [k8saudit-rules:0.11, k8saudit:0.11]
      follow:
        # -- List of artifacts to be followed by the falcoctl sidecar container.
-        refs: [k8saudit-rules:0.7]
+        refs: [k8saudit-rules:0.11]

 services:
  - name: k8saudit-webhook
--- a/charts/falco/values-syscall-k8saudit.yaml
+++ b/charts/falco/values-syscall-k8saudit.yaml
@ -30,10 +30,10 @@ falcoctl:
    artifact:
      install:
        # -- List of artifacts to be installed by the falcoctl init container.
-        refs: [falco-rules:3, k8saudit-rules:0.7]
+        refs: [falco-rules:4, k8saudit-rules:0.11, k8saudit:0.11]
      follow:
        # -- List of artifacts to be followed by the falcoctl sidecar container.
-        refs: [falco-rules:3, k8saudit-rules:0.7]
+        refs: [falco-rules:4, k8saudit-rules:0.11, k8saudit:0.11]

 services:
  - name: k8saudit-webhook
--- a/charts/falco/values.yaml
+++ b/charts/falco/values.yaml
@ -10,7 +10,7 @@ image:
  # -- The image registry to pull from.
  registry: docker.io
  # -- The image repository to pull from
-  repository: falcosecurity/falco-no-driver
+  repository: falcosecurity/falco
  # -- The image tag to pull. Overrides the image tag whose default is the chart appVersion.
  tag: ""

@ -27,6 +27,8 @@ namespaceOverride: ""
 podAnnotations: {}

 serviceAccount:
+  # -- Secrets containing credentials when pulling from private/secure registries.
+  imagePullSecrets: []
  # -- Specifies whether a service account should be created.
  create: true
  # -- Annotations to add to the service account.
@ -299,7 +301,7 @@ driver:
    # Capabilities used: {CAP_SYS_RESOURCE, CAP_SYS_ADMIN, CAP_SYS_PTRACE}.
    # On kernel versions >= 5.8 'CAP_PERFMON' and 'CAP_BPF' could replace 'CAP_SYS_ADMIN' but please pay attention to the 'kernel.perf_event_paranoid' value on your system.
    # Usually 'kernel.perf_event_paranoid>2' means that you cannot use 'CAP_PERFMON' and you should fallback to 'CAP_SYS_ADMIN', but the behavior changes across different distros.
-    # Read more on that here: https://falco.org/docs/event-sources/kernel/#least-privileged-mode-1
+    # Read more on that here: https://falco.org/docs/setup/container/#docker-least-privileged-ebpf-probe
    leastPrivileged: false
    # -- bufSizePreset determines the size of the shared space between Falco and its drivers.
    # This shared space serves as a temporary storage for syscall events.
@ -310,7 +312,7 @@ driver:
    # -- Constrain Falco with capabilities instead of running a privileged container.
    # Ensure the modern bpf driver is enabled (i.e., setting the `driver.kind` option to `modern-bpf`).
    # Capabilities used: {CAP_SYS_RESOURCE, CAP_BPF, CAP_PERFMON, CAP_SYS_PTRACE}.
-    # Read more on that here: https://falco.org/docs/event-sources/kernel/#least-privileged-mode-2
+    # Read more on that here: https://falco.org/docs/setup/container/#docker-least-privileged-ebpf-probe
    leastPrivileged: false
    # -- bufSizePreset determines the size of the shared space between Falco and its drivers.
    # This shared space serves as a temporary storage for syscall events.
@ -360,24 +362,73 @@ collectors:
  # -- Enable/disable all the metadata collectors.
  enabled: true

+  # -- This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead.
  docker:
    # -- Enable Docker support.
-    enabled: true
+    enabled: false
    # -- The path of the Docker daemon socket.
    socket: /var/run/docker.sock

+  # -- This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead.
  containerd:
    # -- Enable ContainerD support.
-    enabled: true
+    enabled: false
    # -- The path of the ContainerD socket.
-    socket: /run/containerd/containerd.sock
+    socket: /run/host-containerd/containerd.sock

+  # -- This collector is deprecated and will be removed in the future. Please use the containerEngine collector instead.
  crio:
    # -- Enable CRI-O support.
-    enabled: true
+    enabled: false
    # -- The path of the CRI-O socket.
    socket: /run/crio/crio.sock

+  # -- This collector is the new container engine collector that replaces the old docker, containerd, crio and podman collectors.
+  # It is designed to collect metadata from various container engines and provide a unified interface through the container plugin.
+  # When enabled, it will deploy the container plugin and use it to collect metadata from the container engines.
+  # Keep in mind that the old collectors (docker, containerd, crio, podman) will use the container plugin to collect metadata under the hood.
+  containerEngine:
+    # -- Enable Container Engine support.
+    enabled: true
+    # -- pluginRef is the OCI reference for the container plugin. It could be a full reference such as
+    # "ghcr.io/falcosecurity/plugins/plugin/container:0.3.5". Or just name + tag: container:0.3.5.
+    pluginRef: "ghcr.io/falcosecurity/plugins/plugin/container:0.3.5"
+    # -- labelMaxLen is the maximum length of the labels that can be used in the container plugin.
+    # container labels larger than this value won't be collected.
+    labelMaxLen: 100
+    # -- withSize specifies whether to enable container size inspection, which is inherently slow.
+    withSize: false
+    # -- hooks specify the hooks that will be used to collect metadata from the container engine.
+    # The available hooks are: create, start.
+    hooks: ["create"]
+    # -- engines specify the container engines that will be used to collect metadata.
+    # See https://github.com/falcosecurity/plugins/blob/main/plugins/container/README.md#configuration
+    engines:
+      docker:
+        enabled: true
+        sockets: ["/var/run/docker.sock"]
+      podman:
+        enabled: true
+        sockets: ["/run/podman/podman.sock"]
+      containerd:
+        enabled: true
+        sockets: ["/run/host-containerd/containerd.sock"]
+      cri:
+        enabled: true
+        sockets:
+          [
+            "/run/containerd/containerd.sock",
+            "/run/crio/crio.sock",
+            "/run/k3s/containerd/containerd.sock",
+            "/run/host-containerd/containerd.sock",
+          ]
+      lxc:
+        enabled: true
+      libvirt_lxc:
+        enabled: true
+      bpm:
+        enabled: true
+
  # -- kubernetes holds the configuration for the kubernetes collector. Starting from version 0.37.0 of Falco, the legacy
  # kubernetes client has been removed. A new standalone component named k8s-metacollector and a Falco plugin have been developed
  # to solve the issues that were present in the old implementation. More info here: https://github.com/falcosecurity/falco/issues/2973
@ -392,7 +443,7 @@ collectors:
    enabled: false
    # --pluginRef is the OCI reference for the k8smeta plugin. It could be a full reference such as:
    # "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.1.0". Or just name + tag: k8smeta:0.1.0.
-    pluginRef: "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.2.1"
+    pluginRef: "ghcr.io/falcosecurity/plugins/plugin/k8smeta:0.3.1"
    # -- collectorHostname is the address of the k8s-metacollector. When not specified it will be set to match
    # k8s-metacollector service. e.x: falco-k8smetacollecto.falco.svc. If for any reason you need to override
    # it, make sure to set here the address of the k8s-metacollector.
@ -408,9 +459,9 @@ collectors:
    # In Falco usually we put the host '/proc' folder under '/host/proc' so
    # the default for this config is '/host'.
    # The path used here must not have a final '/'.
+    # Deprecated since falco 0.41.0 and k8smeta 0.3.0.
    hostProc: /host

-
 ###########################
 # Extras and customization #
 ############################
@ -423,6 +474,9 @@ extra:
  # -- Additional initContainers for Falco pods.
  initContainers: []

+# -- Override hostname in falco pod
+podHostname:
+
 # -- certificates used by webserver and grpc server.
 # paste certificate content or use helm with --set-file
 # or use existing secret containing key, crt, ca as well as pem bundle
@ -470,6 +524,14 @@ falcosidekick:
  # -- Listen port. Default value: 2801
  listenPort: ""

+# -- Enable the response actions using Falco Talon.
+responseActions:
+  enabled: false
+
+# -- For configuration values, see https://github.com/falcosecurity/charts/blob/master/charts/falco-talon/values.yaml
+# -- It must be used in conjunction with the response_actions.enabled option.
+falco-talon: {}
+
 ####################
 # falcoctl config  #
 ####################
@ -482,7 +544,7 @@ falcoctl:
    # -- The image repository to pull from.
    repository: falcosecurity/falcoctl
    # -- The image tag to pull.
-    tag: "0.10.1"
+    tag: "0.11.2"
  artifact:
    # -- Runs "falcoctl artifact install" command as an init container. It is used to install artfacts before
    # Falco starts. It provides them to Falco by using an emptyDir volume.
@ -522,8 +584,8 @@ falcoctl:
    # -- List of indexes that falcoctl downloads and uses to locate and download artiafcts. For more info see:
    # https://github.com/falcosecurity/falcoctl/blob/main/proposals/20220916-rules-and-plugin-distribution.md#index-file-overview
    indexes:
-    - name: falcosecurity
-      url: https://falcosecurity.github.io/falcoctl/index.yaml
+      - name: falcosecurity
+        url: https://falcosecurity.github.io/falcoctl/index.yaml
    # -- Configuration used by the artifact commands.
    artifact:
      # -- List of artifact types that falcoctl will handle. If the configured refs resolves to an artifact whose type is not contained
@ -535,7 +597,7 @@ falcoctl:
        # -- Resolve the dependencies for artifacts.
        resolveDeps: true
        # -- List of artifacts to be installed by the falcoctl init container.
-        refs: [falco-rules:3]
+        refs: [falco-rules:4]
        # -- Directory where the rulesfiles are saved. The path is relative to the container, which in this case is an emptyDir
        # mounted also by the Falco pod.
        rulesfilesDir: /rulesfiles
@ -543,7 +605,7 @@ falcoctl:
        pluginsDir: /plugins
      follow:
        # -- List of artifacts to be followed by the falcoctl sidecar container.
-        refs: [falco-rules:3]
+        refs: [falco-rules:4]
        # -- How often the tool checks for new versions of the followed artifacts.
        every: 6h
        # -- HTTP endpoint that serves the api versions of the Falco instance. It is used to check if the new versions are compatible
@ -578,7 +640,8 @@ serviceMonitor:
  # scraping metrics from a service. It allows you to define the details of the TLS connection, such as
  # CA certificate, client certificate, and client key. Currently, the k8s-metacollector does not support
  # TLS configuration for the metrics endpoint.
-  tlsConfig: {}
+  tlsConfig:
+    {}
    # insecureSkipVerify: false
    # caFile: /path/to/ca.crt
    # certFile: /path/to/client.crt
@ -704,7 +767,6 @@ falco:

  rule_matching: first

-
  # [Incubating] `outputs_queue`
  #
  # -- Falco utilizes tbb::concurrent_bounded_queue for handling outputs, and this parameter
@ -726,7 +788,6 @@ falco:
  outputs_queue:
    capacity: 0

-
  #################
  # Falco plugins #
  #################
@ -799,8 +860,30 @@ falco:
  # Also, nested include is not allowed, ie: included config files won't be able to include other config files.
  #
  # Like for 'rules_files', specifying a folder will load all the configs files present in it in a lexicographical order.
+  #
+  # 3 merge-strategies are available:
+  # `append` (default):
+  #   * existing sequence keys will be appended
+  #   * existing scalar keys will be overridden
+  #   * non-existing keys will be added
+  # `override`:
+  #   * existing keys will be overridden
+  #   * non-existing keys will be added
+  # `add-only`:
+  #   * existing keys will be ignored
+  #   * non-existing keys will be added
+  #
+  # Each item on the list can be either a yaml map or a simple string.
+  # The simple string will be interpreted as the config file path, and the `append` merge-strategy will be enforced.
+  # When the item is a yaml map instead, it will be of the form: `   path: foo\n   strategy: X`.
+  # When `strategy` is omitted, once again `append` is used.
+  #
+  # When a merge-strategy is enabled for a folder entry, all the included config files will use that merge-strategy.
  config_files:
    - /etc/falco/config.d
+  # Example of config file specified as yaml map with strategy made explicit.
+  # - path: $HOME/falco_local_configs/
+  #  strategy: add-only

  # [Stable] `watch_config_files`
  #
@ -870,6 +953,13 @@ falco:
  # information.
  json_include_message_property: false

+  # [Incubating] `json_include_output_fields_property`
+  #
+  # When using JSON output in Falco, you have the option to include the individual
+  # output fields for easier access. To reduce the logging volume, it is recommended
+  # to turn it off if it's not necessary for your use case.
+  json_include_output_fields_property: true
+
  # [Stable] `buffered_outputs`
  #
  # -- Enabling buffering for the output queue can offer performance optimization,
@ -903,6 +993,7 @@ falco:
  #             affect the regular Falco message in any way. These can be specified as a
  #             custom name with a custom format or as any supported field
  #             (see: https://falco.org/docs/reference/rules/supported-fields/)
+  #   `suggested_output`: enable the use of extractor plugins suggested fields for the matching source output.
  #
  # Example:
  #
@ -918,8 +1009,13 @@ falco:
  # at the end telling the CPU number. In addition, if `json_output` is true, in the "output_fields"
  # property you will find three new ones: "evt.cpu", "home_directory" which will contain the value of the
  # environment variable $HOME, and "evt.hostname" which will contain the hostname.
-  append_output: []

+  # By default, we enable suggested_output for any source.
+  # This means that any extractor plugin that indicates some of its fields
+  # as suggested output formats, will see these fields in the output
+  # in the form "foo_bar=$foo.bar"
+  append_output:
+    - suggested_output: true

  ##########################
  # Falco outputs channels #
@ -984,6 +1080,8 @@ falco:
    compress_uploads: false
    # -- keep_alive whether to keep alive the connection.
    keep_alive: false
+    # Maximum consecutive timeouts of libcurl to ignore
+    max_consecutive_timeouts: 5

  # [Stable] `program_output`
  #
@ -1146,8 +1244,8 @@ falco:
  # "alert", "critical", "error", "warning", "notice", "info", "debug". It is not
  # recommended for production use.
  libs_logger:
-    enabled: false
-    severity: debug
+    enabled: true
+    severity: info

  #################################################################################
  # Falco logging / alerting / metrics related to software functioning (advanced) #
@ -1412,7 +1510,6 @@ falco:
    include_empty_values: false
    kernel_event_counters_per_cpu_enabled: false

-
  #######################################
  # Falco performance tuning (advanced) #
  #######################################
@ -1532,7 +1629,6 @@ falco:
    custom_set: []
    repair: false

-
  ##############
  # Falco libs #
  ##############
@ -1556,33 +1652,48 @@ falco:
  falco_libs:
    thread_table_size: 262144

-  # [Stable] Guidance for Kubernetes container engine command-line args settings
+  # [Incubating] `container_engines`
  #
-  # Modern cloud environments, particularly Kubernetes, heavily rely on
-  # containerized workload deployments. When capturing events with Falco, it
-  # becomes essential to identify the owner of the workload for which events are
-  # being captured, such as syscall events. Falco integrates with the container
-  # runtime to enrich its events with container information, including fields like
-  # `container.image.repository`, `container.image.tag`, ... , `k8s.ns.name`,
-  # `k8s.pod.name`, `k8s.pod.*` in the Falco output (Falco retrieves Kubernetes
-  # namespace and pod name directly from the container runtime, see
-  # https://falco.org/docs/reference/rules/supported-fields/#field-class-container).
+  # This option allows you to explicitly enable or disable API lookups against container
+  # runtime sockets for each supported container runtime.
+  # Access to these sockets enables Falco to retrieve container and Kubernetes fields,
+  # helping identify workload owners in modern containerized environments.
+  # Refer to the fields docs:
  #
-  # Furthermore, Falco exposes container events themselves as a data source for
-  # alerting. To achieve this integration with the container runtime, Falco
-  # requires access to the runtime socket. By default, for Kubernetes, Falco
-  # attempts to connect to the following sockets:
-  # "/run/containerd/containerd.sock", "/run/crio/crio.sock",
-  # "/run/k3s/containerd/containerd.sock". If you have a custom path, you can use
-  # the `--cri` option to specify the correct location.
+  # - [Kubernetes fields](https://falco.org/docs/reference/rules/supported-fields/#field-class-k8s)
+  # - [Container fields](https://falco.org/docs/reference/rules/supported-fields/#container)
  #
-  # In some cases, you may encounter empty fields for container metadata. To
-  # address this, you can explore the `--disable-cri-async` option, which disables
-  # asynchronous fetching if the fetch operation is not completing quickly enough.
+  # Additionally, Falco can use container events as a data source for alerting (evt.type = container).
  #
-  # To get more information on these command-line arguments, you can run `falco
-  # --help` in your terminal to view their current descriptions.
+  # For most container engines, you can solely enable or disable them, and Falco will search the
+  # default (hard-coded) container runtime socket paths, such as `/var/run/docker.sock` for Docker.
  #
-  # !!! The options mentioned here are not available in the falco.yaml
-  # configuration file. Instead, they can can be used as a command-line argument
-  # when running the Falco command.
+  # However, for Kubernetes settings, you can customize the CRI socket paths:
+  #
+  # - `container_engines.cri.sockets`: Pass a list of container runtime sockets.
+  # - `container_engines.cri.disable_async`: Since API lookups may not always be quick or
+  # perfect, resulting in empty fields for container metadata, you can use this option option
+  # to disable asynchronous fetching. Note that missing fields may still occasionally occur.
+
+  # Please use the collectors section to configure the container engines.
+
+  container_engines:
+    docker:
+      enabled: false
+    cri:
+      enabled: false
+      sockets:
+        [
+          "/run/containerd/containerd.sock",
+          "/run/crio/crio.sock",
+          "/run/k3s/containerd/containerd.sock",
+        ]
+      disable_async: false
+    podman:
+      enabled: false
+    lxc:
+      enabled: false
+    libvirt_lxc:
+      enabled: false
+    bpm:
+      enabled: false
--- a/charts/falcosidekick/CHANGELOG.md
+++ b/charts/falcosidekick/CHANGELOG.md
@ -5,6 +5,58 @@ numbering uses [semantic versioning](http://semver.org).

 Before release 0.1.20, the helm chart can be found in `falcosidekick` [repository](https://github.com/falcosecurity/falcosidekick/tree/master/deploy/helm/falcosidekick).

+## 0.10.2
+
+- Add type information to `volumeClaimTemplates`.
+
+## 0.10.1
+
+- Add an "or" condition for `configmap-ui`
+
+## 0.10.0
+
+- Add new features to the Loki dashboard
+
+## 0.9.11
+
+- Add `customtags` setting
+
+## 0.9.10
+
+- Fix missing values in the README
+
+## 0.9.9
+
+- Added Azure Workload Identity for Falcosidekick
+
+## 0.9.8
+
+- Ugrade to Falcosidekick 2.31.1 (fix last release)
+
+## 0.9.7
+
+- Ugrade to Falcosidekick 2.31.1
+
+## 0.9.6
+
+- Ugrade to Falcosidekick 2.31.0
+
+## 0.9.5
+
+- Move the `prometheus.io/scrape` annotation to the default values, to allow overrides.
+
+## 0.9.4
+
+- Fix Prometheus metrics names in Prometheus Rule
+
+## 0.9.3
+
+- Add a Grafana dashboard for the Prometheus metrics
+
+## 0.9.2
+
+- Add new dashboard with Loki
+
 ## 0.9.1

 - Ugrade to Falcosidekick 2.30.0
--- a/charts/falcosidekick/Chart.yaml
+++ b/charts/falcosidekick/Chart.yaml
@ -1,9 +1,9 @@
 apiVersion: v1
-appVersion: 2.30.0
+appVersion: 2.31.1
 description: Connect Falco to your ecosystem
 icon: https://raw.githubusercontent.com/falcosecurity/falcosidekick/master/imgs/falcosidekick_color.png
 name: falcosidekick
-version: 0.9.1
+version: 0.10.2
 keywords:
  - monitoring
  - security
--- a/charts/falcosidekick/README.md
+++ b/charts/falcosidekick/README.md
@ -222,6 +222,7 @@ The following table lists the main configurable parameters of the Falcosidekick
 | config.azure.podIdentityName | string | `""` | Azure Identity name |
 | config.azure.resourceGroupName | string | `""` | Azure Resource Group name |
 | config.azure.subscriptionID | string | `""` | Azure Subscription ID |
+| config.azure.workloadIdentityClientID | string | `""` | Azure Workload Identity Client ID |
 | config.bracketreplacer | string | `""` | if not empty, the brackets in keys of Output Fields are replaced |
 | config.cliq.icon | string | `""` | Cliq icon (avatar) |
 | config.cliq.messageformat | string | `""` | a Go template to format Google Chat Text above Attachment, displayed in addition to the output from `cliq.outputformat`. If empty, no Text is displayed before sections. |
@ -233,6 +234,7 @@ The following table lists the main configurable parameters of the Falcosidekick
 | config.cloudevents.extension | string | `""` | Extensions to add in the outbound Event, useful for routing |
 | config.cloudevents.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` |
 | config.customfields | string | `""` | a list of escaped comma separated custom fields to add to falco events, syntax is "key:value\,key:value" |
+| config.customtags | string | `""` | a list of escaped comma separated custom tags to add to falco events, syntax is "tag\,tag" |
 | config.datadog.apikey | string | `""` | Datadog API Key, if not `empty`, Datadog output is *enabled* |
 | config.datadog.host | string | `""` | Datadog host. Override if you are on the Datadog EU site. Defaults to american site with "<https://api.datadoghq.com>" |
 | config.datadog.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` |
@ -358,6 +360,13 @@ The following table lists the main configurable parameters of the Falcosidekick
 | config.loki.customheaders | string | `""` | a list of comma separated custom headers to add, syntax is "key:value,key:value" |
 | config.loki.endpoint | string | `"/loki/api/v1/push"` | Loki endpoint URL path, more info: <https://grafana.com/docs/loki/latest/api/#post-apiprompush> |
 | config.loki.extralabels | string | `""` | comma separated list of fields to use as labels additionally to rule, source, priority, tags and custom_fields |
+| config.loki.format | string | `"text"` | Format for the log entry value: json, text (default) |
+| config.loki.grafanaDashboard | object | `{"configMap":{"folder":"","name":"falcosidekick-loki-dashboard-grafana","namespace":""},"enabled":true}` | dashboard for Grafana |
+| config.loki.grafanaDashboard.configMap | object | `{"folder":"","name":"falcosidekick-loki-dashboard-grafana","namespace":""}` | configmaps to be deployed that contain a grafana dashboard. |
+| config.loki.grafanaDashboard.configMap.folder | string | `""` | folder where the dashboard is stored by grafana. |
+| config.loki.grafanaDashboard.configMap.name | string | `"falcosidekick-loki-dashboard-grafana"` | name specifies the name for the configmap. |
+| config.loki.grafanaDashboard.configMap.namespace | string | `""` | namespace specifies the namespace for the configmap. |
+| config.loki.grafanaDashboard.enabled | bool | `true` | enabled specifies whether this dashboard should be deployed. |
 | config.loki.hostport | string | `""` | Loki <http://host:port>, if not `empty`, Loki is *enabled* |
 | config.loki.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` |
 | config.loki.mutualtls | bool | `false` | if true, checkcert flag will be ignored (server cert will always be checked) |
@ -395,6 +404,7 @@ The following table lists the main configurable parameters of the Falcosidekick
 | config.nats.hostport | string | `""` | NATS "nats://host:port", if not `empty`, NATS is *enabled* |
 | config.nats.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` |
 | config.nats.mutualtls | bool | `false` | if true, checkcert flag will be ignored (server cert will always be checked) |
+| config.nats.subjecttemplate | string | `"falco.<priority>.<rule>"` | template for the subject, tokens <priority> and <rule> will be automatically replaced (default: falco.<priority>.<rule>) |
 | config.nodered.address | string | `""` | Node-RED address, if not empty, Node-RED output is enabled |
 | config.nodered.checkcert | bool | `true` | check if ssl certificate of the output is valid |
 | config.nodered.customheaders | string | `""` | Custom headers to add in POST, useful for Authentication, syntax is "key:value\,key:value" |
@ -508,6 +518,7 @@ The following table lists the main configurable parameters of the Falcosidekick
 | config.stan.hostport | string | `""` | Stan nats://{domain or ip}:{port}, if not empty, STAN output is *enabled* |
 | config.stan.minimumpriority | string | `""` | minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""` |
 | config.stan.mutualtls | bool | `false` | if true, checkcert flag will be ignored (server cert will always be checked) |
+| config.stan.subjecttemplate | string | `"falco.<priority>.<rule>"` | template for the subject, tokens <priority> and <rule> will be automatically replaced (default: falco.<priority>.<rule>) |
 | config.statsd.forwarder | string | `""` | The address for the StatsD forwarder, in the form <http://host:port>, if not empty StatsD is *enabled* |
 | config.statsd.namespace | string | `"falcosidekick."` | A prefix for all metrics |
 | config.sumologic.checkcert | bool | `true` | check if ssl certificate of the output is valid (default: true) |
@ -593,11 +604,19 @@ The following table lists the main configurable parameters of the Falcosidekick
 | extraVolumeMounts | list | `[]` | Extra volume mounts for sidekick deployment |
 | extraVolumes | list | `[]` | Extra volumes for sidekick deployment |
 | fullnameOverride | string | `""` | Override the name |
-| image | object | `{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"falcosecurity/falcosidekick","tag":"2.30.0"}` | number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10) revisionHistoryLimit: 1 |
+| grafana | object | `{"dashboards":{"configMaps":{"falcosidekick":{"folder":"","name":"falcosidekick-grafana-dashboard","namespace":""}},"enabled":false}}` | grafana contains the configuration related to grafana. |
+| grafana.dashboards | object | `{"configMaps":{"falcosidekick":{"folder":"","name":"falcosidekick-grafana-dashboard","namespace":""}},"enabled":false}` | dashboards contains configuration for grafana dashboards. |
+| grafana.dashboards.configMaps | object | `{"falcosidekick":{"folder":"","name":"falcosidekick-grafana-dashboard","namespace":""}}` | configmaps to be deployed that contain a grafana dashboard. |
+| grafana.dashboards.configMaps.falcosidekick | object | `{"folder":"","name":"falcosidekick-grafana-dashboard","namespace":""}` | falcosidekick contains the configuration for falcosidekick's dashboard. |
+| grafana.dashboards.configMaps.falcosidekick.folder | string | `""` | folder where the dashboard is stored by grafana. |
+| grafana.dashboards.configMaps.falcosidekick.name | string | `"falcosidekick-grafana-dashboard"` | name specifies the name for the configmap. |
+| grafana.dashboards.configMaps.falcosidekick.namespace | string | `""` | namespace specifies the namespace for the configmap. |
+| grafana.dashboards.enabled | bool | `false` | enabled specifies whether the dashboards should be deployed. |
+| image | object | `{"pullPolicy":"IfNotPresent","registry":"docker.io","repository":"falcosecurity/falcosidekick","tag":"2.31.1"}` | number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10) revisionHistoryLimit: 1 |
 | image.pullPolicy | string | `"IfNotPresent"` | The image pull policy |
 | image.registry | string | `"docker.io"` | The image registry to pull from |
 | image.repository | string | `"falcosecurity/falcosidekick"` | The image repository to pull from |
-| image.tag | string | `"2.30.0"` | The image tag to pull |
+| image.tag | string | `"2.31.1"` | The image tag to pull |
 | imagePullSecrets | list | `[]` | Secrets for the registry |
 | ingress.annotations | object | `{}` | Ingress annotations |
 | ingress.enabled | bool | `false` | Whether to create the ingress |
@ -635,7 +654,7 @@ The following table lists the main configurable parameters of the Falcosidekick
 | replicaCount | int | `2` | number of running pods |
 | resources | object | `{}` | The resources for falcosdekick pods |
 | securityContext | object | `{}` | Sidekick container securityContext |
-| service.annotations | object | `{}` | Service annotations |
+| service.annotations | object | `{"prometheus.io/scrape":"true"}` | Service annotations |
 | service.port | int | `2801` | Service port |
 | service.type | string | `"ClusterIP"` | Service type |
 | serviceMonitor.additionalLabels | object | `{}` | specify Additional labels to be added on the Service Monitor. |
--- a/charts/falcosidekick/dashboards/falcosidekick-grafana-dashboard.json
+++ b/charts/falcosidekick/dashboards/falcosidekick-grafana-dashboard.json
--- a/charts/falcosidekick/dashboards/falcosidekick-loki-dashboard.json
+++ b/charts/falcosidekick/dashboards/falcosidekick-loki-dashboard.json
@ -0,0 +1,714 @@
+{
+  "annotations": {
+    "list": [
+      {
+        "builtIn": 1,
+        "datasource": {
+          "type": "grafana",
+          "uid": "-- Grafana --"
+        },
+        "enable": true,
+        "hide": true,
+        "iconColor": "rgba(0, 211, 255, 1)",
+        "name": "Annotations & Alerts",
+        "type": "dashboard"
+      }
+    ]
+  },
+  "editable": true,
+  "fiscalYearStartMonth": 0,
+  "graphTooltip": 0,
+  "id": 5,
+  "links": [],
+  "panels": [
+    {
+      "datasource": {
+        "default": false,
+        "type": "loki",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            }
+          },
+          "mappings": []
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 0,
+        "y": 0
+      },
+      "id": 1,
+      "options": {
+        "legend": {
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "pieType": "pie",
+        "reduceOptions": {
+          "calcs": [
+            "sum"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "11.2.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "loki",
+            "uid": "${datasource}"
+          },
+          "editorMode": "builder",
+          "expr": "count by(priority) (rate({priority=~\".+\"} | logfmt | k8s_ns =~ `$namespace` | priority =~ `$priority` [$__auto]))",
+          "legendFormat": "{{priority}}",
+          "queryType": "range",
+          "refId": "A"
+        }
+      ],
+      "title": "Priority counts",
+      "type": "piechart"
+    },
+    {
+      "datasource": {
+        "default": false,
+        "type": "loki",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            }
+          },
+          "mappings": []
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 12,
+        "y": 0
+      },
+      "id": 2,
+      "options": {
+        "displayLabels": [
+          "value",
+          "percent"
+        ],
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true,
+          "values": []
+        },
+        "pieType": "pie",
+        "reduceOptions": {
+          "calcs": [
+            "sum"
+          ],
+          "fields": "",
+          "values": false
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "pluginVersion": "11.2.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "loki",
+            "uid": "${datasource}"
+          },
+          "editorMode": "builder",
+          "expr": "count by(rule) (rate({priority=~\".+\", rule!=\"Falco internal: metrics snapshot\"} | logfmt | k8s_ns =~ `$namespace` | priority =~ `$priority` [$__auto]))",
+          "legendFormat": "{{priority}}",
+          "queryType": "range",
+          "refId": "A"
+        }
+      ],
+      "title": "Rules counts",
+      "type": "piechart"
+    },
+    {
+      "datasource": {
+        "default": false,
+        "type": "loki",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "thresholds"
+          },
+          "custom": {
+            "align": "left",
+            "cellOptions": {
+              "type": "auto",
+              "wrapText": false
+            },
+            "filterable": true,
+            "inspect": false
+          },
+          "mappings": [],
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green",
+                "value": null
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          }
+        },
+        "overrides": [
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Value #A"
+            },
+            "properties": [
+              {
+                "id": "displayName",
+                "value": "Number of Messages"
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "Time"
+            },
+            "properties": [
+              {
+                "id": "custom.hidden",
+                "value": true
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "k8s_ns"
+            },
+            "properties": [
+              {
+                "id": "custom.width",
+                "value": 96
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "priority"
+            },
+            "properties": [
+              {
+                "id": "custom.width",
+                "value": 91
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "rule"
+            },
+            "properties": [
+              {
+                "id": "custom.width",
+                "value": 450
+              }
+            ]
+          },
+          {
+            "matcher": {
+              "id": "byName",
+              "options": "k8s_pod_name"
+            },
+            "properties": [
+              {
+                "id": "custom.width",
+                "value": 184
+              }
+            ]
+          }
+        ]
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 24,
+        "x": 0,
+        "y": 8
+      },
+      "id": 5,
+      "options": {
+        "cellHeight": "sm",
+        "footer": {
+          "countRows": false,
+          "enablePagination": false,
+          "fields": "",
+          "reducer": [
+            "last"
+          ],
+          "show": false
+        },
+        "showHeader": true,
+        "sortBy": [
+          {
+            "desc": false,
+            "displayName": "k8s_pod_name"
+          }
+        ]
+      },
+      "pluginVersion": "11.2.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "loki",
+            "uid": "${datasource}"
+          },
+          "editorMode": "builder",
+          "expr": "count by(k8s_pod_name, rule, priority, k8s_ns) (rate({priority=~\".+\"} | logfmt | k8s_ns =~ `$namespace` | priority =~ `$priority` [$__auto]))",
+          "legendFormat": "",
+          "queryType": "instant",
+          "refId": "A"
+        }
+      ],
+      "transformations": [
+        {
+          "id": "sortBy",
+          "options": {
+            "fields": {},
+            "sort": [
+              {
+                "desc": true,
+                "field": "Value #A"
+              }
+            ]
+          }
+        }
+      ],
+      "type": "table"
+    },
+    {
+      "datasource": {
+        "default": false,
+        "type": "loki",
+        "uid": "${datasource}"
+      },
+      "gridPos": {
+        "h": 7,
+        "w": 24,
+        "x": 0,
+        "y": 16
+      },
+      "id": 6,
+      "options": {
+        "dedupStrategy": "none",
+        "enableLogDetails": true,
+        "prettifyLogMessage": false,
+        "showCommonLabels": false,
+        "showLabels": false,
+        "showTime": false,
+        "sortOrder": "Descending",
+        "wrapLogMessage": false
+      },
+      "pluginVersion": "11.2.0",
+      "targets": [
+        {
+          "datasource": {
+            "type": "loki",
+            "uid": "${datasource}"
+          },
+          "direction": "backward",
+          "editorMode": "builder",
+          "expr": "{priority=~\".+\"} |= `$line_filter` | logfmt | k8s_ns =~ `$namespace` | priority =~ `$priority`",
+          "queryType": "range",
+          "refId": "A"
+        }
+      ],
+      "title": "Realtime logs",
+      "type": "logs"
+    },
+    {
+      "datasource": {
+        "default": false,
+        "type": "loki",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 100,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "stepBefore",
+            "lineStyle": {
+              "fill": "solid"
+            },
+            "lineWidth": 1,
+            "pointSize": 4,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "normal"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "fieldMinMax": false,
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 0,
+        "y": 23
+      },
+      "id": 7,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "loki",
+            "uid": "loki"
+          },
+          "editorMode": "builder",
+          "expr": "count by(priority) (rate({priority=~\".+\"} | logfmt | k8s_ns =~ `$namespace` | priority =~ `$priority` [1m]))",
+          "legendFormat": "{{priority}}",
+          "queryType": "range",
+          "refId": "A"
+        }
+      ],
+      "title": "Priorities Rates",
+      "type": "timeseries"
+    },
+    {
+      "datasource": {
+        "default": false,
+        "type": "loki",
+        "uid": "${datasource}"
+      },
+      "fieldConfig": {
+        "defaults": {
+          "color": {
+            "mode": "palette-classic"
+          },
+          "custom": {
+            "axisBorderShow": false,
+            "axisCenteredZero": false,
+            "axisColorMode": "text",
+            "axisLabel": "",
+            "axisPlacement": "auto",
+            "barAlignment": 0,
+            "barWidthFactor": 0.6,
+            "drawStyle": "line",
+            "fillOpacity": 100,
+            "gradientMode": "none",
+            "hideFrom": {
+              "legend": false,
+              "tooltip": false,
+              "viz": false
+            },
+            "insertNulls": false,
+            "lineInterpolation": "stepBefore",
+            "lineStyle": {
+              "fill": "solid"
+            },
+            "lineWidth": 1,
+            "pointSize": 4,
+            "scaleDistribution": {
+              "type": "linear"
+            },
+            "showPoints": "auto",
+            "spanNulls": false,
+            "stacking": {
+              "group": "A",
+              "mode": "normal"
+            },
+            "thresholdsStyle": {
+              "mode": "off"
+            }
+          },
+          "fieldMinMax": false,
+          "mappings": [],
+          "min": 0,
+          "thresholds": {
+            "mode": "absolute",
+            "steps": [
+              {
+                "color": "green"
+              },
+              {
+                "color": "red",
+                "value": 80
+              }
+            ]
+          },
+          "unit": "none"
+        },
+        "overrides": []
+      },
+      "gridPos": {
+        "h": 8,
+        "w": 12,
+        "x": 12,
+        "y": 23
+      },
+      "id": 8,
+      "options": {
+        "legend": {
+          "calcs": [],
+          "displayMode": "list",
+          "placement": "bottom",
+          "showLegend": true
+        },
+        "tooltip": {
+          "mode": "single",
+          "sort": "none"
+        }
+      },
+      "targets": [
+        {
+          "datasource": {
+            "type": "loki",
+            "uid": "loki"
+          },
+          "editorMode": "builder",
+          "expr": "count by(rule) (rate({priority=~\".+\"} | logfmt | k8s_ns =~ `$namespace` | priority =~ `$priority` [1m]))",
+          "legendFormat": "{{priority}}",
+          "queryType": "range",
+          "refId": "A"
+        }
+      ],
+      "title": "Rules Rates",
+      "type": "timeseries"
+    }
+  ],
+  "refresh": "auto",
+  "schemaVersion": 39,
+  "tags": [],
+  "templating": {
+    "list": [
+      {
+        "allValue": "",
+        "current": {
+          "selected": true,
+          "text": [
+            "arr",
+            "core",
+            "falco",
+            "kube-system",
+            "media",
+            "monitoring",
+            "rook",
+            "rook-cluster",
+            "storage",
+            "utilities",
+            "webs"
+          ],
+          "value": [
+            "arr",
+            "core",
+            "falco",
+            "kube-system",
+            "media",
+            "monitoring",
+            "rook",
+            "rook-cluster",
+            "storage",
+            "utilities",
+            "webs"
+          ]
+        },
+        "datasource": {
+          "type": "loki",
+          "uid": "${datasource}"
+        },
+        "definition": "",
+        "description": "",
+        "hide": 0,
+        "includeAll": false,
+        "label": "namespace",
+        "multi": true,
+        "name": "namespace",
+        "options": [],
+        "query": {
+          "label": "namespace",
+          "refId": "LokiVariableQueryEditor-VariableQuery",
+          "stream": "",
+          "type": 1
+        },
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 0,
+        "type": "query"
+      },
+      {
+        "current": {
+          "selected": false,
+          "text": "Loki",
+          "value": "loki"
+        },
+        "hide": 0,
+        "includeAll": false,
+        "label": "datasource",
+        "multi": false,
+        "name": "datasource",
+        "options": [],
+        "query": "loki",
+        "queryValue": "",
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "type": "datasource"
+      },
+      {
+        "current": {
+          "selected": true,
+          "text": [
+            "Critical"
+          ],
+          "value": [
+            "Critical"
+          ]
+        },
+        "datasource": {
+          "type": "loki",
+          "uid": "${datasource}"
+        },
+        "definition": "",
+        "hide": 0,
+        "includeAll": true,
+        "label": "priority",
+        "multi": true,
+        "name": "priority",
+        "options": [],
+        "query": {
+          "label": "priority",
+          "refId": "LokiVariableQueryEditor-VariableQuery",
+          "stream": "",
+          "type": 1
+        },
+        "refresh": 1,
+        "regex": "",
+        "skipUrlSync": false,
+        "sort": 0,
+        "type": "query"
+      },
+      {
+        "current": {
+          "selected": false,
+          "text": "",
+          "value": ""
+        },
+        "description": "Text to filter lines",
+        "hide": 0,
+        "label": "line_filter",
+        "name": "line_filter",
+        "options": [
+          {
+            "selected": true,
+            "text": "",
+            "value": ""
+          }
+        ],
+        "query": "",
+        "skipUrlSync": false,
+        "type": "textbox"
+      }
+    ]
+  },
+  "time": {
+    "from": "now-24h",
+    "to": "now"
+  },
+  "timepicker": {},
+  "timezone": "browser",
+  "title": "Falco logs",
+  "uid": "de6ixj4nl1kowc",
+  "version": 2,
+  "weekStart": ""
+}
--- a/charts/falcosidekick/templates/configmap-grafana-dashboard.yaml
+++ b/charts/falcosidekick/templates/configmap-grafana-dashboard.yaml
@ -0,0 +1,28 @@
+{{- if .Values.grafana.dashboards.enabled -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.grafana.dashboards.configMaps.falcosidekick.name }}
+  {{ if .Values.grafana.dashboards.configMaps.falcosidekick.namespace }}
+  namespace: {{ .Values.grafana.dashboards.configMaps.falcosidekick.namespace }}
+  {{- else -}}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "falcosidekick.labels" . | nindent 4 }}
+    grafana_dashboard: "1"
+    {{- with .Values.customLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+  annotations:
+    {{- if .Values.grafana.dashboards.configMaps.falcosidekick.folder }}
+    k8s-sidecar-target-directory: /tmp/dashboards/{{ .Values.grafana.dashboards.configMaps.falcosidekick.folder}}
+    grafana_dashboard_folder: {{ .Values.grafana.dashboards.configMaps.falcosidekick.folder }}
+    {{- end }}
+    {{- with .Values.customAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+data:
+  falco-dashboard.json: |-
+    {{- .Files.Get "dashboards/falcosidekick-grafana-dashboard.json" | nindent 4 }}
+ {{- end -}}
--- a/charts/falcosidekick/templates/configmap-ui.yaml
+++ b/charts/falcosidekick/templates/configmap-ui.yaml
@ -1,4 +1,4 @@
-{{- if and (.Values.webui.enabled) (.Values.webui.redis.enabled) -}}
+{{- if and (.Values.webui.enabled) (or (.Values.webui.redis.enabled) (.Values.webui.externalRedis.enabled)) -}}
 ---
 apiVersion: v1
 kind: ConfigMap
--- a/charts/falcosidekick/templates/deployment-ui.yaml
+++ b/charts/falcosidekick/templates/deployment-ui.yaml
@ -276,7 +276,9 @@ spec:
      {{ end }}
  {{- if .Values.webui.redis.storageEnabled }}
  volumeClaimTemplates:
-    - metadata:
+    - apiVersion: v1
+      kind: PersistentVolumeClaim
+      metadata:
        name: {{ include "falcosidekick.fullname" . }}-ui-redis-data
      spec:
        accessModes: [ "ReadWriteOnce" ]
--- a/charts/falcosidekick/templates/deployment.yaml
+++ b/charts/falcosidekick/templates/deployment.yaml
@ -31,6 +31,9 @@ spec:
        {{- if and .Values.config.azure.podIdentityClientID .Values.config.azure.podIdentityName }}
        aadpodidbinding: {{ include "falcosidekick.fullname" . }}
        {{- end }}
+        {{- if .Values.config.azure.workloadIdentityClientID }}
+        azure.workload.identity/use: "true"
+        {{- end }}
        {{- if .Values.podLabels }}
        {{ toYaml .Values.podLabels | nindent 8 }}
        {{- end }}
@ -109,6 +112,8 @@ spec:
              value: {{ .Values.config.customfields | quote }}
            - name: TEMPLATEDFIELDS
              value: {{ .Values.config.templatedfields | quote }}
+            - name: CUSTOMTAGS
+              value: {{ .Values.config.customtags | quote }}
            - name: OUTPUTFIELDFORMAT
              value: {{ .Values.config.outputFieldFormat | quote }}
            - name: BRACKETREPLACER
--- a/charts/falcosidekick/templates/falcosidekick-loki-dashboard-grafana.yaml
+++ b/charts/falcosidekick/templates/falcosidekick-loki-dashboard-grafana.yaml
@ -0,0 +1,22 @@
+{{- if .Values.config.loki.grafanaDashboard.enabled -}}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Values.config.loki.grafanaDashboard.configMap.name }}
+  {{ if .Values.config.loki.grafanaDashboard.configMap.namespace }}
+  namespace: {{ .Values.config.loki.grafanaDashboard.configMap.namespace }}
+  {{- else -}}
+  namespace: {{ .Release.Namespace }}
+  {{- end }}
+  labels:
+    {{- include "falcosidekick.labels" .  | nindent 4 }}
+    grafana_dashboard: "1"
+  {{- if .Values.config.loki.grafanaDashboard.configMap.folder }}
+  annotations:
+    k8s-sidecar-target-directory: /tmp/dashboards/{{ .Values.config.loki.grafanaDashboard.configMap.folder}}
+    grafana_dashboard_folder: {{ .Values.config.loki.grafanaDashboard.configMap.folder }}
+  {{- end }}
+data:
+  falcosidekick-loki-dashboard.json: |-
+    {{- .Files.Get "dashboards/falcosidekick-loki-dashboard.json" | nindent 4 }}
+ {{- end -}}
--- a/charts/falcosidekick/templates/prometheusrule.yaml
+++ b/charts/falcosidekick/templates/prometheusrule.yaml
@ -38,7 +38,7 @@ spec:
      annotations:
        summary: Falco is experiencing high rate of warning events
        description: A high rate of warning events are being detected by Falco
-      expr: rate(falco_events{priority="Warning"}[{{ .Values.prometheusRules.alerts.warning.rate_interval }}]) > {{ .Values.prometheusRules.alerts.warning.threshold }}
+      expr: rate(falcosecurity_falcosidekick_falco_events_total{priority_raw="warning"}[{{ .Values.prometheusRules.alerts.warning.rate_interval }}]) > {{ .Values.prometheusRules.alerts.warning.threshold }}
      for: 15m
      labels:
        severity: warning
@ -48,7 +48,7 @@ spec:
      annotations:
        summary: Falco is experiencing high rate of error events
        description: A high rate of error events are being detected by Falco
-      expr: rate(falco_events{priority="Error"}[{{ .Values.prometheusRules.alerts.error.rate_interval }}]) > {{ .Values.prometheusRules.alerts.error.threshold }}
+      expr: rate(falcosecurity_falcosidekick_falco_events_total{priority_raw="error"}[{{ .Values.prometheusRules.alerts.error.rate_interval }}]) > {{ .Values.prometheusRules.alerts.error.threshold }}
      for: 15m
      labels:
        severity: warning
@ -58,7 +58,7 @@ spec:
      annotations:
        summary: Falco is experiencing high rate of critical events
        description: A high rate of critical events are being detected by Falco
-      expr: rate(falco_events{priority="Critical"}[{{ .Values.prometheusRules.alerts.critical.rate_interval }}]) > {{ .Values.prometheusRules.alerts.critical.threshold }}
+      expr: rate(falcosecurity_falcosidekick_falco_events_total{priority_raw="critical"}[{{ .Values.prometheusRules.alerts.critical.rate_interval }}]) > {{ .Values.prometheusRules.alerts.critical.threshold }}
      for: 15m
      labels:
        severity: critical
@ -68,7 +68,7 @@ spec:
      annotations:
        summary: Falco is experiencing high rate of alert events
        description: A high rate of alert events are being detected by Falco
-      expr: rate(falco_events{priority="Alert"}[{{ .Values.prometheusRules.alerts.alert.rate_interval }}]) > {{ .Values.prometheusRules.alerts.alert.threshold }}
+      expr: rate(falcosecurity_falcosidekick_falco_events_total{priority_raw="alert"}[{{ .Values.prometheusRules.alerts.alert.rate_interval }}]) > {{ .Values.prometheusRules.alerts.alert.threshold }}
      for: 5m
      labels:
        severity: critical
@ -78,7 +78,7 @@ spec:
      annotations:
        summary: Falco is experiencing high rate of emergency events
        description: A high rate of emergency events are being detected by Falco
-      expr: rate(falco_events{priority="Emergency"}[{{ .Values.prometheusRules.alerts.emergency.rate_interval }}]) > {{ .Values.prometheusRules.alerts.emergency.threshold }}
+      expr: rate(falcosecurity_falcosidekick_falco_events_total{priority_raw="emergency"}[{{ .Values.prometheusRules.alerts.emergency.rate_interval }}]) > {{ .Values.prometheusRules.alerts.emergency.threshold }}
      for: 1m
      labels:
        severity: critical
@ -88,7 +88,7 @@ spec:
      annotations:
        summary: Falcosidekick is experiencing high rate of errors for an output
        description: A high rate of errors are being detecting for an output
-      expr: sum by (destination) (rate(falcosidekick_outputs{status="error"}[{{ .Values.prometheusRules.alerts.output.rate_interval }}])) > {{ .Values.prometheusRules.alerts.output.threshold }}
+      expr: sum by (destination) (rate(falcosecurity_falcosidekick_outputs_total{status="error"}[{{ .Values.prometheusRules.alerts.output.rate_interval }}])) > {{ .Values.prometheusRules.alerts.output.threshold }}
      for: 1m
      labels:
        severity: warning
--- a/charts/falcosidekick/templates/rbac.yaml
+++ b/charts/falcosidekick/templates/rbac.yaml
@ -4,6 +4,19 @@ kind: ServiceAccount
 metadata:
  name: {{ include "falcosidekick.fullname" . }}
  namespace: {{ .Release.Namespace }}
+  {{- if or .Values.config.azure.workloadIdentityClientID (and .Values.config.aws.useirsa .Values.config.aws.rolearn) }}
+  annotations:
+    {{- if .Values.config.azure.workloadIdentityClientID }}
+    azure.workload.identity/client-id: {{ .Values.config.azure.workloadIdentityClientID | quote }}
+    {{- end }}
+    {{- if and .Values.config.aws.useirsa .Values.config.aws.rolearn }}
+    {{- with .Values.customAnnotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+    eks.amazonaws.com/role-arn: {{ .Values.config.aws.rolearn | quote }}
+    {{- end }}
+  {{- end }}
+
  {{- if and .Values.config.aws.useirsa .Values.config.aws.rolearn }}
  labels:
    {{- include "falcosidekick.labels" . | nindent 4 }}
@ -11,11 +24,6 @@ metadata:
    {{- with .Values.customLabels }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
-  annotations:
-    {{- with .Values.customAnnotations }}
-    {{- toYaml . | nindent 4 }}
-    {{- end }}
-    eks.amazonaws.com/role-arn: {{ .Values.config.aws.rolearn }}
  {{- end }}
 ---
 apiVersion: rbac.authorization.k8s.io/v1
--- a/charts/falcosidekick/templates/secrets.yaml
+++ b/charts/falcosidekick/templates/secrets.yaml
@ -210,6 +210,7 @@ data:
  LOKI_USER: "{{ .Values.config.loki.user | b64enc }}"
  LOKI_APIKEY: "{{ .Values.config.loki.apikey | b64enc }}"
  LOKI_TENANT: "{{ .Values.config.loki.tenant | b64enc }}"
+  LOKI_FORMAT: "{{ .Values.config.loki.format | b64enc }}"
  LOKI_EXTRALABELS: "{{ .Values.config.loki.extralabels | b64enc }}"
  LOKI_CUSTOMHEADERS: "{{ .Values.config.loki.customheaders | b64enc }}"
  LOKI_MINIMUMPRIORITY: "{{ .Values.config.loki.minimumpriority | b64enc }}"
@ -221,6 +222,7 @@ data:

  # Nats Output
  NATS_HOSTPORT: "{{ .Values.config.nats.hostport | b64enc }}"
+  NATS_SUBJECTTEMPLATE: "{{ .Values.config.nats.subjecttemplate | b64enc }}"
  NATS_MINIMUMPRIORITY: "{{ .Values.config.nats.minimumpriority | b64enc }}"
  NATS_MUTUALTLS: "{{ .Values.config.nats.mutualtls | printf "%t" | b64enc }}"
  NATS_CHECKCERT: "{{ .Values.config.nats.checkcert | printf "%t" | b64enc }}"
@ -229,6 +231,7 @@ data:
  STAN_HOSTPORT: "{{ .Values.config.stan.hostport | b64enc }}"
  STAN_CLUSTERID: "{{ .Values.config.stan.clusterid | b64enc }}"
  STAN_CLIENTID: "{{ .Values.config.stan.clientid | b64enc }}"
+  STAN_SUBJECTTEMPLATE: "{{ .Values.config.stan.subjecttemplate | b64enc }}"
  STAN_MINIMUMPRIORITY: "{{ .Values.config.stan.minimumpriority | b64enc }}"
  STAN_MUTUALTLS: "{{ .Values.config.stan.mutualtls | printf "%t" | b64enc }}"
  STAN_CHECKCERT: "{{ .Values.config.stan.checkcert | printf "%t" | b64enc }}"
--- a/charts/falcosidekick/templates/service.yaml
+++ b/charts/falcosidekick/templates/service.yaml
@ -17,7 +17,6 @@ metadata:
    {{- with .Values.service.annotations }}
    {{- toYaml . | nindent 4 }}
    {{- end }}
-    prometheus.io/scrape: "true"
 spec:
  type: {{ .Values.service.type }}
  ports:
--- a/charts/falcosidekick/values.yaml
+++ b/charts/falcosidekick/values.yaml
@ -14,7 +14,7 @@ image:
  # -- The image repository to pull from
  repository: falcosecurity/falcosidekick
  # -- The image tag to pull
-  tag: 2.30.0
+  tag: 2.31.1
  # -- The image pull policy
  pullPolicy: IfNotPresent

@ -115,6 +115,23 @@ prometheusRules:
      threshold: 0
    additionalAlerts: {}

+# -- grafana contains the configuration related to grafana.
+grafana:
+  # -- dashboards contains configuration for grafana dashboards.
+  dashboards:
+    # -- enabled specifies whether the dashboards should be deployed.
+    enabled: false
+    # --configmaps to be deployed that contain a grafana dashboard.
+    configMaps:
+      # -- falcosidekick contains the configuration for falcosidekick's dashboard.
+      falcosidekick:
+        # -- name specifies the name for the configmap.
+        name: falcosidekick-grafana-dashboard
+        # -- namespace specifies the namespace for the configmap.
+        namespace: ""
+        # -- folder where the dashboard is stored by grafana.
+        folder: ""
+
 config:
  # -- Existing secret with configuration
  existingSecret: ""
@ -128,6 +145,8 @@ config:
  customfields: ""
  # -- a list of escaped comma separated Go templated fields to add to falco events, syntax is "key:template\,key:template"
  templatedfields: ""
+  # -- a list of escaped comma separated custom tags to add to falco events, syntax is "tag\,tag"
+  customtags: ""
  # -- if not empty, the brackets in keys of Output Fields are replaced
  bracketreplacer: ""
  # if not empty, allow to change the format of the output field. (example: "<timestamp>: <priority> <output> <custom_fields> <templated_fields>") (default: "<timestamp>: <priority> <output>")
@ -358,6 +377,8 @@ config:
    endpoint: "/loki/api/v1/push"
    # -- Loki tenant, if not `empty`, Loki tenant is *enabled*
    tenant: ""
+    # -- Format for the log entry value: json, text (default)
+    format: "text"
    # -- comma separated list of fields to use as labels additionally to rule, source, priority, tags and custom_fields
    extralabels: ""
    # -- a list of comma separated custom headers to add, syntax is "key:value,key:value"
@ -368,6 +389,18 @@ config:
    mutualtls: false
    # -- check if ssl certificate of the output is valid
    checkcert: true
+    # -- dashboard for Grafana
+    grafanaDashboard:
+      # -- enabled specifies whether this dashboard should be deployed.
+      enabled: true
+      # --configmaps to be deployed that contain a grafana dashboard.
+      configMap:
+        # -- name specifies the name for the configmap.
+        name: falcosidekick-loki-dashboard-grafana
+        # -- namespace specifies the namespace for the configmap.
+        namespace: ""
+        # -- folder where the dashboard is stored by grafana.
+        folder: ""

  prometheus:
    # -- comma separated list of fields to use as labels additionally to rule, source, priority, tags and custom_fields
@ -376,6 +409,8 @@ config:
  nats:
    # -- NATS "nats://host:port", if not `empty`, NATS is *enabled*
    hostport: ""
+    # -- template for the subject, tokens <priority> and <rule> will be automatically replaced (default: falco.<priority>.<rule>)
+    subjecttemplate: "falco.<priority>.<rule>"
    # -- minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""`
    minimumpriority: ""
    # -- if true, checkcert flag will be ignored (server cert will always be checked)
@ -390,6 +425,8 @@ config:
    clusterid: ""
    # -- Client ID, if not empty, STAN output is *enabled*
    clientid: ""
+    # -- template for the subject, tokens <priority> and <rule> will be automatically replaced (default: falco.<priority>.<rule>)
+    subjecttemplate: "falco.<priority>.<rule>"
    # -- minimum priority of event to use this output, order is `emergency\|alert\|critical\|error\|warning\|notice\|informational\|debug or ""`
    minimumpriority: ""
    # -- if true, checkcert flag will be ignored (server cert will always be checked)
@ -543,6 +580,8 @@ config:
    podIdentityClientID: ""
    # -- Azure Identity name
    podIdentityName: ""
+    # -- Azure Workload Identity Client ID
+    workloadIdentityClientID: ""
    eventHub:
      # -- Name of the space the Hub is in
      namespace: ""
@ -1089,7 +1128,8 @@ service:
  # -- Service port
  port: 2801
  # -- Service annotations
-  annotations: {}
+  annotations:
+    prometheus.io/scrape: "true"
    # networking.gke.io/load-balancer-type: Internal

 ingress:
--- a/cr.yaml
+++ b/cr.yaml
@ -0,0 +1,3 @@
+# Enable automatic generation of release notes using GitHubs release notes generator.
+# see: https://docs.github.com/en/repositories/releasing-projects-on-github/automatically-generated-release-notes
+generate-release-notes: true
--- a/go.mod
+++ b/go.mod
@ -1,6 +1,8 @@
 module github.com/falcosecurity/charts

-go 1.21.0
+go 1.23.0
+
+toolchain go1.23.4

 require (
 	github.com/gruntwork-io/terratest v0.46.8
@ -50,12 +52,12 @@ require (
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/urfave/cli v1.22.2 // indirect
-	golang.org/x/crypto v0.21.0 // indirect
-	golang.org/x/net v0.23.0 // indirect
+	golang.org/x/crypto v0.36.0 // indirect
+	golang.org/x/net v0.38.0 // indirect
 	golang.org/x/oauth2 v0.8.0 // indirect
-	golang.org/x/sys v0.18.0 // indirect
-	golang.org/x/term v0.18.0 // indirect
-	golang.org/x/text v0.14.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/term v0.30.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
 	golang.org/x/time v0.3.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/protobuf v1.33.0 // indirect
--- a/go.sum
+++ b/go.sum
@ -138,8 +138,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
-golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
-golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
@ -148,8 +148,8 @@ golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
 golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd/go.mod h1:CfG3xpIq0wQ8r1q4Su4UZFWDARRcnwPjda9FqA0JpMk=
-golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs=
-golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg=
+golang.org/x/net v0.38.0 h1:vRMAPTMaeGqVhG5QyLJHqNDwecKTomGeqbnfZyKlBI8=
+golang.org/x/net v0.38.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8=
 golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
 golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
 golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@ -163,25 +163,25 @@ golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
-golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
-golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
+golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y=
+golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
-golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
-golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
 golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
 golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
-golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y=
-golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d h1:vU5i/LfpvrRCpgM/VPfJLg5KjxD3E+hfT1SH+d9zLwg=
+golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
--- a/release.md
+++ b/release.md
@ -16,7 +16,7 @@ Thus, to trigger it, the following actions need to happen:

 > The approvers may differ depending on the chart. Please, refer to the `OWNERS` file under the specific chart directory.

-Once the CI has done its job, a new tag is live on [GitHub](https://github.com/falcosecurity/falco-exporter/releases), and the site [https://falcosecurity.github.io/charts](https://falcosecurity.github.io/charts) indexes the new chart version.
+Once the CI has done its job, a new tag is live on [GitHub](https://github.com/falcosecurity/charts/releases), and the site [https://falcosecurity.github.io/charts](https://falcosecurity.github.io/charts) indexes the new chart version.

 ## Automation explained