Merge branch 'main' into replace-removed-app-labels-for-ingress-nginx…

…-and-external-dns

CHANGELOG.md

@@ -14,7 +14,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 
 - Dashboard links in alertmanager and mimir rules
-- Remove useless app labels for external-dns and ingress-nginx alerts.
+- Remove deprecated app labels for external-dns and ingress-nginx alerts.
+- Fix falco events alerts node label to hostname as node does not exist.
 
 ## [4.15.2] - 2024-09-17
 

helm/prometheus-rules/templates/platform/shield/alerting-rules/falco.rules.yml

@@ -16,8 +16,8 @@ spec:
     - alert: FalcoCriticalAlertFiring
       annotations:
         description: |-
-          {{`{{ if eq $labels.k8s_pod_name "<NA>" }}The Falco rule {{ $labels.rule }} was triggered on the node {{ $labels.node }}.
-          {{else}}Pod {{ $labels.k8s_ns_name }}/{{ $labels.k8s_pod_name }} triggered the Falco rule {{ $labels.rule }} on the node {{ $labels.node }}.{{ end }}`}}
+          {{`{{ if eq $labels.k8s_pod_name "<NA>" }}The Falco rule {{ $labels.rule }} was triggered on the node {{ $labels.hostname }}.
+          {{else}}Pod {{ $labels.k8s_ns_name }}/{{ $labels.k8s_pod_name }} triggered the Falco rule {{ $labels.rule }} on the node {{ $labels.hostname }}.{{ end }}`}}
         opsrecipe: falco-alert/
       expr: increase(falco_events{priority=~"0|1|2|3"}[10m] ) > 0
       labels:
@@ -32,8 +32,8 @@ spec:
     - alert: FalcoMediumAlertFiring
       annotations:
         description: |-
-          {{`{{ if eq $labels.k8s_pod_name "<NA>" }}The Falco rule {{ $labels.rule }} was triggered on the node {{ $labels.node }}.
-          {{else}}Pod {{ $labels.k8s_ns_name }}/{{ $labels.k8s_pod_name }} triggered the Falco rule {{ $labels.rule }} on the node {{ $labels.node }}.{{ end }}`}}
+          {{`{{ if eq $labels.k8s_pod_name "<NA>" }}The Falco rule {{ $labels.rule }} was triggered on the node {{ $labels.hostname }}.
+          {{else}}Pod {{ $labels.k8s_ns_name }}/{{ $labels.k8s_pod_name }} triggered the Falco rule {{ $labels.rule }} on the node {{ $labels.hostname }}.{{ end }}`}}
         opsrecipe: falco-alert/
       expr: increase(falco_events{priority=~"4|5"}[10m] ) > 0
       labels:
@@ -47,8 +47,8 @@ spec:
     - alert: FalcoInformationalAlert
       annotations:
         description: |-
-          {{`{{ if eq $labels.k8s_pod_name "<NA>" }}The Falco rule {{ $labels.rule }} was triggered on the node {{ $labels.node }}.
-          {{else}}Pod {{ $labels.k8s_ns_name }}/{{ $labels.k8s_pod_name }} triggered the Falco rule {{ $labels.rule }} on the node {{ $labels.node }}.{{ end }}`}}
+          {{`{{ if eq $labels.k8s_pod_name "<NA>" }}The Falco rule {{ $labels.rule }} was triggered on the node {{ $labels.hostname }}.
+          {{else}}Pod {{ $labels.k8s_ns_name }}/{{ $labels.k8s_pod_name }} triggered the Falco rule {{ $labels.rule }} on the node {{ $labels.hostname }}.{{ end }}`}}
         opsrecipe: falco-alert/
       expr: increase(falco_events{priority="6"}[10m] ) > 0
       labels:
@@ -62,8 +62,8 @@ spec:
     - alert: FalcoXZBackdoorAlert
       annotations:
         description: |-
-          {{`{{ if eq $labels.k8s_pod_name "<NA>" }}The Falco rule {{ $labels.rule }} was triggered on the node {{ $labels.node }}.
-          {{else}}Pod {{ $labels.k8s_ns_name }}/{{ $labels.k8s_pod_name }} triggered the Falco rule {{ $labels.rule }} on the node {{ $labels.node }}.{{ end }}`}}
+          {{`{{ if eq $labels.k8s_pod_name "<NA>" }}The Falco rule {{ $labels.rule }} was triggered on the node {{ $labels.hostname }}.
+          {{else}}Pod {{ $labels.k8s_ns_name }}/{{ $labels.k8s_pod_name }} triggered the Falco rule {{ $labels.rule }} on the node {{ $labels.hostname }}.{{ end }}`}}
         opsrecipe: falco-alert/
       expr: falco_events{rule="Backdoored library loaded into SSHD (CVE-2024-3094)"} > 0
       labels: