v0.6.0
Release notes
Welcome to our glorious v0.6.0 release of the security-profiles-operator! We hope you enjoy this release as much as we do! The general usage and setup can be found in our documentation. π₯³ π―
To install the operator, run:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/security-profiles-operator/v0.6.0/deploy/operator.yaml
You can also verify the container image signature by using cosign:
$ cosign verify registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.6.0
Feel free to provide us any kind of feedback in the official Kubernetes Slack #security-profiles-operator channel.
Changes by Kind
API Change
- SELinux profiles gained a new attribute .spec.permissive which defaults to false. When set to true, the profile will run in a permissive mode, that means that all actions would be allowed, but logged. This allows for a more iterative approach for profile development. (#1278, @jhrozek)
Feature
- Log-enricher support for both short and long AppArmor log entries (#1298, @pjbgf)
- Add a command argument to the daemon which allows to disable the profile recorder controller. (#1290, @ccojocar)
- Configure the default local seccomp profile according to the runtime (e.g. cri-o expects the profile to be prefixed with
localhost
). (#1255, @ccojocar) - Make the daemon resource requirements configurable. (#1291, @ccojocar)
Documentation
Bug or Regression
- This pr fixes seccompprofiles deletion when a node is removed, we added a check to see if the node finalizer is a deleted node, if so, we remove such finalizer so the seccompprofile can be deleted without any issues. (#1236, @Vincent056)
- Fixes the controller panicking when AppArmor is enabled. (#1063, @pjbgf)
Other (Cleanup or Flake)
- Switched to
registry.k8s.io
for the main container image. (#1289, @saschagrunert) - Add directly the file header when generating the mock types. (#1295, @ccojocar)
- Fix bundle goal into the Makefile for macos. (#1300, @ccojocar)
- Fix flaky unit test which checks default operator namespace. (#1296, @ccojocar)
- Fix integration tests for Flatcar Linux. (#1252, @ccojocar)
- Prefix with localhost the local seccomp profile for cri-o only for older Kubernetes versions. (#1310, @ccojocar)
Dependencies
Added
- github.com/evanphx/json-patch/v5: v5.6.0
- github.com/pavlo-v-chernykh/keystore-go/v4: v4.4.0
- github.com/youmark/pkcs8: 1326539
Changed
- cloud.google.com/go/storage: v1.14.0 β v1.10.0
- github.com/Azure/go-autorest/autorest/adal: v0.9.20 β v0.9.21
- github.com/Azure/go-ntlmssp: 6637195 β cb9428e
- github.com/BurntSushi/toml: v1.1.0 β v1.2.1
- github.com/Venafi/vcert/v4: v4.14.3 β v4.22.1
- github.com/akamai/AkamaiOPEN-edgegrid-golang: v1.1.1 β v1.2.1
- github.com/cert-manager/cert-manager: v1.9.1 β v1.10.1
- github.com/cloudflare/cloudflare-go: v0.20.0 β v0.50.0
- github.com/digitalocean/godo: v1.65.0 β v1.86.0
- github.com/go-asn1-ber/asn1-ber: v1.5.1 β v1.5.4
- github.com/go-ldap/ldap/v3: v3.4.2 β v3.4.4
- github.com/google/cel-go: v0.12.4 β v0.12.5
- github.com/googleapis/gax-go/v2: v2.1.1 β v2.4.0
- github.com/hashicorp/go-hclog: v0.16.2 β v1.2.0
- github.com/hashicorp/go-secure-stdlib/parseutil: v0.1.1 β v0.1.6
- github.com/hashicorp/go-secure-stdlib/strutil: v0.1.1 β v0.1.2
- github.com/hashicorp/vault/api: v1.3.1 β v1.8.0
- github.com/hashicorp/vault/sdk: v0.3.0 β v0.6.0
- github.com/miekg/dns: v1.1.47 β v1.1.50
- github.com/mogensen/kubernetes-split-yaml: v0.3.0 β v0.4.0
- github.com/onsi/ginkgo/v2: v2.1.6 β v2.2.0
- github.com/onsi/gomega: v1.20.1 β v1.20.2
- github.com/pjbgf/go-apparmor: v0.0.9 β v0.1.1
- github.com/pkg/sftp: v1.13.1 β v1.10.1
- github.com/prometheus/client_golang: v1.13.0 β v1.14.0
- github.com/prometheus/client_model: v0.2.0 β v0.3.0
- github.com/rogpeppe/go-internal: v1.8.0 β v1.8.1
- github.com/segmentio/encoding: v0.3.3 β v0.3.5
- github.com/stretchr/objx: v0.4.0 β v0.5.0
- github.com/stretchr/testify: v1.8.0 β v1.8.1
- github.com/urfave/cli/v2: v2.20.2 β v2.23.5
- golang.org/x/crypto: 630584e β 4ba4fb4
- golang.org/x/exp: e8c3332 β 7b9b53b
- golang.org/x/net: bea034e β db77216
- golang.org/x/oauth2: 128564f β f213421
- golang.org/x/sync: f12130a β 7f9b162
- golang.org/x/sys: fbc7d0a β 95e765b
- golang.org/x/text: 5bd84dd β v0.4.0
- google.golang.org/api: v0.93.0 β v0.97.0
- google.golang.org/grpc: v1.50.1 β v1.51.0
- k8s.io/api: v0.25.3 β v0.25.4
- k8s.io/apiextensions-apiserver: v0.25.0 β v0.25.2
- k8s.io/apimachinery: v0.25.3 β v0.25.4
- k8s.io/apiserver: v0.25.0 β v0.25.2
- k8s.io/cli-runtime: v0.25.0 β v0.25.2
- k8s.io/client-go: v0.25.3 β v0.25.4
- k8s.io/code-generator: v0.25.0 β v0.25.2
- k8s.io/component-base: v0.25.0 β v0.25.2
- k8s.io/kube-aggregator: v0.24.2 β v0.25.2
- k8s.io/kubectl: v0.25.0 β v0.25.2
- k8s.io/utils: e9cbc92 β 665eaae
- sigs.k8s.io/controller-runtime: v0.12.3 β v0.13.1
- sigs.k8s.io/gateway-api: v0.4.3 β v0.5.0
- software.sslmate.com/src/go-pkcs12: c5206de β v0.2.0