Skip to content

Releases: cilium/tetragon

Release v1.2.1

27 Nov 10:53
v1.2.1
Compare
Choose a tag to compare

Changes from v1.2.0 to v1.2.1

Bugfixes:

  • [backport/v1.2][bugfix] Fix clone event caching due to missing pod info
  • [v1.2] helm: Remove deprecated tetragon.skipCRDCreation value

Minor Changes:

  • tetragon: make eventCache number of retries and delays tunable.
  • tetragon: pod association: add a cache for deleted pods
  • Implement new regex filter type for parent process arguments.

Misc Changes:

  • Prepare for v1.2.0 release
  • helm: Set rthooks.podSecurityContext to empty by default
  • chore: update containers/common
  • [v1.2 backport] Memory optimizations: remove BTF and kallsyms caches
  • [backport/v1.2] Add support to dump processLRU
  • [backport/v1.2] Add support to exclude valid processes from dump processCache
  • Backports/v1.2: tetragon: probe_read usage may cause issues with newer kernels
  • Prepare for v1.2.1 release

What's Changed

  • [backport/v1.2][bugfix] Fix clone event caching due to missing pod info by @tpapagian in #2903
  • [v1.2] helm: Remove deprecated tetragon.skipCRDCreation value by @lambdanis in #2924
  • helm: Set rthooks.podSecurityContext to empty by default by @michi-covalent in #2934
  • v1.2 backports by @kkourt in #2958
  • chore: update containers/common by @kkourt in #3008
  • chore(deps): update docker.io/library/golang:1.22.6 docker digest to a632201 (v1.2) by @cilium-renovate in #3015
  • fix(deps): update module github.com/containers/common to v0.60.4 [security] (v1.2) by @cilium-renovate in #3014
  • chore(deps): update go to v1.22.8 (v1.2) (patch) by @cilium-renovate in #3017
  • chore(deps): update docker.io/library/alpine docker tag to v3.20.3 (v1.2) by @cilium-renovate in #3016
  • chore(deps): update docker.io/library/golang:1.22.8 docker digest to 0ca97f4 (v1.2) by @cilium-renovate in #3022
  • fix(deps): update module github.com/cilium/cilium to v1.15.10 [security] (v1.2) by @cilium-renovate in #3028
  • [v1.2 backport] Memory optimizations: remove BTF and kallsyms caches by @mtardy in #3036
  • [backport/v1.2] Add support to dump processLRU by @tpapagian in #3038
  • [backport/v1.2] Add support to exclude valid processes from dump processCache by @tpapagian in #3104
  • Backports/v1.2: tetragon: probe_read usage may cause issues with newer kernels by @kevsecurity in #3105
  • chore(deps): update docker.io/library/alpine:3.20.3 docker digest to 1e42bbe (v1.2) by @cilium-renovate in #3137
  • chore(deps): update go to v1.22.9 (v1.2) (patch) by @cilium-renovate in #3138
  • backports/v1.2: filters: implement parent_arguments_regex by @will-isovalent in #3157
  • Prepare for v1.2.1 release by @tpapagian in #3168

Full Changelog: v1.2.0...v1.2.1

v1.2.0

05 Sep 13:26
Compare
Choose a tag to compare

v1.2.0 Releases notes

Upgrade notes

Read the upgrade notes carefully before upgrading Tetragon.
Depending on your setup, changes listed here might require a manual intervention.

Helm Values

  • Tetragon container now uses the gRPC liveness probe by default. To continue using "tetra status" for liveness probe,
    specify tetragon.livenessProbe Helm value. For example:
tetragon:
  livenessProbe:
     timeoutSeconds: 60
     exec:
       command:
       - tetra
       - status
       - --server-address
       - "54321"
       - --retries
       - "5"
  • Deprecated tetragonOperator.skipCRDCreation Helm value is removed. Use crds.installMethod=none instead.

  • tetragon.ociHookSetup Helm value is deprecated. Use tetragon.rthooks instead.

Events (protobuf API)

  • Sensor managing methods have been deprecated:
    • ListSensors
    • EnableSensor
    • DisableSensor
    • RemoveSensor

Metrics

  • tetragon_policyfilter_metrics_total metric is renamed to tetragon_policyfilter_operations_total, and its op
    label is renamed to operation.
  • tetragon_missed_events_total metric is renamed to tetragon_bpf_missed_events_total.
  • Metrics related to ring buffer and events queue are renamed:
    • tetragon_ringbuf_perf_event_errors_total -> tetragon_observer_ringbuf_errors_total
    • tetragon_ringbuf_perf_event_received_total -> tetragon_observer_ringbuf_events_received_total
    • tetragon_ringbuf_perf_event_lost_total -> tetragon_observer_ringbuf_events_lost_total
    • tetragon_ringbuf_queue_received_total -> tetragon_observer_ringbuf_queue_events_received_total
    • tetragon_ringbuf_queue_lost_total -> tetragon_observer_ringbuf_queue_events_lost_total
  • tetragon_errors_total{type="process_cache_evicted"} metric is replaced by tetragon_process_cache_evicted_total.
  • tetragon_errors_total{type=~"process_cache_miss_on_get|process_cache_miss_on_remove"} metrics are replaced by
    tetragon_process_cache_misses_total{operation=~"get|remove"}.
  • tetragon_event_cache_<entry_type>_errors_total metrics are replaced by
    tetragon_event_cache_fetch_failures_total{entry_type="<entry_type>"}.
  • tetragon_event_cache_accesses_total metric is renamed to tetragon_event_cache_inserts_total.
  • tetragon_event_cache_retries_total metric is renamed to tetragon_event_cache_fetch_retries_total.
  • tetragon_errors_total{type="event_missing_process_info"} metric is replaced by
    tetragon_events_missing_process_info_total.
  • tetragon_errors_total{type="handler_error"} metric is removed. Use tetragon_handler_errors_total instead.

Major Changes:

Bugfixes:

  • bpf: use CORE for execve hook (#2399) by @kkourt
  • Don't create PodInfo if the pod is being deleted (#2431) by @michi-covalent
  • tetragon: allow namespaced and non-namespaced policies to have the same name (#2337) by @joshuajorel
  • operator: Don't start metrics server if Helm value tetragonOperator.prometheus.enabled is set to false. (#2484) by @yukinakanaka
  • enforcer: fix issue when using multiple calls with fmod_ret (#2524) by @kkourt
  • Reduce the kernel memory footprint (accounted by the cgroup memory controller) of the stack trace feature when unused. (#2546) by @mtardy
  • Reduce the kernel memory footprint (accounted by the cgroup memory controller) of the ratelimit feature when unused (around ~10MB per kprobe). (#2551) by @mtardy
  • Reduce the kernel memory footprint (accounted by the cgroup memory controller) of the fdinstall feature when unused (around ~11MB per kprobe). (#2563) by @mtardy
  • Do not increase the reference count when we cannot find a parent in kthreads. (#2620) by @tpapagian
  • Reduce the kernel memory footprint (accounted by the cgroup v2 memory controller) of the override feature when unused (around ~3MB per kprobe). (#2692) by @mtardy
  • Fix a bug related to the matchBinaries Prefix operator by increasing the buffer size used by our dentry walk. Now the matchBinaries Prefix operator can correctly trigger a match on any path above 255 chars. (#2764) by @mtardy
  • Fix a bug where the tetra getevents command would timeout even if the connection was successful. (#2765) by @mtardy
  • Fix missing cases in the compact encoder for tetra. (#2819) by @willfindlay
  • add support for pod association via cgroup id (#2776) by @kkourt
  • Allow disabling gRPC either by selecting 'enabled:false' in the helm chart or by passing an empty address to the agent (#2826) by @kkourt
  • Fix tetragon_process_cache_size metric (#2827) by @lambdanis

Minor Changes:

  • proc: set auid to -1 for generated kernel pid 0 (#2400) by @tixxdz
  • Wait for Tetragon's images exist before run test (#2401) by @Trung-DV
  • tetragon: Add cgroup rate support (#2177) by @olsajiri
  • oci-hook: allow users to set a list of namespace exceptions and define default (#2404) by @f1ko
  • test: fix TestTraceKernelModule test (#2433) by @tixxdz
  • tetragon: Add inline function macro (#2452) by @olsajiri
  • helm: Add tetragon.livenessProbe value (#2469) by @michi-covalent
  • tetragon: Use static funcs in few places (#2453) by @olsajiri
  • btf: print original error returned by ebpf btf.TypeByName() (#2458) by @tixxdz
  • tetragon: cache username lookups (#2448) by @tixxdz
  • helm: Remove deprecated tetragon.skipCRDCreation value (#2498) by @lambdanis
  • btf: take first entry on multiple btf validation (#2488) by @tixxdz
  • tetragon: Add LoadProgramOpts function (#2489) by @olsajiri
  • tetragon: Remove bpf_globals object (#2521) by @olsajiri
  • sensors: allow reporting policy status when loading/unloading sensors (#2506) by @kkourt
  • tetragon: Limit max entries of cgroup_rate_map when it's not used (#2555) by @olsajiri
  • tetragon: Factor the maps max entries setup (#2565) by @olsajiri
  • tetragon:username: use login name instead of display name (#2585) by @tixxdz
  • process:bpf: report euid as the process.uid (#2575) by @tixxdz
  • Implement an export filter to target parent process binary name. (#2607) by @willfindlay
  • tetragon: fail if --username-metadata receives invalid value (#2596) by @tixxdz
  • tetragon: resolve uid to username for exec events from /proc fs (#2588) by @tixxdz
  • cmd: Move metrics-docs out of tetra and refactor it (#2611) by @lambdanis
  • Reorg to factor mac entries setup and add a max entries test (#2587) by @olsajiri
  • tetragon: Add debug interface to track cgroups to workload/ns mappings (#2540) by @jrfastab
  • rthooks: support NRI (#2608) by @kkourt
  • helm, doc: Added debug Helm flag for the agent (#2622) by @PhilipSchmid
  • deprecate sensors gRPC API (#2630) by @kkourt
  • helm: Don't give operator permissions to create CRDs if not needed (#2326) by @itsCheithanya
  • store thread leader namespaces at fork and reduce false positives (#2695) by @tixxdz
  • tetragon: make resolving uid to username work with a processapi struct (#2705) by @tixxdz
  • tetra: LSM events compact print support (#2703) by @anfedotoff
  • tetragon: only allow single instance to run on a node (#2747) by @inliquid
  • tetragon: Factor loader tailcall setup (#2719) by @olsajiri
  • tracing: introduce FollowChildren attribute in MatchBinaries selector (#2720) by @kkourt
  • Add missed probes metrics (#1941) by @olsajiri
  • tetragon_policyfilter_metrics_total metric is renamed to tetragon_policyfilter_operations_total, and its op label is renamed to operation. (#2784) by @lambdanis
  • tetragon: persistent monitoring fixes (https://github.com/cilium/t...
Read more

Release v1.1.2

12 Jun 13:43
Compare
Choose a tag to compare

Upgrade notes for version v1.1.2

Helm

The default livenessProbe was changed to use a gRPC liveness probe instead of the tetra status
command.

Users can migrate to the old behavior by using a helm configuration such as:

   tetragon:
      livenessProbe:
         timeoutSeconds: 60
         exec:
           command:
           - tetra
           - status
           - --server-address
           - "54321"
           - --retries

Summary of changes

Bugfixes:

  • Don't create PodInfo if the pod is being deleted
  • [v1.1] backport: bpf: use CORE for execve hook
  • enforcer: fix issue when using multiple calls with fmod_ret

Minor Changes:

  • backports:1.1:tests: fix trace module testing
  • backports:1.1: uid username resolution support
  • helm: Add tetragon.livenessProbe value
  • backport:v1.1: btf: take first entry on multiple function matches

Misc Changes:

  • Prepare for v1.1.0 release
  • Use gRPC-based liveness probe instead of tetra status.
  • [v1.1] Introduce upgrade notes
  • Prepare for v1.1.1 release
  • [v1.1] Makefile: exclude api tags from version
  • v1.1: misc updates relating to release process
  • Prepare for v1.1.2 release

All PRs

  • fix(deps): update module k8s.io/kube-openapi to v0.0.0-20240430033511-f0e62f92d13f (v1.1) by @cilium-renovate in #2398
  • chore(deps): update dependency go to v1.22.2 (v1.1) by @cilium-renovate in #2394
  • chore(deps): update quay.io/lvh-images/kernel-images docker tag to bpf-next-20240501.013106 (v1.1) by @cilium-renovate in #2408
  • fix(deps): update module google.golang.org/protobuf to v1.34.1 (v1.1) by @cilium-renovate in #2411
  • fix(deps): update module github.com/sryoya/protorand to v0.0.0-20240429201223-e7440656b2a4 (v1.1) by @cilium-renovate in #2410
  • Don't create PodInfo if the pod is being deleted by @michi-covalent in #2435
  • backports:1.1:tests: fix trace module testing by @tixxdz in #2437
  • backports:1.1: uid username resolution support by @tixxdz in #2447
  • chore(deps): update docker.io/library/alpine docker tag to v3.20.0 (v1.1) by @cilium-renovate in #2466
  • helm: Add tetragon.livenessProbe value by @michi-covalent in #2471
  • [v1.1] backport: bpf: use CORE for execve hook by @kkourt in #2468
  • [backport/v1.1] Use gRPC-based liveness probe instead of tetra status by @tpapagian in #2480
  • [v1.1] Introduce upgrade notes by @lambdanis in #2499
  • backport:v1.1: btf: take first entry on multiple function matches by @tixxdz in #2504
  • chore(deps): update go to v1.22.4 (v1.1) (patch) by @cilium-renovate in #2513
  • [v1.1] enforcer backport by @kkourt in #2528
  • Prepare for v1.1.1 release by @kkourt in #2535
  • [v1.1] Makefile: exclude api tags from version by @kkourt in #2539
  • v1.1: misc updates relating to release process by @kkourt in #2537
  • Prepare for v1.1.2 release by @kkourt in #2543

Full Changelog: v1.1.0...v1.1.2

v1.1.0

29 Apr 14:44
Compare
Choose a tag to compare

Release notes

v1.1.0 release is here! Please consider upgrading. This edition adds some notable features including user space stack traces, the enforcer sensor to easily deny system calls, metrics improvements, and numerous other fixes and improvements. Before upgrading please review deprecated fields and metric updates to check for any changes here that may impact your upgrade.

As always huge thanks to all the contributors, especially the new contributors. Also we appreciate all the bug reports, features requests and feedback from the users. Keep it coming this helps everyone everything from reading docs and just hearing user stories is great. Reach out and file an issue or ping @jrfastab if you have any feedback.

Additionally I wanted to thank @dwindsor, @vparla and their colleagues for detailed bug reports (#2069) and identifying multiple issues that the team was able to fix/improve in this release. 🚀 See the commit list below for details.

Upgrade notes

Read the upgrade notes carefully before upgrading Tetragon.
Depending on your setup, changes listed here might require a manual intervention.

Helm Values

  • tetragonOperator.skipCRDCreation value is deprecated and will be removed. Use crds.installMethod=none instead.

TracingPolicy (k8s CRD)

  • The symbol field (string) in uprobe spec is replaced with symbols (array of strings). If using policies with uprobes, you need to replace the symbol field. (#1975) by @olsajiri
  • Killer is renamed to enforcer. If using policies with killers, you need to replace killers with enforcers and action: NotifyKiller with action: NotifyEnforcer. (#2117) by @olsajiri
  • To distinguish different stacktraces, kernel stacktraces are now enabled with kernelStackTrace policy field (renamed from stackTrace).

Events (protobuf API)

  • Deprecated pod.labels field is removed. Use pod.pod_labels instead. (#1848) by @michi-covalent
  • To distinguish different stacktraces, kernel stacktraces are now posted in kernel_stack_trace event field (renamed from stack_trace).

Metrics

  • Metrics related to monitoring BPF maps and userspace caches are fixed: (#1950) by @sadath-12
    • tetragon_map_drops_total is removed (it was duplicating tetragon_errors_total{type="process_cache_evicted"})
    • tetragon_map_in_use_gauge{map="eventcache"} is removed (event cache is not a BPF map)
    • tetragon_map_in_use_gauge{map="processLru"} is replaced with tetragon_process_cache_size (process cache is not a BPF map)
  • Metrics with known labels values are initialized to 0 on startup. (#2162) by @lambdanis
    This helps to ensure stable resources usage and metrics queries. This also involves changes in several metrics labels:
    • error_type label on tetragon_handler_errors_total metric is either "unknown_opcode" or "event_handler_failed" instead of the Go type of the error
    • event_type label on tetragon_event_cache*_errors_total metrics is one of the values defined in Tetragon API (tetragon.EventType) instead of the Go type of the event
    • error label on tetragon_event_cache_errors_total metric is "nil_process_pid"
    • error label is removed from tetragon_policyfilter_metrics_total metric
  • Metrics for map and cache sizes are improved: (#2291) by @lambdanis
    • tetragon_map_in_use_gauge metric is renamed to tetragon_map_entries and doesn't have total label anymore
    • New tetragon_map_capacity metric exposes the BPF maps capacity
    • New tetragon_event_cache_entries metric measures the event cache size
    • New tetragon_process_cache_size metric measures the process cache size
    • New tetragon_process_cache_capacity metric exposes the process cache capacity

New Contributors

Major Changes:

  • Tetragon oci hook setup (#1842) by @kkourt
  • tetragon: detect execve of anonymous binaries (#499) by @tixxdz
  • Introduce an export filter type for process capabilities. (#2107) by @willfindlay
  • Introduce redaction filters for censoring sensitive string data in process events. (#2243) by @willfindlay
  • tracing: add multi-link uprobe support (#1914) by @olsajiri
  • policyfilter: add a containerSelector that allows filtering policies by container name (#2231) by @BonySmoke
  • Support user mode stacktraces in events. To enable this feature, set userStackTrace: true in the policy Post action. (#2175) by @anfedotoff

Bugfixes:

  • Fix a segmentation fault related to filtering out pid information with field filters (#1700) by @willfindlay
  • Fix a number of segmentation faults related to field filters. (#1712) by @willfindlay
  • pkg/option: add metrics-label-filter flags (#1678) by @Jack-R-lantern
  • Do not add a new entry in the execve_map during clone events that we cannot find our parent. Additionally, return early on kernel threads. (#1708) by @tpapagian
  • Rework the matchBinaries selector implementation (#1731) by @mtardy
  • Fix a few bugs related to field filter configuration and significantly improve performance of field filters. (#1763) by @willfindlay
  • Fix a few bugs related to field filter configuration and significantly improve performance of field filters. (#1762) by @willfindlay
  • Fix an issue that caused Tetragon to hang when it encounters an error early on in its init phase. (#1770) by @willfindlay
  • Adds validation for sock and skb types (#1807) by @kevsecurity
  • Fixes prefix and postfix matching for strings longer than the prefix or postfix maximum length (#1806) by @kevsecurity
  • helm: Fix templating securityContext and tolerations (#1837) by @lambdanis
  • pkg/kernels: Fix large patch numbers (#1870) by @tpapagian
  • Fix a regression related to field filters that could cause top-level information to be missing from events. (#1882) by @willfindlay
  • bpf: unit tests and fixes for prepend_name function (#1902) by @mtardy
  • metrics: Do not return when we cannot find a _stats map (#1949) by @tpapagian
  • bpf: read and copy proc exe at execve for matchBinaries (#1926) by @mtardy
  • Dockerfile: bump bpftool revision to 7.3.0 (#1972) by @mtardy
  • Fix a hang when the event exporter fails to start. (#2119) by @willfindlay
  • tetra: avoid panic in the decoder (#2116) by @kkourt
  • Set events node_name field to the hostname in the standalone (non-k8s) mode. (#2123) by @lambdanis
  • policyfilter: fix issue in container fs scanning under cri-o (#2188) by @kkourt
  • metrics: Remove pod from the queue after deleting metrics (#2287) by @lambdanis
  • helm: Fix name and selector in operator ServiceMonitor (https://github.com/cilium/...
Read more

v1.0.3

08 Apr 17:56
Compare
Choose a tag to compare

What's Changed

  • chore(deps): update go (v1.0) by @cilium-renovate in #2021
  • chore(deps): update docker.io/library/golang:1.21.6-alpine docker digest to a6a7f1f (v1.0) by @cilium-renovate in #2036
  • backport/v1.0/: bugtool gops pprofheap by @tixxdz in #2037
  • chore(deps): update docker.io/library/alpine docker tag to v3.19.1 (v1.0) by @cilium-renovate in #2039
  • chore(deps): update docker.io/library/golang:1.21.6 docker digest to 7b575fe (v1.0) by @cilium-renovate in #2057
  • chore(deps): update go to v1.21.7 (v1.0) (patch) by @cilium-renovate in #2071
  • chore(deps): update go (v1.0) by @cilium-renovate in #2082
  • chore(deps): update docker.io/library/golang:1.21.7 docker digest to 549dd88 (v1.0) by @cilium-renovate in #2114
  • fix(deps): update module github.com/opencontainers/runc to v1.1.12 [security] (v1.0) by @cilium-renovate in #2120
  • backports/v1.0/2131 by @willfindlay in #2136
  • chore(deps): update module google.golang.org/protobuf to v1.33.0 [security] (v1.0) by @cilium-renovate in #2190
  • chore(deps): update go to v1.21.8 (v1.0) (patch) by @cilium-renovate in #2194
  • chore(deps): update docker.io/library/golang docker tag to v1.21.8 (v1.0) by @cilium-renovate in #2203
  • chore(deps): update docker.io/library/golang:1.21.8 docker digest to 8560736 (v1.0) by @cilium-renovate in #2216
  • chore(deps): update docker.io/library/golang:1.21.8-alpine docker digest to d7c6083 (v1.0) by @cilium-renovate in #2238
  • backports/willfindlay/1.0/redaction filters by @willfindlay in #2267
  • chore(deps): update go to v1.21.9 (v1.0) (patch) by @cilium-renovate in #2298
  • chore(deps): update module golang.org/x/net to v0.23.0 [security] (v1.0) by @cilium-renovate in #2297
  • chore(deps): update docker.io/library/golang docker tag to v1.21.9 (v1.0) by @cilium-renovate in #2307
  • Backport #2144 and #2167 to v1.0 branch by @michi-covalent in #2292
  • backports/1.0: exporter: fix hang when exporter fails to start by @willfindlay in #2314
  • Prepare for v1.0.3 release by @mtardy in #2254

Full Changelog: v1.0.2...v1.0.3

v1.0.2

17 Jan 22:08
v1.0.2
Compare
Choose a tag to compare

What's Changed

  • chore(deps): update docker.io/library/golang:1.21.5 docker digest to 2ff79bc (v1.0) by @cilium-renovate in #1898
  • fix(deps): update module github.com/containerd/containerd to v1.7.11 [security] (v1.0) by @cilium-renovate in #1905
  • chore(deps): update go (v1.0) by @cilium-renovate in #1913
  • chore(deps): update docker.io/library/golang docker tag to v1.21.6 (v1.0) by @cilium-renovate in #1969
  • v1.0 backport: bpf: fix bugs in the prepend_name function by @mtardy in #1956
  • chore(deps): update dependency go to v1.21.6 (v1.0) by @cilium-renovate in #1977
  • chore(deps): update docker.io/library/golang:1.21.6 docker digest to 5f5d61d (v1.0) by @cilium-renovate in #1989
  • tetragon: prepare for v1.0.2 release by @jrfastab in #1991

Full Changelog: v1.0.1...v1.0.2

v1.0.1

18 Dec 18:09
Compare
Choose a tag to compare

Release info

OSS PRs

Bugfixes:

  • Fix a regression related to field filters that could cause top-level information to be missing from events.
  • Fix a number of segmentation Add mappings for sock and skb types (bug fix).
  • Fix a few bugs related to field filter configuration and significantly improve performance of field filters.
  • backports/v1.0: helm: Fix templating securityContext and tolerations

Minor Changes:

  • backports/v1.0: Add a metric to provide per-event missed events

Dependency updates:

  • chore(deps): update docker.io/library/golang docker tag to v1.21.5 (v1.0)
  • chore(deps): update go (v1.0)
  • chore(deps): update docker.io/library/alpine docker tag to v3.18.5 (v1.0)
  • chore(deps): update docker.io/library/golang:1.21.4 docker digest to 9baee0e (v1.0)
  • chore(deps): update go to v1.21.4 (v1.0) (patch)
  • chore(deps): update docker.io/library/golang docker tag to v1.21.4 (v1.0)
  • chore(deps): update docker.io/library/alpine docker tag to v3.19.0 (v1.0)
  • chore(deps): update docker.io/library/golang:1.21.4-alpine docker digest to 70afe55 (v1.0)

What's Changed

  • backports/v1.0: Add a metric to provide per-event missed events by @tpapagian in #1702
  • filters/fields: do a deep copy before filtering by @willfindlay in #1726
  • chore(deps): update go to v1.21.4 (v1.0) (patch) by @cilium-renovate in #1747
  • chore(deps): update docker.io/library/golang docker tag to v1.21.4 (v1.0) by @cilium-renovate in #1757
  • Backports/v1.0/1762 by @willfindlay in #1763
  • chore(deps): update docker.io/library/golang:1.21.4 docker digest to 9baee0e (v1.0) by @cilium-renovate in #1746
  • chore(deps): update docker.io/library/alpine docker tag to v3.18.5 (v1.0) by @cilium-renovate in #1826
  • chore(deps): update docker.io/library/golang:1.21.4-alpine docker digest to 70afe55 (v1.0) by @cilium-renovate in #1825
  • Backports/v1.0/string match fixes by @kevsecurity in #1819
  • backports/v1.0: helm: Fix templating securityContext and tolerations by @lambdanis in #1841
  • chore(deps): update docker.io/library/golang docker tag to v1.21.5 (v1.0) by @cilium-renovate in #1851
  • chore(deps): update docker.io/library/alpine docker tag to v3.19.0 (v1.0) by @cilium-renovate in #1864
  • chore(deps): update go (v1.0) by @cilium-renovate in #1869
  • backports/v1.0: fieldfilters: fix regression with missing top-level info and add test by @willfindlay in #1883
  • Prepare for v1.0.1 release by @kkourt in #1885

Full Changelog: v1.0.0...v1.0.1

v1.0.0

01 Nov 09:11
Compare
Choose a tag to compare

Changes

Breaking Changes:

  • export: switch to default permissions on exported JSON to 0600. (#1575) by @tixxdz

Major Changes:

  • tetragon: build arm64 tarball (#1484) by @tixxdz
  • tetragon:process_exec: display uids/gids credentials and detect privileged execution (#1296) by @tixxdz
  • Add a new kernel stack traces alpha feature to kprobes events. (#1429) by @mtardy
  • api: add a policy_name field to kprobe, tracepoint and uprobe events (#1574) by @mtardy
  • tetragon: Add killer sensor (#1205) by @olsajiri
  • helm: Set the feature that implements Namespaced policies and Pod label filters on by default (#1647) by @kkourt

Bugfixes:

  • Use a message copy to apply fieldFilters in exec events (#1432) by @tpapagian
  • bpf: fix verification error in bpf_execve_event (#1454) by @kkourt
  • Add complete k8s object validation and defaults on standalone (#1521) by @mtardy
  • tetragon: fix crash in kprobe validation (#1551) by @olsajiri
  • bugfix: Use shared string maps in kprobe-multi (#1582) by @tpapagian
  • bpf: fix policyfilter issue for existing processes (#1590) by @kkourt
  • Fixes a regression on enable/disable sensors that would prevent a sensor from being enabled. (#1562) by @mtardy
  • helm: Fix selector labels for the operator deployment (#1644) by @michi-covalent

Minor Changes:

  • pkg/metrics: add common go&gRPC prometheus metrics (#1416) by @Jack-R-lantern
  • tetragon: Adding lists documentation (#1401) by @olsajiri
  • tetragon-oci-hook: fix issue for containerd (#1375) by @kkourt
  • tetragon: Add buffer between perf reader and events processing code (#593) by @olsajiri
  • helm: update livenessProbe to retry 5 times before failing (#1407) by @willfindlay
  • Convert string and char_buf matches to hash look ups (#1408) by @kevsecurity
  • tetragon: Add metric to report rate limited events (#1453) by @jrfastab
  • tetragon: trace kernel modules operations (#1390) by @tixxdz
  • helm: Allow multiple installations of the Tetragon Helm chart (#1400) by @ashishkurmi
  • Controller for the Pod Info Custom Resource (#1410) by @prateek041
  • doc: add arm64 tarball install (#1496) by @tixxdz
  • tetragon: improve how we handle TIDs and GetProcessCopy() (#1256) by @tixxdz
  • Add IPv6 support to BPF rate limit (#1458) by @kevsecurity
  • cmd: Remove deprecated --config-file flag (#1498) by @lambdanis
  • metrics: report metric errors when caching pids (#1502) by @tixxdz
  • tracing: check for empty returnArg (#1515) by @kkourt
  • tetragon: Hook exit sensor on acct_process (#1509) by @olsajiri
  • metrics: Add metrics label filter configuration (#1444) by @nap32
  • tetragon: Several observer related cleanups (#1525) by @olsajiri
  • Collect tetragon_map_in_use_gauge and tetragon_map_errors_total metrics directly from BPF maps at the scrape time. Expose the tetragon_map_errors_total metrics as a counter instead of a gauge. (#1510) by @lambdanis
  • tetragon: Remove sensors on exit not programs (#1514) by @olsajiri
  • imagePullPolicy for the operator deployment can be set in tetragonOperator.image.pullPolicy Helm value and defaults to IfNotPresent. (#1544) by @lambdanis
  • Implement the ability to filter on event types in the getevents CLI. (#1549) by @darox
  • bpf: read the task real parent (#1559) by @tixxdz
  • Expose an interface for defining metrics with configurable labels. (#1548) by @lambdanis
  • tetragon: Allow to specify rb-* size options with size suffix (#1593) by @olsajiri
  • ci:tarball-release: remove unnecessary step about installing go (#1601) by @tixxdz
  • ci: add login-action to docker hub (#1602) by @tixxdz
  • tetragon: Add helper scripts for stats benchmarks (#1583) by @olsajiri
  • systemd fixes (#1636) by @tixxdz
  • helm: add service monitor scrape interval config (#1638) by @Jack-R-lantern
  • doc: update tetragon daemon flags (#1662) by @tixxdz
  • tetragon: Cleanup tgids array before another round of events iteration (#1581) by @olsajiri
  • Introduce startup logic to check userspace and BPF struct alignment, and exit with an error message if we detect a mismatch. (#1650) by @willfindlay
  • tetragon: Add support to pass options through spec (#1626) by @olsajiri
  • helm: add PROCESS_TRACEPOINT to exported events (#1684) by @kkourt

CI Changes:

Documentation changes:

Read more

v1.0.0-rc.2

29 May 13:22
Compare
Choose a tag to compare
v1.0.0-rc.2 Pre-release
Pre-release

Note for maintainers:: Please update the description with the actual release notes (see RELEASE.md for instructions).

v1.0.0-rc.1

29 May 13:25
Compare
Choose a tag to compare
v1.0.0-rc.1 Pre-release
Pre-release

Note for maintainers:: Please update the description with the actual release notes (see RELEASE.md for instructions).