Update cluster-applications to 0.23.0

This commit updates pinned cluster-applications version and updates
Cilium docs with changes introduced in 1.8.0.

changelogs/unreleased/cluster-applications-0-23-0.yml

+---
+title: Update cluster-applications to 0.23.0
+merge_request: 35691
+author:
+type: added

doc/user/application_security/threat_monitoring/index.md

@@ -58,12 +58,15 @@ prerequisites:
 
 If you're using custom Helm values for Cilium, you must enable Hubble
 with flow metrics for each namespace by adding the following lines to
-your [Hubble values](../../clusters/applications.md#install-cilium-using-gitlab-cicd):
+your [Cilium values](../../clusters/applications.md#install-cilium-using-gitlab-cicd):
 
 ```yaml
-metrics:
-  enabled:
-    - 'flow:sourceContext=namespace;destinationContext=namespace'
+global:
+  hubble:
+    enabled: true
+    metrics:
+      enabled:
+      - 'flow:sourceContext=namespace;destinationContext=namespace'
 ```
 
 The **Container Network Policy** section displays the following information

doc/user/clusters/applications.md

@@ -963,23 +963,21 @@ Major upgrades might require additional setup steps, please consult
 the official [upgrade guide](https://docs.cilium.io/en/stable/install/upgrade/) for more
 information.
 
-By default, Cilium will drop all disallowed packets upon policy
-deployment. The audit mode is scheduled for release in
-[Cilium 1.8](https://github.com/cilium/cilium/pull/9970). In the audit
-mode, disallowed packets will not be dropped, and audit
-notifications will be generated instead. GitLab provides alternative Docker
-images for Cilium with the audit patch included. You can switch to the
-custom build and enable the audit mode by adding the following to
+By default, Cilium drops all disallowed packets upon policy
+deployment. In
+[auditmode](https://docs.cilium.io/en/v1.8/gettingstarted/policy-creation/?highlight=policy-audit#enable-policy-audit-mode),
+however, Cilium doesn't drop disallowed packets. You can use
+`policy-verdict` log to observe policy-related decisions. You can
+enable audit mode by adding the following to
 `.gitlab/managed-apps/cilium/values.yaml`:
 
 ```yaml
-global:
-  registry: registry.gitlab.com/gitlab-org/defend/cilium
+config:
   policyAuditMode: true
 
 agent:
   monitor:
-    eventTypes: ["drop", "audit"]
+    eventTypes: ["drop", "policy-verdict"]
 ```
 
 The Cilium monitor log for traffic is logged out by the
@@ -1001,22 +999,24 @@ The [Hubble](https://github.com/cilium/hubble) monitoring daemon is
 enabled by default and it's set to collect per namespace flow
 metrics. This metrics are accessible on the [Threat Monitoring](../application_security/threat_monitoring/index.md)
 dashboard. You can disable Hubble by adding the following to
-`.gitlab/managed-apps/config.yaml`:
+`.gitlab/managed-apps/cilium/values.yaml`:
 
 ```yaml
-cilium:
-  installed: true
+global:
   hubble:
-    installed: false
+    enabled: false
 ```
 
 You can also adjust Helm values for Hubble via
-`.gitlab/managed-apps/cilium/hubble-values.yaml`:
+`.gitlab/managed-apps/cilium/values.yaml`:
 
 ```yaml
-metrics:
-  enabled:
-    - 'flow:sourceContext=namespace;destinationContext=namespace'
+global:
+  hubble:
+    enabled: true
+    metrics:
+      enabled:
+      - 'flow:sourceContext=namespace;destinationContext=namespace'
 ```
 
 ### Install Falco using GitLab CI/CD

lib/gitlab/ci/templates/Managed-Cluster-Applications.gitlab-ci.yml

 apply:
   stage: deploy
-  image: "registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:v0.20.0"
+  image: "registry.gitlab.com/gitlab-org/cluster-integration/cluster-applications:v0.23.0"
   environment:
     name: production
   variables: