cilium/tetragon v1.0.0 on GitHub

Changes

Breaking Changes:

export: switch to default permissions on exported JSON to 0600. (#1575) by @tixxdz

Major Changes:

tetragon: build arm64 tarball (#1484) by @tixxdz
tetragon:process_exec: display uids/gids credentials and detect privileged execution (#1296) by @tixxdz
Add a new kernel stack traces alpha feature to kprobes events. (#1429) by @mtardy
api: add a policy_name field to kprobe, tracepoint and uprobe events (#1574) by @mtardy
tetragon: Add killer sensor (#1205) by @olsajiri
helm: Set the feature that implements Namespaced policies and Pod label filters on by default (#1647) by @kkourt

Bugfixes:

Use a message copy to apply fieldFilters in exec events (#1432) by @tpapagian
bpf: fix verification error in bpf_execve_event (#1454) by @kkourt
Add complete k8s object validation and defaults on standalone (#1521) by @mtardy
tetragon: fix crash in kprobe validation (#1551) by @olsajiri
bugfix: Use shared string maps in kprobe-multi (#1582) by @tpapagian
bpf: fix policyfilter issue for existing processes (#1590) by @kkourt
Fixes a regression on enable/disable sensors that would prevent a sensor from being enabled. (#1562) by @mtardy
helm: Fix selector labels for the operator deployment (#1644) by @michi-covalent

Minor Changes:

pkg/metrics: add common go&gRPC prometheus metrics (#1416) by @Jack-R-lantern
tetragon: Adding lists documentation (#1401) by @olsajiri
tetragon-oci-hook: fix issue for containerd (#1375) by @kkourt
tetragon: Add buffer between perf reader and events processing code (#593) by @olsajiri
helm: update livenessProbe to retry 5 times before failing (#1407) by @willfindlay
Convert string and char_buf matches to hash look ups (#1408) by @kevsecurity
tetragon: Add metric to report rate limited events (#1453) by @jrfastab
tetragon: trace kernel modules operations (#1390) by @tixxdz
helm: Allow multiple installations of the Tetragon Helm chart (#1400) by @ashishkurmi
Controller for the Pod Info Custom Resource (#1410) by @prateek041
doc: add arm64 tarball install (#1496) by @tixxdz
tetragon: improve how we handle TIDs and GetProcessCopy() (#1256) by @tixxdz
Add IPv6 support to BPF rate limit (#1458) by @kevsecurity
cmd: Remove deprecated --config-file flag (#1498) by @lambdanis
metrics: report metric errors when caching pids (#1502) by @tixxdz
tracing: check for empty returnArg (#1515) by @kkourt
tetragon: Hook exit sensor on acct_process (#1509) by @olsajiri
metrics: Add metrics label filter configuration (#1444) by @nap32
tetragon: Several observer related cleanups (#1525) by @olsajiri
Collect tetragon_map_in_use_gauge and tetragon_map_errors_total metrics directly from BPF maps at the scrape time. Expose the tetragon_map_errors_total metrics as a counter instead of a gauge. (#1510) by @lambdanis
tetragon: Remove sensors on exit not programs (#1514) by @olsajiri
imagePullPolicy for the operator deployment can be set in tetragonOperator.image.pullPolicy Helm value and defaults to IfNotPresent. (#1544) by @lambdanis
Implement the ability to filter on event types in the getevents CLI. (#1549) by @darox
bpf: read the task real parent (#1559) by @tixxdz
Expose an interface for defining metrics with configurable labels. (#1548) by @lambdanis
tetragon: Allow to specify rb-* size options with size suffix (#1593) by @olsajiri
ci:tarball-release: remove unnecessary step about installing go (#1601) by @tixxdz
ci: add login-action to docker hub (#1602) by @tixxdz
tetragon: Add helper scripts for stats benchmarks (#1583) by @olsajiri
systemd fixes (#1636) by @tixxdz
helm: add service monitor scrape interval config (#1638) by @Jack-R-lantern
doc: update tetragon daemon flags (#1662) by @tixxdz
tetragon: Cleanup tgids array before another round of events iteration (#1581) by @olsajiri
Introduce startup logic to check userspace and BPF struct alignment, and exit with an error message if we detect a mismatch. (#1650) by @willfindlay
tetragon: Add support to pass options through spec (#1626) by @olsajiri
helm: add PROCESS_TRACEPOINT to exported events (#1684) by @kkourt

CI Changes:

CODEOWNERS: multiple fixes and move file in .github (#1449) by @mtardy
renovate: add release-note/dependency label to PRs (#1435) by @mtardy
renovate: rename correctly the lvh image name in config (#1474) by @mtardy
lvh: allow renovate to update kernel images instead of using main (#1470) by @mtardy
renovate: add both lvh-images/kind and kernel-images (#1476) by @mtardy
Dockerfile.clang: Don't pin clang patch version (#1530) by @michi-covalent
renovate: Monitor kubernetes-sigs/bom (#1526) by @michi-covalent
packages-e2e-tests: Don't fail fast (#1532) by @michi-covalent
Fix build-images-releases.yml (#1542) by @michi-covalent
Use 'go install' to install bom (#1534) by @michi-covalent
setup-go: Get Go version from go.mod (#1536) by @michi-covalent
build-images-releases.yml: Fix indentation (#1543) by @michi-covalent
event checker: Don't use the word "failure" for pending checks (#1550) by @michi-covalent
Renovate: Ignore digest updates for k8s dependencies (#1557) by @lambdanis
vendor: Pick up github.com/cilium/cilium v1.15.0-pre.1 (#1553) by @michi-covalent
renovate: fix renovate upgrade of Go toolchain (#1579) by @mtardy
renovate: fix the way we manually install Go inside the runner (#1584) by @mtardy
renovate: enable automerge for pin/pinDigest and patch (#1587) by @mtardy
ci: minor refactor to build-images job (#1611) by @willfindlay
Add veristat in the CI (#1610) by @mtardy
gh/vmtests: add 6.1 kernel (#1628) by @kkourt
ci: fix CI for external contributors (#1649) by @willfindlay
vmtests: bump timeout and start multiple job for builds (#1671) by @mtardy
gh: update cosign installer (#1687) by @kkourt
gh: use cosign sign -y (#1689) by @kkourt
ci: check docs links fixes and configuration (#1692) by @mtardy

Documentation changes:

docs: document kernel version and requirement (#1443) by @tixxdz
docs: fix link in README and remove unreliable link to busybox (#1463) by @mtardy
docs(tracing-policy) - Grammar and punctuation (#1480) by @jbiggley
docs: fixes anchor links (#1516) by @prosazhin
Doc: Tetragon metrics (#1495) by @prateek041
tetragon: docs, copy Cilium style k8s install (#1561) by @jrfastab
docs: Fix links to policy YAML files (#1614) by @michi-covalent
tetragon: docs, minor updates to metrics concepts (#1617) by @jrfastab
tetragon: doc cleanup and fixes (#1615) by @jrfastab
docs: tracing policy concept updates (#1621) by @kkourt
tetragon: docs, trnasform events into single page (#1616) by @jrfastab
tetragon: for now drop benchmark section (#1631) by @jrfastab
doc: replace dead links in README.md (#1657) by @paularah
docs: Typo TOCTU -> TOCTOU (#1663) by @mauriciovasquezbernal
docs: update enforcement page (#1630) by @kkourt
Update the logo in the README (and small fixes) (#1670) by @mtardy
docs: update tetragon logos in docs where necessary (#1658) by @hacktivist123
Update the Star Wars demo app URL (#1677) by @michi-covalent
tetragon: docs, minor updates to metrics concepts (#1624) by @jrfastab
doc: Add intructions on how to create EKS and AKS clusters (#1686) by @tpapagian
doc updates (#1664) by @kkourt
Minor docs changes for 1.0 messaging (#1673) by @hacktivist123
tetragon: Add policy library section (#1679) by @jrfastab

Dependency updates:

fix(deps): update module google.golang.org/grpc to v1.58.0 (#1448) by @cilium-renovate[bot]
chore(deps): update module github.com/cyphar/filepath-securejoin to v0.2.4 [security] (#1439) by @cilium-renovate[bot]
chore(deps): update go to v1.20.8 (patch) (#1446) by @cilium-renovate[bot]
fix(deps): update kubernetes packages to v0.27.6 (patch) (#1472) by @cilium-renovate[bot]
fix(deps): update module github.com/cilium/cilium to v1.14.2 (#1473) by @cilium-renovate[bot]
fix(deps): update all go dependencies main (patch) (#1471) by @cilium-renovate[bot]
fix(deps): update module google.golang.org/grpc to v1.58.1 (#1483) by @cilium-renovate[bot]
chore(deps): update all lvh-images main (patch) (#1475) by @cilium-renovate[bot]
fix(deps): update module sigs.k8s.io/controller-runtime to v0.15.2 (#1487) by @cilium-renovate[bot]
chore(deps): update quay.io/lvh-images/kernel-images docker tag to bpf-next-20230920.012553 (#1486) by @cilium-renovate[bot]
chore(deps): update all lvh-images main (patch) (#1508) by @cilium-renovate[bot]
fix(deps): update module google.golang.org/grpc to v1.58.2 (#1482) by @cilium-renovate[bot]
fix(deps): update module github.com/prometheus/client_golang to v1.17.0 (#1519) by @cilium-renovate[bot]
chore(deps): update go to v1.21.1 (minor) (#1344) by @cilium-renovate[bot]
chore(deps): update all github action dependencies (#1523) by @cilium-renovate[bot]
fix(deps): update all go dependencies main (patch) (#1518) by @cilium-renovate[bot]
chore(deps): update docker.io/library/alpine docker tag to v3.18.4 (#1528) by @cilium-renovate[bot]
fix(deps): update module github.com/hashicorp/golang-lru/v2 to v2.0.7 (#1538) by @cilium-renovate[bot]
chore(deps): update all github action dependencies to v3 (major) (#1546) by @cilium-renovate[bot]
chore(deps): update docker/build-push-action action to v5 (#1547) by @cilium-renovate[bot]
chore(deps): update actions/upload-pages-artifact action to v2 (#1545) by @cilium-renovate[bot]
chore(deps): update docker.io/library/golang:1.21.1-alpine docker digest to 1c9cc94 (#1527) by @cilium-renovate[bot]
chore(deps): update actions/checkout action to v4 (#1529) by @cilium-renovate[bot]
chore(deps): update all lvh-images main (patch) (#1537) by @cilium-renovate[bot]
chore(deps): update module github.com/cyphar/filepath-securejoin to v0.2.4 [security] (#1552) by @cilium-renovate[bot]
fix(deps): update module github.com/prometheus/client_model to v0.5.0 (#1564) by @cilium-renovate[bot]
chore(deps): update go to v1.21.2 (patch) (#1563) by @cilium-renovate[bot]
fix(deps): update kubernetes packages to v0.28.2 (patch) (#1569) by @cilium-renovate[bot]
fix(deps): update module golang.org/x/sys to v0.13.0 (#1566) by @cilium-renovate[bot]
fix(deps): update module golang.org/x/sync to v0.4.0 (#1565) by @cilium-renovate[bot]
fix(deps): update all go dependencies main (#1372) by @cilium-renovate[bot]
fix(deps): update all go dependencies main (patch) (#1571) by @cilium-renovate[bot]
chore(deps): update module golang.org/x/net to v0.17.0 [security] (#1585) by @cilium-renovate[bot]
fix(deps): update module github.com/spf13/viper to v1.17.0 (#1572) by @cilium-renovate[bot]
fix(deps): update module github.com/google/go-cmp to v0.6.0 (#1578) by @cilium-renovate[bot]
chore(deps): update quay.io/lvh-images/kernel-images docker tag to bpf-next-20231010.012608 (#1568) by @cilium-renovate[bot]
fix(deps): update module google.golang.org/grpc to v1.58.3 (#1596) by @cilium-renovate[bot]
chore(deps): update all lvh-images main (patch) (#1599) by @cilium-renovate[bot]
fix(deps): update module github.com/cilium/ebpf to v0.12.0 (#1600) by @cilium-renovate[bot]
chore(deps): update go to v1.21.3 (patch) (#1577) by @cilium-renovate[bot]
fix(deps): update kubernetes packages to v0.28.3 (patch) (#1619) by @cilium-renovate[bot]
fix(deps): update module google.golang.org/grpc to v1.59.0 (#1642) by @cilium-renovate[bot]
chore(deps): update all lvh-images main (patch) (#1634) by @cilium-renovate[bot]
fix(deps): update all go dependencies main (patch) (#1635) by @cilium-renovate[bot]
chore(deps): update docker.io/golangci/golangci-lint docker tag to v1.55.0 (#1641) by @cilium-renovate[bot]
chore(deps): update docker.io/golangci/golangci-lint docker tag to v1.55.1 (#1669) by @cilium-renovate[bot]
fix(deps): update module github.com/containerd/containerd to v1.7.8 (#1675) by @cilium-renovate[bot]
chore(deps): update all lvh-images main (patch) (#1668) by @cilium-renovate[bot]
fix(deps): update module github.com/google/uuid to v1.4.0 (#1676) by @cilium-renovate[bot]

Misc Changes:

Starting 0.12 development (#1413) by @tpapagian
Fixes in the release template (#1415) by @tpapagian
docs: fix footer (#1404) by @kkourt
Remove cilium-bpf configuration parameter (#1426) by @michi-covalent
Modify Operator cluster role (#1440) by @prateek041
observer_test_helper: make helpers generic over TB (#1437) by @willfindlay
Update module github.com/pelletier/go-toml/v2 to v2.1.0 (#1456) by @tpapagian
Small fixes in example tracing policies (#1465) by @tpapagian
Refactor files under operator directory (#1459) by @michi-covalent
Move CustomResourceDefinitionSchemaVersion to a separate file (#1468) by @michi-covalent
Revert "Update module github.com/pelletier/go-toml/v2 to v2.1.0" (#1462) by @mtardy
k8s: Generate PodInfo client (#1479) by @michi-covalent
watcher: Implement FindPodInfoByIP (#1491) by @michi-covalent
operator: Call crd.RegisterCRDs() from operator deployment (#1492) by @michi-covalent
podinfo: Populate workload info (#1493) by @michi-covalent
api: Add workload_kind field to Pod message (#1499) by @michi-covalent
helm: Don't create operator ClusterRoleBinding if podWatcher is disabled (#1500) by @lambdanis
bpf: add DEBUG() macro (#1494) by @willfindlay
operator: Clean up Helm values (#1501) by @michi-covalent
tetragon: Add bench_reader application (#1512) by @olsajiri
podinfo: Set Spec.HostNetwork field (#1511) by @michi-covalent
corrected example description for file monitoring policy (#1520) by @saintdle
check if procfs is the actual host procfs (#1417) by @kkourt
Remove tetragon.enableCiliumAPI option (#1541) by @michi-covalent
proc_reader: avoid warning for pid=0 (#1554) by @kkourt
tetragon: Fix lists validation (#1469) by @olsajiri
Use Go stdlib instead of golang.org/x/exp (#1560) by @lambdanis
Reorganize code under pkg/metrics. There are no functional changes, but it's a breaking change for developers. (#1531) by @lambdanis
Remove the "operator" init container (#1558) by @michi-covalent
Reconstruct BTF types more accurately in getKernelType (#1488) by @cpaplham
CRD handling refactor (#1576) by @kkourt
refactor: Move flags.go to pkg/option (#1589) by @michi-covalent
alignchecker: refactor into single gotest (#1588) by @willfindlay
pkg/metrics: remove use of x/exp/slices and use stdlib slices (#1592) by @mtardy
custom event handling (#1594) by @kkourt
prepare rc (#1607) by @kkourt
Move flag initialization to a separate function (#1605) by @michi-covalent
vendor: fix cilium/tetragon replacement in api (#1612) by @willfindlay
tetra policyfilter command (#1639) by @kkourt
tetragon: Add support to override security_ functions (#1609) by @olsajiri
Prepare for v1.0.0-rc2 release (#1655) by @kkourt
Prepare for v1.0.0-rc.2 release (#1659) by @kkourt
Prepare for v1.0.0-rc.3 release (#1661) by @mtardy
Prepare for v1.0.0-rc.4 release (#1681) by @kkourt
Prepare for v1.0.0-rc.5 release (#1691) by @kkourt
ci: fix branch name (#1613) by @willfindlay
bpf: Dual-license code as GPL 2.0 and 2-Clause BSD (#1648) by @kkourt
Prepare for v1.0.0 release (#1698) by @kkourt

Other Changes:

fix(deps): update kubernetes packages to v0.27.5 (patch) (#1397) by @cilium-renovate[bot]
fix(deps): update all go dependencies main (patch) (#1396) by @cilium-renovate[bot]
fix(deps): update module golang.org/x/sys to v0.12.0 (#1424) by @cilium-renovate[bot]
README: simplify the README to refer to the documentation (#1380) by @mtardy
fix(deps): update module github.com/google/cel-go to v0.18.0 (#1423) by @cilium-renovate[bot]
fix typo error (#1651) by @crazy-canux
build-images-ci: fix GH action (#1688) by @kkourt
tetragon: docs, fix modules policy library CRD link (#1696) by @jrfastab

New Contributors

@Jack-R-lantern made their first contribution in #1416
@jbiggley made their first contribution in #1480
@prosazhin made their first contribution in #1516
@nap32 made their first contribution in #1444
@darox made their first contribution in #1549
@cpaplham made their first contribution in #1488
@crazy-canux made their first contribution in #1651
@paularah made their first contribution in #1657
@mauriciovasquezbernal made their first contribution in #1663
@hacktivist123 made their first contribution in #1658

Full Changelog: v0.11.0...v1.0.0