Welcome to the first release of the seccomp-operator, we hope you enjoy this release as much as we do! The initial set of features can be found in our documentation. 🥳
To install the operator, simply run:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/seccomp-operator/v0.1.0/deploy/operator.yaml
Feel free to provide us any kind of feedback in the official Kubernetes Slack #seccomp-operator channel.
Changes by Kind
Feature
- Added
version,vsubcommand and CLI parser (--versionworks too now) (#20, @saschagrunert) - Added ability to restrict seccomp-operator to watch config maps in a single namespace (#94, @hasheddan)
- Added basic seccomp profile validation before syncing them on disk (#72, @saschagrunert)
- Added default operator profiles to the deployment. For now we added an nginx:1.19.1 profile (#54, @saschagrunert)
- Added manifest for deploying operator to watch for profile ConfigMaps in a single namespace. (#100, @hasheddan)
- Added new
seccompProfilefield toexamples/pod.yaml, which can be used for Kubernetes releases > v1.19.0 (#90, @saschagrunert) - Added support for seccomp operator in master nodes (#95, @pjbgf)
- Do not requeue after successfully writing profile to disk and do not immediately requeue on errors. (#101, @hasheddan)
- Link seccomp-operator statically for easier distribution (#16, @saschagrunert)
- Make rootless operator deployment the default (#38, @saschagrunert)
- Nodes not supporting seccomp will not reconcile profiles to disk. Additionally a warning event will be thrown for the config map. (#85, @saschagrunert)
- Operator now runs under a specific seccomp profile. (#52, @pjbgf)
- Profile controller will emit warning events on failure to get profile path or save profile to disk (#56, @hasheddan)
- Seccomp profiles can be created in any namespace now. Profiles end up in different subdirectories per namespace. (#49, @rhafer)