Release notes:
Welcome to our glorious next release of the security-profiles-operator! We hope you enjoy this release as much as we do! The general usage and setup can be found in our documentation. 🥳 👯
To install the operator, run:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/security-profiles-operator/v0.4.2/deploy/operator.yaml
Feel free to provide us any kind of feedback in the official Kubernetes Slack #security-profiles-operator channel.
Changes by Kind
Feature
- Added more verbose output to operator version information. (#859, @saschagrunert)
- Automatically determine if cert-manager is required or not, for example in OpenShift deployments.
- Automatically enable SELinux support in OpenShift deployments. (#810, @saschagrunert)
- Update BTF to remove unnecessary distributions. (#812, @saschagrunert)
- Updated metrics container to contain a read-only root filesystem. (#869, @saschagrunert)
- Add a new field
selinuxTypeTag
in the SPOD CRD which allows to configure the SELinux type in the SPOd deployment (#851, @ccojocar) - Extend the
ProfileRecording
CRD with a containers list which allows to select only specific containers in a pod for which the profile will be recorded (#833, @ccojocar)
Documentation
- Added list of kernels supporting the bpf recorder via BTF. (#805, @saschagrunert)
- Added note about OpenShift in installation docs. (#813, @saschagrunert)
Other (Cleanup or Flake)
- Updated cert-manager to v1.7.1 (#804, @saschagrunert)
- Updated cert-manager to v1.7.2. (#863, @saschagrunert)
- Updated libbpf to v0.7.0 (#821, @saschagrunert)
- Keep retrieving the remaining profiles when a PID is no longer found. (#824, @ccojocar)
Dependencies
Added
- github.com/Azure/go-autorest/autorest/to: v0.4.0
- github.com/Azure/go-autorest/autorest/validation: v0.3.1
- github.com/MakeNowJust/heredoc: bb23615
- github.com/Masterminds/goutils: v1.1.1
- github.com/Masterminds/semver/v3: v3.1.1
- github.com/Masterminds/sprig/v3: v3.2.2
- github.com/Masterminds/squirrel: v1.5.0
- github.com/Nvveen/Gotty: cd52737
- github.com/Venafi/vcert/v4: v4.14.3
- github.com/akamai/AkamaiOPEN-edgegrid-golang: v1.1.1
- github.com/cenkalti/backoff/v3: v3.0.0
- github.com/chai2010/gettext-go: c6fed77
- github.com/cloudflare/cloudflare-go: v0.20.0
- github.com/common-nighthawk/go-figure: 734e95f
- github.com/cpu/goacmedns: v0.1.1
- github.com/dave/dst: v0.26.2
- github.com/dave/gopackages: 46e7023
- github.com/dave/jennifer: v1.2.0
- github.com/dave/kerr: bc25dd6
- github.com/dave/rebecca: v0.9.1
- github.com/digitalocean/godo: v1.65.0
- github.com/exponent-io/jsonpath: d6023ce
- github.com/fatih/camelcase: v1.0.0
- github.com/go-errors/errors: v1.0.1
- github.com/gobwas/glob: v0.2.3
- github.com/google/shlex: e7afc7f
- github.com/gosuri/uitable: v0.0.4
- github.com/gotestyourself/gotestyourself: v2.2.0+incompatible
- github.com/hashicorp/vault/api: v1.1.1
- github.com/hashicorp/vault/sdk: v0.2.1
- github.com/huandu/xstrings: v1.3.2
- github.com/jetstack/cert-manager: v1.7.2
- github.com/jmoiron/sqlx: v1.3.1
- github.com/lann/builder: 47ae307
- github.com/lann/ps: 62de8c4
- github.com/lib/pq: v1.10.0
- github.com/liggitt/tabwriter: 89fcab3
- github.com/mitchellh/copystructure: v1.1.1
- github.com/mitchellh/go-wordwrap: v1.0.0
- github.com/mitchellh/reflectwalk: v1.0.1
- github.com/monochromegane/go-gitignore: 205db1a
- github.com/munnerz/crd-schema-fuzz: v1.0.0
- github.com/openshift/api: b632c5f
- github.com/openshift/build-machinery-go: 7e33a7e
- github.com/patrickmn/go-cache: v2.1.0+incompatible
- github.com/pavel-v-chernykh/keystore-go/v4: v4.2.0
- github.com/pierrec/lz4: v2.5.2+incompatible
- github.com/rubenv/sql-migrate: 55d5740
- github.com/ryanuber/go-glob: v1.0.0
- github.com/shopspring/decimal: v1.2.0
- github.com/xlab/treeprint: a009c39
- go.starlark.net: 8dd3e2e
- golang.org/x/arch: b19384d
- gopkg.in/gorp.v1: v1.7.2
- gopkg.in/src-d/go-billy.v4: v4.3.0
- helm.sh/helm/v3: v3.7.1
- k8s.io/cli-runtime: v0.23.1
- k8s.io/kube-aggregator: v0.23.1
- k8s.io/kubectl: v0.23.1
- oras.land/oras-go: v0.4.0
- sigs.k8s.io/gateway-api: v0.3.0
- sigs.k8s.io/kustomize/api: v0.10.1
- sigs.k8s.io/kustomize/kyaml: v0.13.0
- software.sslmate.com/src/go-pkcs12: c5206de
Changed
- github.com/Azure/azure-sdk-for-go: v16.2.1+incompatible → v56.2.0+incompatible
- github.com/Azure/go-autorest/autorest/adal: v0.9.13 → v0.9.14
- github.com/Azure/go-autorest/autorest: v0.11.18 → v0.11.19
- github.com/aquasecurity/libbpfgo: 0.6.1 → 0.7.0
- github.com/asaskevich/govalidator: f61b66f → 21a406d
- github.com/aws/aws-sdk-go: v1.37.6 → v1.40.21
- github.com/carolynvs/magex: v0.6.0 → v0.7.0
- github.com/containerd/cgroups: v1.0.1 → v1.0.2
- github.com/containerd/continuity: v0.1.0 → v0.2.2
- github.com/containers/common: v0.47.3 → v0.47.5
- github.com/docker/cli: a8ff7f8 → v20.10.7+incompatible
- github.com/docker/distribution: v2.7.1+incompatible → v2.8.0+incompatible
- github.com/go-logr/logr: v1.2.2 → v1.2.3
- github.com/google/gofuzz: v1.1.0 → v1.2.0
- github.com/hashicorp/go-retryablehttp: v0.6.4 → v0.6.6
- github.com/hashicorp/go-sockaddr: v1.0.0 → v1.0.2
- github.com/kr/pretty: v0.2.1 → v0.3.0
- github.com/maxbrunsfeld/counterfeiter/v6: v6.4.1 → v6.5.0
- github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring: v0.54.0 → v0.55.1
- github.com/rogpeppe/go-internal: v1.3.0 → v1.6.1
- github.com/spf13/cobra: v1.3.0 → v1.4.0
- github.com/stretchr/testify: v1.7.0 → v1.7.1
- github.com/urfave/cli/v2: v2.3.0 → v2.4.0
- github.com/yuin/goldmark: v1.4.0 → v1.4.1
- golang.org/x/mod: v0.5.0 → 9b9b3d8
- golang.org/x/net: 491a49a → 27dd868
- golang.org/x/sys: da31bd3 → 039c03c
- golang.org/x/term: 6886f2d → 03fcf44
- golang.org/x/tools: d4cc65f → v0.1.10
- google.golang.org/genproto: 3a66f56 → 00ab72f
- google.golang.org/grpc: v1.44.0 → v1.45.0
- google.golang.org/protobuf: v1.27.1 → v1.28.0
- k8s.io/api: v0.23.3 → v0.23.5
- k8s.io/apiextensions-apiserver: v0.23.0 → v0.23.5
- k8s.io/apimachinery: v0.23.3 → v0.23.5
- k8s.io/apiserver: v0.23.0 → v0.23.5
- k8s.io/client-go: v0.23.3 → v0.23.5
- k8s.io/code-generator: v0.23.0 → v0.23.5
- k8s.io/component-base: v0.23.0 → v0.23.5
- k8s.io/klog/v2: v2.40.1 → v2.60.1
- k8s.io/utils: 6203023 → 3a6ce19
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.25 → v0.0.30
- sigs.k8s.io/controller-runtime: v0.11.0 → v0.11.2
- sigs.k8s.io/release-utils: v0.4.0 → v0.6.0