Releases: kubearmor/KubeArmor
Releases · kubearmor/KubeArmor
v1.0.3
What's Changed
- fix(Credits): Corrected Credits section in GOVERNANCE.md by @vishalrajofficial in #1376
- docs(fix typo): fix sample commands to get alerts for policies and te… by @haytok in #1362
- Update STABLE-RELEASE by @Shreyas220 in #1379
- Update STABLE-RELEASE by @Shreyas220 in #1383
- [skip ci] Update Helm Chart To v0.11 by @github-actions in #1384
- feat: OSSF Scorecard, FOSSA checks, FAQ, docs updates by @nyrahul in #1378
- docs: add badge to show docker image pulls by @Ankurk99 in #1381
- docs: gitbook and FAQ fixes by @nyrahul in #1386
- feat(protobufs): update protobufs for streaming logs and policies by @DelusionalOptimist in #1329
- fix(operator): fix snitch deployment for openshift by @rksharma95 in #1395
- chore(build):Update Dockerfiles to use redhat ubi as base image by @rksharma95 in #1348
- chore(CI): Increase ci latest-release workflow timeout by @rksharma95 in #1402
- chore(controller): add license file to controller image by @rksharma95 in #1403
- feat(docs): ArtifactHub Badge and ROADMAP.md Added by @rootxrishabh in #1404
- chore(operator): add license file to operator container image by @rksharma95 in #1410
- fix(operator): seperate snitch from the operator by @rksharma95 in #1418
- feat(operator): update related images from operator bundle by @rksharma95 in #1422
- docs: added CLOMonitor badge by @nyrahul in #1407
- Bpftool fix by @pavan12395 in #1412
- ensuring PPID to be 0 when HOSTPPID is assigned to PPID by @Prateeknandle in #1411
- feat(policy): enhance handling of policy additon and deletion in systemd mode by @Aryan-sharma11 in #1380
- feat: Add k0s support by @anurag-rajawat in #1399
- fix: Update VMWare to VMware by @MeenuyD in #1429
- fix(core): handle containers in CRI agnostic way by @daemon1024 in #1427
- Replaced AccuKnox org images with KubeArmor by @VamshiReddy02 in #1425
- feat: removing all the static deployments by @Shreyas220 in #1431
- fix(refactor): change KubeArmor default namespace to "kubearmor" by @Ankurk99 in #1372
- fix(operator): Fix containerd socket and storage volumemounts by @anurag-rajawat in #1432
- docs: updated FAQ for kind cluster support on apparmor by @nyrahul in #1430
- chore(operator): Remove Operator Bundle by @rksharma95 in #1439
- feat(DOCS) scorecard analysis version updated by @rootxrishabh in #1414
- Update FAQ.md for enabling BPFLSM by @daemon1024 in #1450
- feat(config): add untracked ns as a configurable option by @Ankurk99 in #1441
- Enhance alerts bpflsm by @daemon1024 in #1259
- adding cwd in alerts/telemetry by @Prateeknandle in #1453
- fix(core): fix to prevent policies from being applied to containers t… by @haytok in #1406
- feat(config):update default visibility to disable file-based telemetry by @Ankurk99 in #1444
- fix(core): fix so that it can be restricted to matched paths and dire… by @haytok in #1461
- chore(docs): update install docs with helm by @daemon1024 in #1463
- feat: Listing the policies applied on containers in Un-orchestrated environment by @Aryan-sharma11 in #1396
- fix(docs): use github markdown formatting for notes by @daemon1024 in #1466
- feat: Add support for microshift by @anurag-rajawat in #1437
- fix(systemmonitor):deleting untraced file access entries in file_map by @Prateeknandle in #1470
New Contributors
- @vishalrajofficial made their first contribution in #1376
- @github-actions made their first contribution in #1384
- @rootxrishabh made their first contribution in #1404
- @pavan12395 made their first contribution in #1412
- @anurag-rajawat made their first contribution in #1399
- @MeenuyD made their first contribution in #1429
- @VamshiReddy02 made their first contribution in #1425
Full Changelog: v0.11.0...v1.0.3
Contributors
nyrahul, Ankurk99, and 13 other contributors
Assets 9
v1.0.2
What's Changed
