giantswarm · fhielpos · Feb 5, 2025 · Feb 4, 2025 · Feb 4, 2025 · Feb 4, 2025
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Changed
+
+- Update `Falco` to upstream version `0.40.0`
+
 ## [0.9.1] - 2024-10-23
 
 ### Changed

@@ -1,12 +1,15 @@
 dependencies:
 - name: falco
   repository: ""
-  version: 4.6.1
+  version: 4.19.0
 - name: falco-exporter
   repository: ""
-  version: 0.11.0
+  version: 0.12.1
 - name: falcosidekick
   repository: ""
-  version: 0.8.2
-digest: sha256:c3839c7fff0900ee484adea35efb0290893c46cc835ce75a946d26d352ead7f4
-generated: "2024-07-17T09:53:49.849810879Z"
+  version: 0.9.5
+- name: k8s-metacollector
+  repository: ""
+  version: 0.1.10
+digest: sha256:8842fd8f498047454bf2077ca28a2e49beeba96736d4dcdd6b875f54e3a07958
+generated: "2025-02-04T20:48:26.183961037Z"
@@ -1,22 +1,22 @@
 apiVersion: v2
-appVersion: 0.38.1
+appVersion: 0.40.0
 annotations:
   application.giantswarm.io/team: "shield"
   config.giantswarm.io/version: 1.x.x
   ui.giantswarm.io/logo: https://s.giantswarm.io/app-icons/falco/2/logo_dark.svg
 dependencies:
   - name: falco
     condition: falco.enabled
-    version: 4.6.1
+    version: 4.19.0
   - name: falco-exporter
     condition: falco-exporter.enabled
-    version: 0.11.0
+    version: 0.12.1
   - name: falcosidekick
     condition: falcosidekick.enabled
-    version: 0.8.2
+    version: 0.9.5
   - name: k8s-metacollector
     condition: k8s-metacollector.enabled
-    version: 0.1.8
+    version: 0.1.10
 description: A Helm chart for falco
 engine: gotpl
 home: https://github.com/giantswarm/falco-app

@@ -3,6 +3,14 @@
 This file documents all notable changes to `falco-exporter` Helm Chart. The release
 numbering uses [semantic versioning](http://semver.org).
 
+## v0.12.1
+
+* fix bug in 'for' for falco exporter prometheus rules
+
+## v0.12.0
+
+* make 'for' configurable for falco exporter prometheus rules
+
 ## v0.11.0
 
 * updated grafana dashboard

@@ -14,7 +14,7 @@ type: application
 
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.11.0
+version: 0.12.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.

@@ -70,7 +70,7 @@ helm install falco-exporter \
 
 ## Configuration
 
-The following table lists the main configurable parameters of the falco-exporter chart v0.11.0 and their default values. Please, refer to [values.yaml](./values.yaml) for the full list of configurable parameters.
+The following table lists the main configurable parameters of the falco-exporter chart v0.12.1 and their default values. Please, refer to [values.yaml](./values.yaml) for the full list of configurable parameters.
 
 ## Values
 
@@ -116,18 +116,23 @@ The following table lists the main configurable parameters of the falco-exporter
 | priorityClassName | string | `""` | priorityClassName specifies the name of the PriorityClass for the pods. |
 | prometheusRules.alerts.additionalAlerts | object | `{}` |  |
 | prometheusRules.alerts.alert.enabled | bool | `true` |  |
+| prometheusRules.alerts.alert.for | string | `"5m"` |  |
 | prometheusRules.alerts.alert.rate_interval | string | `"5m"` |  |
 | prometheusRules.alerts.alert.threshold | int | `0` |  |
 | prometheusRules.alerts.critical.enabled | bool | `true` |  |
+| prometheusRules.alerts.critical.for | string | `"15m"` |  |
 | prometheusRules.alerts.critical.rate_interval | string | `"5m"` |  |
 | prometheusRules.alerts.critical.threshold | int | `0` |  |
 | prometheusRules.alerts.emergency.enabled | bool | `true` |  |
+| prometheusRules.alerts.emergency.for | string | `"1m"` |  |
 | prometheusRules.alerts.emergency.rate_interval | string | `"1m"` |  |
 | prometheusRules.alerts.emergency.threshold | int | `0` |  |
 | prometheusRules.alerts.error.enabled | bool | `true` |  |
+| prometheusRules.alerts.error.for | string | `"15m"` |  |
 | prometheusRules.alerts.error.rate_interval | string | `"5m"` |  |
 | prometheusRules.alerts.error.threshold | int | `0` |  |
 | prometheusRules.alerts.warning.enabled | bool | `true` |  |
+| prometheusRules.alerts.warning.for | string | `"15m"` |  |
 | prometheusRules.alerts.warning.rate_interval | string | `"5m"` |  |
 | prometheusRules.alerts.warning.threshold | int | `0` |  |
 | prometheusRules.enabled | bool | `false` | enabled specifies whether the prometheus rules should be deployed. |

@@ -31,7 +31,7 @@ spec:
         summary: Falco is experiencing high rate of warning events
         description: A high rate of warning events are being detected by Falco
       expr: rate(falco_events{priority="4"}[{{ .Values.prometheusRules.alerts.warning.rate_interval }}]) > {{ .Values.prometheusRules.alerts.warning.threshold }}
-      for: 15m
+      for: {{ .Values.prometheusRules.alerts.warning.for }}
       labels:
         severity: warning
     {{- end }}
@@ -41,7 +41,7 @@ spec:
         summary: Falco is experiencing high rate of error events
         description: A high rate of error events are being detected by Falco
       expr: rate(falco_events{priority="3"}[{{ .Values.prometheusRules.alerts.error.rate_interval }}]) > {{ .Values.prometheusRules.alerts.error.threshold }}
-      for: 15m
+      for: {{ .Values.prometheusRules.alerts.error.for }}
       labels:
         severity: warning
     {{- end }}
@@ -51,7 +51,7 @@ spec:
         summary: Falco is experiencing high rate of critical events
         description: A high rate of critical events are being detected by Falco
       expr: rate(falco_events{priority="2"}[{{ .Values.prometheusRules.alerts.critical.rate_interval }}]) > {{ .Values.prometheusRules.alerts.critical.threshold }}
-      for: 15m
+      for: {{ .Values.prometheusRules.alerts.critical.for }}
       labels:
         severity: critical
     {{- end }}
@@ -61,7 +61,7 @@ spec:
         summary: Falco is experiencing high rate of alert events
         description: A high rate of alert events are being detected by Falco
       expr: rate(falco_events{priority="1"}[{{ .Values.prometheusRules.alerts.alert.rate_interval }}]) > {{ .Values.prometheusRules.alerts.alert.threshold }}
-      for: 5m
+      for: {{ .Values.prometheusRules.alerts.alert.for }}
       labels:
         severity: critical
     {{- end }}
@@ -71,7 +71,7 @@ spec:
         summary: Falco is experiencing high rate of emergency events
         description: A high rate of emergency events are being detected by Falco
       expr: rate(falco_events{priority="0"}[{{ .Values.prometheusRules.alerts.emergency.rate_interval }}]) > {{ .Values.prometheusRules.alerts.emergency.threshold }}
-      for: 1m
+      for: {{ .Values.prometheusRules.alerts.emergency.for }}
       labels:
         severity: critical
     {{- end }}

@@ -198,20 +198,25 @@ prometheusRules:
       enabled: true
       rate_interval: "5m"
       threshold: 0
+      for: "15m"
     error:
       enabled: true
       rate_interval: "5m"
       threshold: 0
+      for: "15m"
     critical:
       enabled: true
       rate_interval: "5m"
       threshold: 0
+      for: "15m"
     alert:
       enabled: true
       rate_interval: "5m"
       threshold: 0
+      for: "5m"
     emergency:
       enabled: true
       rate_interval: "1m"
       threshold: 0
+      for: "1m"
     additionalAlerts: {}
@@ -3,6 +3,180 @@
 This file documents all notable changes to Falco Helm Chart. The release
 numbering uses [semantic versioning](http://semver.org).
 
+## v4.19.0
+
+* fix falco version to 0.40.0
+
+## v4.18.0
+
+* update the chart for falco 0.40;
+* remove deprecated cli flag `--cri` and use instead the configuration file. More info here: https://github.com/falcosecurity/falco/pull/3329
+* use new falco images, for more info see: https://github.com/falcosecurity/falco/issues/3165
+
+## v4.17.2
+
+* update(falco): add ports definition in falco container spec
+
+## v4.17.1
+
+* docs(falco): update README.md to reflect latest driver configuration and correct broken links
+
+## v4.17.0
+
+* update(falco): bump k8saudit version to 0.11
+
+## v4.16.2
+
+* fix(falco): set dnsPolicy to ClusterFirstWithHostNet when gvisor driver is enabled to prevent DNS lookup failures for cluster-internal services
+
+## v4.16.1
+
+* fix(falco/serviceMonitor): set service label selector
+* new(falco/tests): add unit tests for serviceMonitor label selector
+
+## v4.16.0
+
+* bump falcosidekick dependency to v0.9.* to match with future versions
+
+## v4.15.1
+
+* fix: change the url for the concurrent queue classes docs
+
+## v4.15.0
+
+* update(falco): bump falco version to 0.39.2 and falcoctl to 0.10.1
+
+## v4.14.2
+
+* fix(falco/readme): use `rules_files` instead of deprecated `rules_file` in README config snippet
+
+## v4.14.1
+
+* fix(falco/dashboard): make pod variable independent of triggered rules. CPU and memory are now visible for each 
+  pod, even when no rules have been triggered for that falco instance.
+
+## v4.14.0
+
+* Bump k8smeta plugin to 0.2.1, see: https://github.com/falcosecurity/plugins/releases/tag/plugins%2Fk8smeta%2Fv0.2.1
+
+## v4.13.0
+
+* Expose new config entries for k8smeta plugin:`verbosity` and `hostProc`.
+
+## v4.12.0
+
+* Set apparmor to `unconfined` (disabled) when `leastPrivileged: true` and (`kind: modern_ebpf` or `kind: ebpf`)
+
+## v4.11.2
+
+* only prints env key if there are env values to be passed on `falcoctl.initContainer` and `falcoctl.sidecar`
+
+## v4.11.1
+
+* add details for the scap drops buffer charts with the dir  and drops labels
+
+## v4.11.0
+
+* new(falco): add grafana dashboard for falco
+
+## v4.10.0
+
+* Bump Falco to v0.39.1
+
+## v4.9.1
+
+* feat(falco): add labels and annotations to the metrics service
+
+## v4.9.0
+
+* Bump Falco to v0.39.0
+* update(falco): add new configuration entries for Falco
+  This commit adds new config keys introduces in Falco 0.39.0.
+  Furthermore, updates the unit tests for the latest changes
+  in the values.yaml.
+* cleanup(falco): remove deprecated falco configuration
+  This commit removes the "output" config key that has
+  been deprecated in falco.
+* update(falco): mount proc filesystem for plugins
+  The following PR in libs https://github.com/falcosecurity/libs/pull/1969
+  introduces a new platform for plugins that requires access to the
+  proc filesystem.
+* fix(falco): update broken link pointing to Falco docs
+  After the changes made by the following PR to the Falco docs https://github.com/falcosecurity/falco-website/pull/1362
+  this commit updates a broken link.
+
+## v4.8.3
+
+* The init container, when driver.kind=auto, automatically generates
+  a new Falco configuration file and selects the appropriate engine
+  kind based on the environment where Falco is deployed.
+
+  With this commit, along with falcoctl PR #630, the Helm charts now 
+  support different driver kinds for Falco instances based on the 
+  specific node they are running on. When driver.kind=auto is set,
+  each Falco instance dynamically selects the most suitable 
+  driver (e.g., ebpf, kmod, modern_ebpf) for the node.
+  +-------------------------------------------------------+
+  | Kubernetes Cluster                                    |
+  |                                                       |
+  |  +-------------------+  +-------------------+        |
+  |  | Node 1             |  | Node 2             |        |
+  |  |                   |  |                   |        |
+  |  | Falco (ebpf) |  | Falco (kmod)       |        |
+  |  +-------------------+  +-------------------+        |
+  |                                                       |
+  |                 +-------------------+                |
+  |                 | Node 3             |                |
+  |                 |                   |                |
+  |                 | Falco (modern_ebpf)|                |
+  |                 +-------------------+                |
+  +-------------------------------------------------------+
+
+## v4.8.2
+
+* fix(falco): correctly mount host filesystems when driver.kind is auto
+
+  When falco runs with kmod/module driver it needs special filesystems
+  to be mounted from the host such /dev and /sys/module/falco.
+  This commit ensures that we mount them in the falco container.
+
+  Note that, the /sys/module/falco is now mounted as /sys/module since
+  we do not know which kind of driver will be used. The falco folder 
+  exists under /sys/module only when the kernel module is loaded, 
+  hence it's not possible to use the /sys/module/falco hostpath when driver.kind 
+  is set to auto.
+
+## v4.8.1
+
+* fix(falcosidekick): add support for custom service type for webui redis
+
+## v4.8.0
+
+* Upgrade Falco version to 0.38.2
+
+## v4.7.2
+
+* use rules_files key in the preset values files
+
+## v4.7.1
+
+* fix(falco/config): use rules_files instead of deprecated key rules_file
+
+## v4.7.0
+
+* bump k8smeta plugin to version 0.2.0. The new version, resolves a bug that prevented the plugin
+  from populating the k8smeta fields. For more info see:
+  * https://github.com/falcosecurity/plugins/issues/514
+  * https://github.com/falcosecurity/plugins/pull/517
+
+## v4.6.3
+
+* fix(falco): mount client-certs-volume only if certs.existingClientSecret is defined
+
+## v4.6.2
+
+* bump falcosidekick dependency to v0.8.* to match with future versions
+
 ## v4.6.1
 
