Highlights for the week ending Nov 16 2023
General
- Logging infrastructure is now available on AWS and CAPA management clusters.
- Loki and Promtail are deployed on AWS and CAPA management clusters
- You can query for following Logs:
- Kubernetes Pods
- Audit logs from Kubernetes API server
- Systemd units
- Logs retention is set to 1 month
- Only Management cluster Logs are available (for now)
- Access Logs using Grafana, see usage doc
Falco
Falco 0.7.0 is released. It means the underlying component version is higher than 0.36.0. The update contains falcoctl tool which helps to administrate Falco configuration and audit the state of the system. From now on Falco images will not be longer shipped with rules inside the image. Instead, they will use an init container to download the rules from an official repository and will check frequently for updates. As a consequence, the amount of rules Falco installs has drastically been lowered, and the previous ruleset has been divided into several categories, Standard, Incubating, and Sandbox. This reduces the noise in general but in case the previous ruleset is required, it is possible to enable this using the command line tool. For more information about the new situation, check Falco’s new rules repository.
