chore(docs): added falco.yaml section about config keys maturity.

[FedeDP]

What type of PR is this?

/kind cleanup

Any specific area of the project related to this PR?

What this PR does / why we need it:

Also, rename Experimental -> Incubating and move prometheus_metrics_enabled to Incubating.

Which issue(s) this PR fixes:

Fixes #

Special notes for your reviewer:

See the proposal: https://github.com/falcosecurity/falco/blob/master/proposals/20231220-features-adoption-and-deprecation.md

Does this PR introduce a user-facing change?:

chore(docs): apply features adoption and deprecation proposal to config file keys

[FedeDP]

/milestone 0.38.0

[FedeDP]

/cc @leogr @incertum @LucaGuerra

[FedeDP]

Am not sure about how to integrate the feature level label here, for a sub-option of a Stable config key.

[incertum]

Makes sense to me like this.

[leogr]

This way works for me 👍

[FedeDP]

Experimental -> Incubating

[incertum]

urgh ok here we should maybe also introduce a synonym rules_matching @leogr?

[FedeDP]

I think singular is ok, in this case; it is rule-matching algorithm, feels ok rule_matching: foo to me.

[FedeDP]

I was also wondering whether we could improve somehow the way maturity labels are attached, ie: perhaps moving them to the index at the top? Or moving them just the line before the configuration key, like:

# `configs_files`
#
# Falco will load additional configs files specified here.
# Their loading is assumed to be made *after* main config file has been processed,
# exactly in the order they are specified.
# Therefore, loaded config files *can* override values from main config file.
# Also, nested include is not allowed, ie: included config files won't be able to include other config files.
#
# Like for 'rules_files', specifying a folder will load all the configs files present in it in a lexicographical order.
#
# [Stable] 
configs_files:
  - /etc/falco/config.d

[incertum]

Oh ok we may need to change the sha256 metrics name then as well. @FedeDP would you mind adding a commit for that real quick here? Thanks!

[FedeDP]

Am not sure though, since we have watch_config_files too, and indeed we have multiple configuration (singular) files (plural), so config_files is not that bad after all, even if it somehow clashes with rules_files (but in this case, we have multiple files with multiple rules inside).
WDYT? Ie i am proposing to rename configs_files to config_files (not a breaking change since we introduced the new key during this release cycle, so we never went out with that).
cc @leogr

[leogr]

I guess config_files would be more appropriate since it uses the singular form config as an adjective to describe the type of files (each file represents a configuration composed of a set of options). N.B. rules_files is different because a rulesfiles describes a single file containing many rules (each file represents a set of rules).

That said, I can't recall why we called it configs vs. config. Did we have a compelling reason to call it so? 🤔

[incertum]

So we keep config (singular form)? Works for me. Could we re-audit if we are consistent everywhere?

[FedeDP]

Ok Leo is on board with changing configs_files to config_files. I will add a new commit for that.

[incertum]

Makes sense to me like this.

[FedeDP]

/hold
for discussion

[leogr]

This way works for me 👍

[leogr]

Suggested change

	# [Incubating] `falco_libs` - Potentially subject to more frequent changes
	# [Incubating] `falco_libs`

IMO, it would be appropriate to remove (or at least clarify what we mean by):

Potentially subject to more frequent changes

For incubating features, long-term support is not guaranteed, and before 1.0, the deprecation period length is 0. This basically means, the feature can be changed or removed at any time. This is the same for all incubating features, so I don't see any compelling reason to make any particular treatment for this specific one.

[incertum]

Agreed, remove it.

[leogr]

I guess config_files would be more appropriate since it uses the singular form config as an adjective to describe the type of files (each file represents a configuration composed of a set of options). N.B. rules_files is different because a rulesfiles describes a single file containing many rules (each file represents a set of rules).

That said, I can't recall why we called it configs vs. config. Did we have a compelling reason to call it so? 🤔

[incertum]

I was also wondering whether we could improve somehow the way maturity labels are attached, ie: perhaps moving them to the index at the top? Or moving them just the line before the configuration key, like:

# `configs_files`
#
# Falco will load additional configs files specified here.
# Their loading is assumed to be made *after* main config file has been processed,
# exactly in the order they are specified.
# Therefore, loaded config files *can* override values from main config file.
# Also, nested include is not allowed, ie: included config files won't be able to include other config files.
#
# Like for 'rules_files', specifying a folder will load all the configs files present in it in a lexicographical order.
#
# [Stable] 
configs_files:
  - /etc/falco/config.d

@leogr we haven't responded to this yet.

• Adding also to the index at the top, big +1
• Keeping # [Stable] configs_files was good would say, we can also add to the specific sub-config if needed. Don't have a strong opinion here. You can decide.

[FedeDP]

Should've done everything:

• configs_files -> config_files
• experimental -> incubating
• removed - Potentially subject to more frequent changes as @leogr suggested
• Added maturity level to config index
• merged under same section config_files and watch_config_files settings

[FedeDP]

Note for eg: 1.0.0: we might add an outputs. namespace for these settings.
Similarly, for all the others, eg:

• services.{grpc,webserver}
• log.{stderr,syslog,level,libs}`
  ...

[incertum]

/approve

[leogr]

cc @LucaGuerra pls keep track of this, it may be useful in release comms.

[poiana]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: FedeDP, incertum, leogr

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [FedeDP,incertum,leogr]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[FedeDP]

/unhold