 * bump falcosidekick dependency to v0.8.2 (fixes bug when using externalRedis in UI)
@@ -172,7 +346,7 @@ The new chart introduces some breaking changes. For folks upgrading Falco please
 ## v3.3.0
 * Upgrade Falco to 0.35.1. For more info see the release notes: https://github.com/falcosecurity/falco/releases/tag/0.35.1
 * Upgrade falcoctl to 0.5.1. For more info see the release notes: https://github.com/falcosecurity/falcoctl/releases/tag/v0.5.1
-* Introduce least privileged mode in modern ebpf. For more info see: https://falco.org/docs/event-sources/kernel/#least-privileged-mode-2
+* Introduce least privileged mode in modern ebpf. For more info see: https://falco.org/docs/setup/container/#docker-least-privileged-modern-ebpf
 
 ## v3.2.1
 * Set falco.http_output.url to empty string in values.yaml file

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: falco
-version: 4.6.1
-appVersion: "0.38.1"
+version: 4.19.0
+appVersion: "0.40.0"
 description: Falco
 keywords:
   - monitoring
@@ -19,7 +19,7 @@ maintainers:
     email: [email protected]
 dependencies:
   - name: falcosidekick
-    version: "0.8.2"
+    version: "0.9.*"
     condition: falcosidekick.enabled
     repository: https://falcosecurity.github.io/charts
   - name: k8s-metacollector