- fix(Credits): Corrected Credits section in GOVERNANCE.md by @vishalrajofficial in #1376
- docs(fix typo): fix sample commands to get alerts for policies and te… by @haytok in #1362
- Update STABLE-RELEASE by @Shreyas220 in #1379
- Update STABLE-RELEASE by @Shreyas220 in #1383
- [skip ci] Update Helm Chart To v0.11 by @github-actions in #1384
- feat: OSSF Scorecard, FOSSA checks, FAQ, docs updates by @nyrahul in #1378
- docs: add badge to show docker image pulls by @Ankurk99 in #1381
- docs: gitbook and FAQ fixes by @nyrahul in #1386
- feat(protobufs): update protobufs for streaming logs and policies by @DelusionalOptimist in #1329
- fix(operator): fix snitch deployment for openshift by @rksharma95 in #1395
- chore(build):Update Dockerfiles to use redhat ubi as base image by @rksharma95 in #1348
- chore(CI): Increase ci latest-release workflow timeout by @rksharma95 in #1402
- chore(controller): add license file to controller image by @rksharma95 in #1403
- feat(docs): ArtifactHub Badge and ROADMAP.md Added by @rootxrishabh in #1404
- chore(operator): add license file to operator container image by @rksharma95 in #1410
- fix(operator): seperate snitch from the operator by @rksharma95 in #1418
- feat(operator): update related images from operator bundle by @rksharma95 in #1422
- docs: added CLOMonitor badge by @nyrahul in #1407
- Bpftool fix by @pavan12395 in #1412
- ensuring PPID to be 0 when HOSTPPID is assigned to PPID by @Prateeknandle in #1411
- feat(policy): enhance handling of policy additon and deletion in systemd mode by @Aryan-sharma11 in #1380
- feat: Add k0s support by @anurag-rajawat in #1399
- fix: Update VMWare to VMware by @MeenuyD in #1429
- fix(core): handle containers in CRI agnostic way by @daemon1024 in #1427
- Replaced AccuKnox org images with KubeArmor by @VamshiReddy02 in #1425
- feat: removing all the static deployments by @Shreyas220 in #1431
- fix(refactor): change KubeArmor default namespace to "kubearmor" by @Ankurk99 in #1372
- fix(operator): Fix containerd socket and storage volumemounts by @anurag-rajawat in #1432
- docs: updated FAQ for kind cluster support on apparmor by @nyrahul in #1430
- chore(operator): Remove Operator Bundle by @rksharma95 in #1439
- feat(DOCS) scorecard analysis version updated by @rootxrishabh in #1414
- Update FAQ.md for enabling BPFLSM by @daemon1024 in #1450
- feat(config): add untracked ns as a configurable option by @Ankurk99 in #1441
- Enhance alerts bpflsm by @daemon1024 in #1259
- adding cwd in alerts/telemetry by @Prateeknandle in #1453
- fix(core): fix to prevent policies from being applied to containers t… by @haytok in #1406
- feat(config):update default visibility to disable file-based telemetry by @Ankurk99 in #1444
- fix(core): fix so that it can be restricted to matched paths and dire… by @haytok in #1461
- chore(docs): update install docs with helm by @daemon1024 in #1463
- feat: Listing the policies applied on containers in Un-orchestrated environment by @Aryan-sharma11 in #1396
- fix(docs): use github markdown formatting for notes by @daemon1024 in #1466
New Contributors
- @vishalrajofficial made their first contribution in #1376
- @github-actions made their first contribution in #1384
- @rootxrishabh made their first contribution in #1404
- @pavan12395 made their first contribution in #1412
- @anurag-rajawat made their first contribution in #1399
- @MeenuyD made their first contribution in #1429
- @VamshiReddy02 made their first contribution in #1425
Full Changelog: v0.11.0...v1.0.2
Contributors
nyrahul, Ankurk99, and 13 other contributors
Assets 9
v1.0.1
What's Changed
- fix(Credits): Corrected Credits section in GOVERNANCE.md by @vishalrajofficial in #1376
- docs(fix typo): fix sample commands to get alerts for policies and te… by @haytok in #1362
- Update STABLE-RELEASE by @Shreyas220 in #1379
- Update STABLE-RELEASE by @Shreyas220 in #1383
- [skip ci] Update Helm Chart To v0.11 by @github-actions in #1384
- feat: OSSF Scorecard, FOSSA checks, FAQ, docs updates by @nyrahul in #1378
- docs: add badge to show docker image pulls by @Ankurk99 in #1381
- docs: gitbook and FAQ fixes by @nyrahul in #1386
- feat(protobufs): update protobufs for streaming logs and policies by @DelusionalOptimist in #1329
- fix(operator): fix snitch deployment for openshift by @rksharma95 in #1395
- chore(build):Update Dockerfiles to use redhat ubi as base image by @rksharma95 in #1348
- chore(CI): Increase ci latest-release workflow timeout by @rksharma95 in #1402
- chore(controller): add license file to controller image by @rksharma95 in #1403
- feat(docs): ArtifactHub Badge and ROADMAP.md Added by @rootxrishabh in #1404
- chore(operator): add license file to operator container image by @rksharma95 in #1410
- fix(operator): seperate snitch from the operator by @rksharma95 in #1418
- feat(operator): update related images from operator bundle by @rksharma95 in #1422
- docs: added CLOMonitor badge by @nyrahul in #1407
- Bpftool fix by @pavan12395 in #1412
- ensuring PPID to be 0 when HOSTPPID is assigned to PPID by @Prateeknandle in #1411
- feat(policy): enhance handling of policy additon and deletion in systemd mode by @Aryan-sharma11 in #1380
- feat: Add k0s support by @anurag-rajawat in #1399
- fix: Update VMWare to VMware by @MeenuyD in #1429
- fix(core): handle containers in CRI agnostic way by @daemon1024 in #1427
- Replaced AccuKnox org images with KubeArmor by @VamshiReddy02 in #1425
- feat: removing all the static deployments by @Shreyas220 in #1431
- fix(refactor): change KubeArmor default namespace to "kubearmor" by @Ankurk99 in #1372
- fix(operator): Fix containerd socket and storage volumemounts by @anurag-rajawat in #1432
- docs: updated FAQ for kind cluster support on apparmor by @nyrahul in #1430
New Contributors
- @vishalrajofficial made their first contribution in #1376
- @github-actions made their first contribution in #1384
- @rootxrishabh made their first contribution in #1404
- @pavan12395 made their first contribution in #1412
- @anurag-rajawat made their first contribution in #1399
- @MeenuyD made their first contribution in #1429
- @VamshiReddy02 made their first contribution in #1425
Full Changelog: v0.11.0...v1.0.1
Contributors
nyrahul, Ankurk99, and 13 other contributors
Assets 9
v0.11.0
What's Changed
- fix(CI): add the job to run go test on the KubeArmor/KubeArmor directory by @haytok in #1267
- docs: added 5G-SBP to adopters by @nyrahul in #1287
- fix(deps): update module github.com/onsi/gomega to v1.27.8 by @renovate in #1232
- chore(deps): update dependency jquery to v3.7.0 by @renovate in #1234
- release: stable version update to v0.10.2 by @nyrahul in #1288
- chore(CI): update stable helm releaser to create PR by @DelusionalOptimist in #1298
- docs: removed network microsegmentation use-case by @nyrahul in #1299
- fix: do not execute image push GH workflows in non-upstream repos by @nyrahul in #1301
- Update ADOPTERS.md by @nyrahul in #1315
- Update ADOPTERS.md by @kamallearner123 in #1316
- chore: fix ginkgo-cli version mismatch in CI by @kranurag7 in #1327
- exporting type syscall by @Prateeknandle in #1333
- Increase buffer size to reduce dropped logs by @Shreyas220 in #1177
- Default Posture logs bug by @Aryan-sharma11 in #1324
- Update least_permissive_access.md by @ibenrodriguez in #1339
- bpf,enforcer: remove conditional compilation and add alternate bpflsm availability check by @daemon1024 in #1017
- feat(operator): kubearmor-operator by @rksharma95 in #1246
- docs(FAQ): Add FAQs for kubearmor dashboards and ICMP rules by @DelusionalOptimist in #1342
- chore(deployment): Update RBAC rules for KubeArmor ClusterRole by @Shreyas220 in #1345
- fix(CI): KubeArmor-Controller version release by @rksharma95 in #1313
- feat: Annotating pre existing replicasets, statefulsets and daemonsets by @Shreyas220 in #1293
- chore(deployment): remove kubearmor-controller resource limits by @rksharma95 in #1358
- fix(operator):fix kernel header mount bug by @rksharma95 in #1357
- fix(CI): publish KubeArmorOperator Helm charts by @DelusionalOptimist in #1347
New Contributors
- @kamallearner123 made their first contribution in #1316
- @Shreyas220 made their first contribution in #1177
- @ibenrodriguez made their first contribution in #1339
Full Changelog: v0.10.2...v0.11.0
Contributors
renovate, ibenrodriguez, and 10 other contributors
Assets 9
v0.10.2
What's Changed
- fix(tests): Update tests dependencies by @rksharma95 in #1126
- fix(monitor): set actual process name in logs instead of symlinks by @daemon1024 in #1251
- fix(enforcer): correct rule handling for matchDirectories by @daemon1024 in #1252
- docs: added ADOPTERS file by @nyrahul in #1255
- docs: getting started guide updates by @nyrahul in #1262
- docs: updated README by @nyrahul in #1263
- fix(feeder): match symlink alerts correctly with policies by @daemon1024 in #1260
- fix(monitor): fix UpdateNsKeyMap and DestroyBPFMaps functions by @haytok in #1264
- handling empty owner field by @Prateeknandle in #1266
- chore(deployment): keep telemetry on by default in configmap by @daemon1024 in #1268
- fix(tests): Use enforcer-agnostic annotation in tests by @rksharma95 in #1133
- feat(controller): Move deployments to KubeArmorController by @DelusionalOptimist in #1253
- fix(CI): remove tests path from release workflow by @rksharma95 in #1274
- fix(tests): Migrate from manifests to helm in CI tests by @DelusionalOptimist in #1273
- chores(deployment): add label for kubearmor-relay service by @rajaSahil in #1278
- chore: fix failing tests due to old controller script by @DelusionalOptimist in #1280
- doc fix: helm install command by @Ankurk99 in #1282
- chore(deployments): fix volume mounts for GKE and add validation tests by @DelusionalOptimist in #1284
- feat/fix(bpflsm-enforcer): refactor network rule handling by @daemon1024 in #1283
- fix(CI): use tagged image upon tag creation trigger in latest release workflow by @DelusionalOptimist in #1286
New Contributors
Full Changelog: v0.10.1...v0.10.2
Contributors
nyrahul, rajaSahil, and 6 other contributors
Assets 9
v0.10.1
What's Changed
- docs(Community Meeting):Updated README by @akashsawan1 in #1243
- core: setup visibibility map for unorchestrated workloads by @daemon1024 in #1244
- fix,core: restore container policy by @daemon1024 in #1245
- fix(CI): cleanup Dockerfile(s) by @DelusionalOptimist in #1247
New Contributors
- @akashsawan1 made their first contribution in #1243
Full Changelog: v0.10.0...v0.10.1
Contributors
daemon1024, DelusionalOptimist, and akashsawan1
Assets 9
v0.10.0
What's Changed
- fix for stable release by @kranurag7 in #1142
- hotfix(manifest): revert clusterrole changes in #1026 by @daemon1024 in #1144
- manifest: change image pull policy for init container by @daemon1024 in #1145
- Update STABLE-RELEASE to v0.9 by @daemon1024 in #1146
- go vulnerability scan by @sheharyaar in #899
- fix MAINTAINERS list order by @Ankurk99 in #1132
- docs: Update the KubeArmor logo by @Amishakumari544 in #1151
- docs: fix karmor log to karmor logs by @xiao-jay in #1166
- chore(ci): use k8s env for ginkgo tests and fix CRI Storage mounts by @daemon1024 in #1170
- fix:KubeArmor running in host mode is dropping events due to busy event channel by @zhy76 in #1161
- fix: res.Container.ID[:12] lead to panic by @xiao-jay in #1187
- fix,enhance(core): use informers for watch nodes by @daemon1024 in #1190
- backport: fix,enhance(core): use informers for watch nodes by @daemon1024 in #1191
- :Adding host-visibility data to karmorProbeData.cfg file by @legorie in #1086
- add support for Amazon Linux 2023 by @Ankurk99 in #1196
- Mirantis MKE Engine by @AshokAccuknox in #1183
- [WIP] Test ArchLinux-6.2.1 support by @rahulk789 in #1195
- fix: continue even if syscall not found by @Ankurk99 in #1198
- Use registry client for updating stabling release workflow by @zhy76 in #1174
- docs: updated slack links by @nyrahul in #1203
- add support for DigitalOcean Kubernetes (DOKS) by @Vyom-Yadav in #1205
- docs : Added documentation for namespace visibility by @Aryan-sharma11 in #1204
- adding
DeploymentNamefor alerts metadata by @Prateeknandle in #1135 - fix(KubeArmorController): Update Hostpolicy ClientSet by @rksharma95 in #1114
- chore: Bump dependency versions by @Vyom-Yadav in #1207
- chore: Updated dependency versions by @Aryan-sharma11 in #1218
- chore(CI): Update CRI-O installation script to fetch latest version by @DelusionalOptimist in #1221
- feat(core): disable visibility globally by @daemon1024 in #1220
- Configure Renovate by @renovate in #1209
- BPF LSM Enforcement for unorchestrated containers by @daemon1024 in #1206
- use PT_REGS_PARM3 for retcode in inet_csk_accept by @daemon1024 in #1236
- fix (visibility): visibility not showing for per ns visibility by @achrefbensaad in #1237
New Contributors
- @sheharyaar made their first contribution in #899
- @Amishakumari544 made their first contribution in #1151
- @xiao-jay made their first contribution in #1166
- @zhy76 made their first contribution in #1161
- @legorie made their first contribution in #1086
- @AshokAccuknox made their first contribution in #1183
- @rahulk789 made their first contribution in #1195
- @Vyom-Yadav made their first contribution in #1205
- @Aryan-sharma11 made their first contribution in #1204
- @Prateeknandle made their first contribution in #1135
- @renovate made their first contribution in #1209
Full Changelog: v0.9.0...v0.10.0
Contributors
legorie, renovate, and 16 other contributors
Assets 9
v0.9.0
What's Changed
- fix(monitor): fix issue 1053 by @achrefbensaad in #1054
- docs(support-matrix): update support matrix by @rksharma95 in #1061
- fix(chore): build time printed during kubearmor startup by @saurabh3460 in #1067
- fix: handle bpf maps per container in crio by @daemon1024 in #1069
- Update maintainers list by @Ankurk99 in #1074
- support matrix update for ubuntu 16.04 by @VedRatan in #1073
- code(bpf): skip unwatched probes by @achrefbensaad in #1066
- CODEOWNERS FILE by @PrimalPimmy in #1075
- docs: Provides documentation on Kubearmor container visibility by @TheRealSibasishBehera in #1028
- fix(logs): Fix missing startup events & fix memory leak. by @achrefbensaad in #1068
- fix of make run command in self managed k8s env by @jatinagwal in #1085
- Replaced new .gitbook/fork_button.png file by @Chinwendu20 in #1095
- Use configmap for configuration handling by @s1ntaxe770r in #832
- docs(FAQ): add instructions for installing UEK R7 on OL 8.6 by @rksharma95 in #1076
- fix(core, common): handle error for closing io streams by @rksharma95 in #1098
- feat(monitor): mount/unmount syscall support by @rksharma95 in #1043
- fix(core, monitor, feeder): data races conditions by @rksharma95 in #884
- forced the protocol to lowercase in AppArmorProfile by @kanhaiya04 in #1092
- enforcer(bpf): fix panic during cleanup by @daemon1024 in #1100
- docs(support-matrix): update oke support as full support by @rksharma95 in #1072
- enforcer(bpf): automatically mount bpffs by @DelusionalOptimist in #1097
- Fix(pkg): build multi-arch controllers by @rksharma95 in #1103
- docs(support-matrix): Update Support Matrix for IBM Cloud by @rksharma95 in #1108
- Updated Support Matrix after testing kubearmor on AWS Graviton by Har… by @HariVamsiK in #1112
- docs: restructured support matrix by @nyrahul in #1117
- test case: Adding gingko tests for block posture by @PrimalPimmy in #1099
- fix(deployments): Update ClusterRole Rules by @rksharma95 in #1109
- fix(ci): Upgrade Init Container Dockerfile by @daemon1024 in #1127
- enhancement(bpf,enforcer): BPF LSM Path Hooks by @daemon1024 in #1116
- fix(monitor(bpf)): store full path from path_mknod by @daemon1024 in #1124
- fix(core, monitor): events getting lost/missing pod metadata by @DelusionalOptimist in #1125
- manifest: update default init container tag to stable by @daemon1024 in #1136
- enhancement(monitor): enable dropping events at the kernel level by @achrefbensaad in #1087
- manifest(deploy): do not enable Host Policy Enforcement by default by @daemon1024 in #1137
- revert to previous cosign release by @kranurag7 in #1138
- sign images with cosign 2.0 by @kranurag7 in #1140
New Contributors
- @saurabh3460 made their first contribution in #1067
- @VedRatan made their first contribution in #1073
- @TheRealSibasishBehera made their first contribution in #1028
- @jatinagwal made their first contribution in #1085
- @kanhaiya04 made their first contribution in #1092
- @HariVamsiK made their first contribution in #1112
Full Changelog: v0.8.0...v0.9.0
What is KubeArmor?
KubeArmor is a cloud-native runtime security policy enforcement system that restricts the behavior (such as process execution, file access, and networking operations) of pods, containers, and nodes (VMs) at the system level.
Contributors
nyrahul, PrimalPimmy, and 14 other contributors
Assets 9
v0.8.0
What's Changed
- fix(bpf): use helper function to read task file by @daemon1024 in #1008
- docs(support-matrix): update support matrix by @Ankurk99 in #999
- update workflows to remove deprecation warnings by @kranurag7 in #950
- update workflows to sign images by @kranurag7 in #956
- fix(CI_test): upgrade crio version by @rksharma95 in #1022
- docs(readme): updates for slack link by @nyrahul in #1023
- signing images patch-1 by @kranurag7 in #1021
- Added k8s test scenarios to ginkgo-based test framework by @rksharma95 in #778
- feat(CI): deprecate auto-testing-framework by @achrefbensaad in #1029
- refactor(Unit tests): refactore code and fix lint issues by @achrefbensaad in #1030
- refactor(kubearmor): refactor watchpolicies to use informers by @achrefbensaad in #1032
- fix(pkg): make selector a required field by @rksharma95 in #1033
- feat(apparmor): use apparmor as alert source by @achrefbensaad in #1027
- revert(CRD): Revert "Merge pull request #1033 from rksharma95/fix-policy-spec" by @achrefbensaad in #1034
- code changes(deployments/makegen): kubearmor apps bypass mutation by @achrefbensaad in #1035
- docs: Added detailed documentation by @nyrahul in #1036
- refactor(gitbook): Restructure git book by @achrefbensaad in #972
- docs: fix to a broken document link by @nyrahul in #1037
- code(kubearmor controller): kubearmor controller ignore kubearmor apps by @achrefbensaad in #1039
- Fixes lint issues by @vishal-chdhry in #1024
- feat: add clusterRole by @kranurag7 in #1026
- use recursive flag during signing by @kranurag7 in #1031
- fix(bug): fix bug #1038 by @achrefbensaad in #1044
- Fix(Monitor): change lock to rlock for readonly in pidmap by @achrefbensaad in #1046
- fix(monitor): array out of index bug by @achrefbensaad in #1048
- Revert "audit log matcher from kubearmor" by @achrefbensaad in #1052
New Contributors
- @vishal-chdhry made their first contribution in #1024
Full Changelog: v0.7.2...v0.8.0
Contributors
nyrahul, achrefbensaad, and 5 other contributors
Assets 9
v0.7.2
What's Changed
- fix(CRD): backport crd, enable optional selector by @achrefbensaad in #1000
- fix(controller): update KubeArmor Controller to remove nonessential controllers dependency by @Ankurk99 in #1001
- added ptrace system call to system monitor by @rksharma95 in #759
Full Changelog: v0.7.1...v0.7.2
Contributors
achrefbensaad, Ankurk99, and rksharma95