add highlights for 2023-11-16 (#1945)

* add highlights for 2023-10-26 * Add Falco to highlights * Update and rename 2023-10-26.md to 2023-11-16.md * Update src/content/changes/highlights/2023-11-16.md Co-authored-by: Théo Brigitte <[email protected]> * Update src/content/changes/highlights/2023-11-16.md Co-authored-by: Fernando Ripoll <[email protected]> * Apply suggestions from code review Co-authored-by: Théo Brigitte <[email protected]> * Update 2023-11-16.md change the layout --------- Co-authored-by: Stefan <[email protected]> Co-authored-by: Fernando Ripoll <[email protected]> Co-authored-by: Théo Brigitte <[email protected]>
giantswarm · Nov 16, 2023 · 321f75f · 321f75f
1 parent d438e4d
commit 321f75f
Showing 1 changed file with 23 additions and 0 deletions.
diff --git a/src/content/changes/highlights/2023-11-16.md b/src/content/changes/highlights/2023-11-16.md
@@ -0,0 +1,23 @@
+---
+date: 2023-11-16T14:00:00
+title: Highlights for the week ending Nov 16 2023
+changes_categories:
+  - Highlights
+owner:
+  - https://github.com/orgs/giantswarm/teams/sig-product
+---
+## General
+
+- Logging infrastructure is now available on AWS and CAPA management clusters.
+  - [Loki](https://github.com/giantswarm/loki-app/) and [Promtail](https://github.com/giantswarm/promtail-app/) are deployed on AWS and CAPA management clusters
+  - You can query for following Logs:
+    - Kubernetes Pods
+    - Audit logs from Kubernetes API server
+    - Systemd units
+  - Logs retention is set to 1 month
+  - Only Management cluster Logs are available (for now)
+  - Access Logs using Grafana, see [usage doc](https://handbook.giantswarm.io/docs/observability/loki-usage/)
+
+### Falco
+
+- [`Falco`](https://github.com/giantswarm/falco-app) [`0.7.0`](https://github.com/giantswarm/falco-app/releases/tag/v0.7.0) is released. It means the underlying component version is higher than `0.36.0`. The update contains [`falcoctl`](https://github.com/falcosecurity/falcoctl) tool which helps to administrate Falco configuration and audit the state of the system. From now on `Falco` images will not be longer shipped with rules inside the image. Instead, they will use an init container to download the rules from an official repository and will check frequently for updates. As a consequence, the amount of rules `Falco` installs has drastically been lowered, and the previous ruleset has been divided into several categories, `Standard`, `Incubating`, and `Sandbox`. This reduces the noise in general but in case the previous ruleset is required, it is possible to enable this using the command line tool. For more information about the new situation, check Falco's new [`rules repository`](https://github.com/falcosecurity/rules).