github cilium/tetragon v1.6.0-rc.1
on GitHub

latest releases: v1.6.0, v1.7.0-pre.0, api/v1.6.0...
pre-releaseone day ago

Changes from v1.6.0-pre.0 to v1.6.0-rc.1

total: 280 commits, prs: 107 pr commits: 280

Bugfixes

  • Fix bug in process modeling where long executable filenames may cause command-line argument capture corruption.
  • helm: Quote tetragon.processAncestors.enabled
  • selectors: Ignore empty matchBinaries
  • pkg/cgroups/fsscan: fix incorrect path returned
  • pkg/crdutils: fix standalone custom resources validation
  • selectors: fix off by one bounds check

Minor Changes

  • option: Remove deprecated enable-process-ancestors boolean flags
  • tetragon: Enable TestTracepointLoadFormat on 6.1 and bpf-next
  • More robust process argument parsing logic.
  • tetragon: Add usdt sensor
  • tetragon: Change generic usdt op number
  • k8s: Enable k8s control plane for non-k8s deployment
  • tetragon: assorted fixes
  • fix: reject NotifyEnforcer kprobe action without an Enforcer
  • tetragon: Make TestUsdtArgs amd64 only
  • fix: detectUprobeRefCtrOffsetOnce init logic
  • bpf: turn environment configuration storage into a BPF ARRAY storage
  • new(tetra/getevents): allow to filter events by container name regex.
  • assorted fixes
  • api: Add pod uid field for k8s Pod
  • k8s: Reduce RBAC permission for non-k8s deployment
  • tetragon: support for current task data
  • tetragon: add usdt action support
  • tracingpolicy: add counters about actions performed for every policy
  • helm: run the Tetragon operator as non-root by default
  • tetra: add "probe config" command to check kernel configuration.
  • tetragon: allow to parse usdt sib argument
  • tetragon: Fix TestControllerSuite flake panic
  • tetragon: Fix struct perf_event_info_type layout
  • kprobe: Add support for bpf_prog argument
  • tetragon: add range filter
  • tetragon: Fix k8s validation of ArgSelector fields
  • Adds support for bpf ring buffer and sets that as the default from kernels v5.11 onwards.
  • k8s: Add retry support for ControllerManager
  • feat: add nameOverride support for tetragon-rthooks
  • tetragon: remove unused execve event flags bits
  • fix: Controller manager retry logic
  • tetragon: add support for usdt set action
  • tetragon: assorted fixes
  • Helm chart: add support for export.stdout.envFromSecrets to inject environment variables from Kubernetes secrets
  • tetragon: uprobe fixes
  • Dockerfile.clang: upgrade to clang-20
  • tetragon: assorted fixes
  • policies: support for resolve: in USDT policies
  • tetragon: add uprobe override action
  • tetragon: Add missing switch break to do_action

CI Changes

  • renovate: Remove manual step for cilium/cilium dep
  • ci: Re-enable label checker in ARM
  • fix: Resolve error message typo in TestHelperMain().
  • pin alexellis/arkade-get github action by hash
  • renovate: sync helm chart version/appVersion update with image tag
  • chore(ci): always use actions/setup-go after repo clone.
  • Makefile alias for docs generation and renovate config update
  • Makefile: add checkpatch target
  • Fix flaky downloads of eBPF for Windows deps
  • ci: always upload Go test artifacts for easier debugging
  • check-links: fix the periodic check issue creation

Documentation changes

  • Update tetragon enteprise URL
  • Fix a typo in kubectl in the runtime hook documentation
  • docs: improve path retrieval limits formatting
  • docs: Fix swapped event filters descriptions
  • docs: fix the yaml indent in selector semantics
  • Adds Tracing Policy API reference documentation
  • doc: add contribution ladder section
  • Chore: Add KubeCon NA 2025 to Announcement banner
  • docs: fix broken link in docs detected by the periodic check
  • ARM64 users: Tetragon may run on v4.19/v5.4 kernels with limited functionality; use v5.10 or later.

Dependency updates

  • chore(deps): update all lvh-images main (main) (patch)

Misc Changes

  • Starting v1.6 development
  • Restore upgrade notes in v1.5.0.md
  • bpf: remove unused func UpdateElementFromPointers
  • fix: Refactor SIZEOF_EVENT constant to not be a hard-coded value.
  • rthooks: Log container ID as a key-value pair
  • Update release template
  • lint: Ignore error check for cgroups.DiscoverSubSysIds call
  • deps: remove direct gopkg.in/yaml.v2 dep
  • fix: Remove unused constants from bpf/lib/process.h
  • e2e: Remove Cilium related flags
  • USDT ancestors support
  • pkg/cgroups/fsscan: add FindPodPath
  • contrib: Remove Vagrantfile and related docs
  • chore: Update goimport config with local-prefixes for consistency
  • helm: Add 'containers.extra' helper function
  • renovate: Allow go 1.24 for v1.3 branch
  • linters/staticcheck: fix underscore in names
  • helm: Add a Role for tetragon service account
  • Optimize Kprobe Rate Limit Test Performance
  • pkg/sensors: initialize RewriteConstant map in builder
  • new(cmd/tetra,pkg/bugtool): allow to extend bugtool with custom commands and grpc calls.
  • FindProgramFileUnderLocations: error logging
  • policy_stats: use the map only for policy sensors
  • k8s: Add alias for getting k8s config
  • bpf: additional errmetrics
  • chore(bpf, pkg/errmetrics): some probe_read() bpf errmetrics
  • policies: only warn once for stats and mode
  • pkg/errmetrics: expose error metrics via Prometheus metrics
  • k8s: Avoid hard coded CRD.spec.group
  • fix: always close the bpf link in detectKprobeMulti before returning
  • observer: deal with empty data in HandlePerfData
  • tetragon: assorted fixes
  • tetragon: testutils service both perf and bpf ring
  • cleanup: remove old build constraint syntax
  • pkg/asm: fuzz Assignment func parsing strings
  • new(tests/e2e): add a metrics checker on e2e tests.
  • fix(bpf/process): fix some missing break statements.
  • fix(bpf): force explicit switch case fallthrough
  • Prepare for v1.6.0-rc.1 release
Check out latest releases or
releases around cilium/tetragon v1.6.0-rc.1

Don't miss a new tetragon release

NewReleases is sending notifications on new releases.

Get notifications