pool/tetragon
SHA256
4
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity
ff36a5ac8d
tetragon/tetragon.changes

133 lines
5.9 KiB
Plaintext
Raw Blame History

-------------------------------------------------------------------
Wed Nov 27 11:11:43 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.2.1:
* Prepare for v1.2.1 release
* filters: implement parent_arguments_regex
* chore(deps): update go to v1.22.9
* chore(deps): update docker.io/library/alpine:3.20.3 docker
digest to 1e42bbe
* tetragon: probe_read usage may cause issues with newer kernels
* e2e tests: skip label test on ARM
* workflows: use GitHub arm64 runners instead of actuated
* Add support to exclude valid processes from dump processCache
* tetra: add max-recv-size to processcache dump cmd
* tetra: rewrite dump processcache cmd for correct error code
* tetra: use consistent case in dump cmd and api
* Add support to dump processLRU
* [btf] Flush kernel spec (BTF) after loading a sensor
* [ksyms] Do not cache ksyms to reduce memory consumption
* fix(deps): update module github.com/cilium/cilium to v1.15.10
[security]
* chore(deps): update docker.io/library/golang:1.22.8 docker
digest to 0ca97f4
* chore(deps): update docker.io/library/alpine docker tag to
v3.20.3
* chore(deps): update go to v1.22.8
* fix(deps): update module github.com/containers/common to
v0.60.4 [security]
* chore(deps): update docker.io/library/golang:1.22.6 docker
digest to a632201
* chore: update containers/common
* Remove const from parameters
* bpf: allow all operations for syscall64 type
* watcher: add metrics for deleted pod cache
* watcher: add a deleted pod cache
* watcher: add test for "fast" k8s API server
* watcher: change FindContainer function
* watcher: add a containerIDKey function
* watcher: refactor watcher
* Export EventCache tunables in the Helm Chart
* Reduce the delay in GRPC gotests
* Make EventCache configurable
* helm: Set rthooks.podSecurityContext to empty by default
* helm: Remove deprecated tetragon.skipCRDCreation value
* [bugfix] Fix clone event caching due to missing pod info
-------------------------------------------------------------------
Fri Sep 13 18:27:13 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.2.0:
Full changelog see
https://github.com/cilium/tetragon/releases/tag/v1.2.0
* Major Changes
- feat: Username for process_exec events (#2369) by @anfedotoff
- tetragon: Allow persistent enforcement during tetragon
restart (#2600) by @olsajiri
- LSM sensor (#2566) by @anfedotoff
* Bugfixes
- bpf: use CORE for execve hook (#2399) by @kkourt
- Don't create PodInfo if the pod is being deleted (#2431) by
@michi-covalent
- tetragon: allow namespaced and non-namespaced policies to
have the same name (#2337) by @joshuajorel
- operator: Don't start metrics server if Helm value
tetragonOperator.prometheus.enabled is set to false. (#2484)
by @yukinakanaka
- enforcer: fix issue when using multiple calls with fmod_ret
(#2524) by @kkourt
- Reduce the kernel memory footprint (accounted by the cgroup
memory controller) of the stack trace feature when unused.
(#2546) by @mtardy
- Reduce the kernel memory footprint (accounted by the cgroup
memory controller) of the ratelimit feature when unused
(around ~10MB per kprobe). (#2551) by @mtardy
- Reduce the kernel memory footprint (accounted by the cgroup
memory controller) of the fdinstall feature when unused
(around ~11MB per kprobe). (#2563) by @mtardy
- Do not increase the reference count when we cannot find a
parent in kthreads. (#2620) by @tpapagian
- Reduce the kernel memory footprint (accounted by the cgroup
v2 memory controller) of the override feature when unused
(around ~3MB per kprobe). (#2692) by @mtardy
- Fix a bug related to the matchBinaries Prefix operator by
increasing the buffer size used by our dentry walk. Now the
matchBinaries Prefix operator can correctly trigger a match
on any path above 255 chars. (#2764) by @mtardy
- Fix a bug where the tetra getevents command would timeout
even if the connection was successful. (#2765) by @mtardy
- Fix missing cases in the compact encoder for tetra. (#2819)
by @willfindlay
- add support for pod association via cgroup id (#2776) by
@kkourt
- Allow disabling gRPC either by selecting 'enabled:false' in
the helm chart or by passing an empty address to the agent
(#2826) by @kkourt
- Fix tetragon_process_cache_size metric (#2827) by @lambdanis
-------------------------------------------------------------------
Mon Jul 29 18:36:26 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- exclude architectures that fail to build due to
'pkg/syscallinfo/syscallinfo.go:39:34: undefined: syscallNames'
errors
-------------------------------------------------------------------
Wed Jun 12 16:18:43 UTC 2024 - opensuse_buildservice@ojkastl.de
- Update to version 1.1.2:
* Bugfixes:
- Don't create PodInfo if the pod is being deleted
- [v1.1] backport: bpf: use CORE for execve hook
- enforcer: fix issue when using multiple calls with fmod_ret
* Minor Changes:
- backports:1.1:tests: fix trace module testing
- backports:1.1: uid username resolution support
- helm: Add tetragon.livenessProbe value
- backport:v1.1: btf: take first entry on multiple function
matches
* Misc Changes:
- Prepare for v1.1.0 release
- Use gRPC-based liveness probe instead of tetra status.
- [v1.1] Introduce upgrade notes
- Prepare for v1.1.1 release
- [v1.1] Makefile: exclude api tags from version
- v1.1: misc updates relating to release process
- Prepare for v1.1.2 release
-------------------------------------------------------------------
Tue Apr 30 18:11:26 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- new package tetragon: eBPF-based Security Observability and
Runtime Enforcement
Reference in New Issue View Git Blame Copy Permalink