Release v0.8.2

[saschagrunert]

Ref https://github.com/kubernetes-sigs/security-profiles-operator/pull/2030

Release notes

# Release notes

Welcome to our glorious v0.8.2 release of the **security-profiles-operator**! The general usage and setup can be found [in our documentation][0]. :partying_face: :dancers:

To install the operator, run:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/security-profiles-operator/v0.8.2/deploy/operator.yaml

You can also verify the container image signature by using [cosign][1]:

$ cosign verify \ --certificate-identity krel-trust@k8s-releng-prod.iam.gserviceaccount.com \ --certificate-oidc-issuer https://accounts.google.com \ registry.k8s.io/security-profiles-operator/security-profiles-operator:v0.8.2

Beside the operator image, we now also ship `spoc`, the official Security Profiles Operator Command Line Interface! Binaries for `amd64` and `arm64` are attached to this release.

To verify the signature of `spoc`. download all release artifacts and run for `amd64` (works in the same way for `arm64`:

$ cosign verify-blob \ --certificate-identity sgrunert@redhat.com \ --certificate-oidc-issuer https://github.com/login/oauth \ --certificate spoc.amd64.cert \ --signature spoc.amd64.sig \ spoc.amd64

To verify the Bill of Materials (BOM) using the [`bom`](https://github.com/kubernetes-sigs/bom) tool, download the artifacts into a `build` directory and run:

bom validate -e spoc.spdx -d build/ +-------------------+-------+-----------------------------+----------------+ | FILENAME | VALID | MESSAGE | INVALID HASHES | +-------------------+-------+-----------------------------+----------------+ | spoc.amd64 | OK | File validated successfully | - | | spoc.amd64.cert | OK | File validated successfully | - | | spoc.amd64.sha512 | OK | File validated successfully | - | | spoc.amd64.sig | OK | File validated successfully | - | | spoc.arm64 | OK | File validated successfully | - | | spoc.arm64.cert | OK | File validated successfully | - | | spoc.arm64.sha512 | OK | File validated successfully | - | | spoc.arm64.sig | OK | File validated successfully | - | +-------------------+-------+-----------------------------+----------------+

The .spdx file is signed as well and we also provide .sha512 sum files for the binaries.

Feel free to provide us any kind of feedback in the official Kubernetes Slack #security-profiles-operator channel.

Changes by Kind

Failing Test

• Fixed upgrade issue introduced in v0.8.1. (#2023, @yuumasato)

Dependencies

Added

• github.com/DATA-DOG/go-sqlmock: v1.5.0
• github.com/Khan/genqlient: v0.6.0
• github.com/alexflint/go-arg: v1.4.2
• github.com/alexflint/go-scalar: v1.0.0
• github.com/aws/aws-sdk-go-v2/feature/s3/manager: v1.11.76
• github.com/buildkite/go-pipeline: v0.2.0

Changed

• cloud.google.com/go/compute: v1.23.2 → v1.23.3
• cloud.google.com/go/iam: v1.1.4 → v1.1.5
• cloud.google.com/go/kms: v1.15.4 → v1.15.5
• cloud.google.com/go: v0.110.9 → v0.110.10
• github.com/Azure/azure-sdk-for-go/sdk/azcore: v1.8.0 → v1.9.0
• github.com/Azure/azure-sdk-for-go/sdk/internal: v1.4.0 → v1.5.0
• github.com/DataDog/datadog-agent/pkg/obfuscate: v0.48.1 → v0.48.0
• github.com/DataDog/datadog-agent/pkg/remoteconfig/state: v0.48.1 → 2549ba9
• github.com/DataDog/sketches-go: v1.4.3 → v1.4.2
• github.com/andybalholm/brotli: v1.0.6 → v1.0.1
• github.com/aws/aws-sdk-go-v2/config: v1.19.1 → v1.25.11
• github.com/aws/aws-sdk-go-v2/credentials: v1.13.43 → v1.16.9
• github.com/aws/aws-sdk-go-v2/feature/ec2/imds: v1.13.13 → v1.14.9
• github.com/aws/aws-sdk-go-v2/internal/configsources: v1.1.43 → v1.2.8
• github.com/aws/aws-sdk-go-v2/internal/endpoints/v2: v2.4.37 → v2.5.8
• github.com/aws/aws-sdk-go-v2/internal/ini: v1.3.45 → v1.7.1
• github.com/aws/aws-sdk-go-v2/service/internal/accept-encoding: v1.9.14 → v1.10.3
• github.com/aws/aws-sdk-go-v2/service/internal/presigned-url: v1.9.37 → v1.10.8
• github.com/aws/aws-sdk-go-v2/service/kms: v1.24.7 → v1.27.2
• github.com/aws/aws-sdk-go-v2/service/sso: v1.15.2 → v1.18.2
• github.com/aws/aws-sdk-go-v2/service/ssooidc: v1.17.3 → v1.21.2
• github.com/aws/aws-sdk-go-v2/service/sts: v1.23.2 → v1.26.2
• github.com/aws/aws-sdk-go-v2: v1.21.2 → v1.23.5
• github.com/aws/aws-sdk-go: v1.47.0 → v1.48.11
• github.com/aws/smithy-go: v1.15.0 → v1.18.1
• github.com/buildkite/agent/v3: v3.58.0 → v3.59.0
• github.com/buildkite/bintest/v3: v3.1.1 → v3.2.0
• github.com/cert-manager/cert-manager: v1.13.2 → v1.13.3
• github.com/containers/common: v0.57.0 → v0.57.1
• github.com/ebitengine/purego: v0.5.0 → v0.5.0-alpha.1
• github.com/felixge/httpsnoop: v1.0.3 → v1.0.4
• github.com/gabriel-vasile/mimetype: v1.4.3 → v1.4.2
• github.com/go-openapi/spec: v0.20.9 → v0.20.11
• github.com/go-openapi/strfmt: v0.21.7 → v0.21.8
• github.com/go-openapi/validate: v0.22.1 → v0.22.3
• github.com/go-rod/rod: v0.114.4 → v0.114.5
• github.com/google/go-tpm-tools: v0.4.1 → v0.4.2
• github.com/gorilla/mux: v1.8.0 → v1.8.1
• github.com/hashicorp/go-retryablehttp: v0.7.4 → v0.7.5
• github.com/jellydator/ttlcache/v3: v3.1.0 → v3.1.1
• github.com/montanaflynn/stats: v0.6.6 → 1bf9dbc
• github.com/open-policy-agent/opa: v0.58.0 → v0.59.0
• github.com/pierrec/lz4/v4: v4.1.18 → v4.1.2
• github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring: v0.69.1 → v0.70.0
• github.com/sigstore/cosign/v2: v2.2.1 → v2.2.2
• github.com/sigstore/rekor: v1.3.3 → v1.3.4
• github.com/sigstore/sigstore/pkg/signature/kms/aws: v1.7.5 → v1.7.6
• github.com/sigstore/sigstore/pkg/signature/kms/azure: v1.7.5 → v1.7.6
• github.com/sigstore/sigstore/pkg/signature/kms/gcp: v1.7.5 → v1.7.6
• github.com/sigstore/sigstore/pkg/signature/kms/hashivault: v1.7.5 → v1.7.6
• github.com/sigstore/sigstore: v1.7.5 → v1.7.6
• github.com/stretchr/objx: v0.5.1 → v0.5.0
• github.com/theupdateframework/go-tuf: v0.6.1 → v0.7.0
• github.com/tidwall/pretty: v1.2.1 → v1.2.0
• github.com/urfave/cli/v2: v2.25.7 → v2.26.0
• github.com/xanzy/go-gitlab: v0.93.2 → v0.94.0
• go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc: v0.45.0 → v0.46.0
• go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp: v0.45.0 → v0.46.1
• go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc: v1.19.0 → v1.21.0
• go.opentelemetry.io/otel/exporters/otlp/otlptrace: v1.19.0 → v1.21.0
• go.opentelemetry.io/otel/metric: v1.19.0 → v1.21.0
• go.opentelemetry.io/otel/sdk: v1.19.0 → v1.21.0
• go.opentelemetry.io/otel/trace: v1.19.0 → v1.21.0
• go.opentelemetry.io/otel: v1.19.0 → v1.21.0
• go.step.sm/crypto: v0.36.1 → v0.38.0
• golang.org/x/crypto: v0.16.0 → v0.17.0
• golang.org/x/exp: 7918f67 → 2478ac8
• golang.org/x/oauth2: v0.13.0 → v0.15.0
• golang.org/x/time: v0.3.0 → v0.5.0
• golang.org/x/tools: v0.14.0 → v0.15.0
• google.golang.org/api: v0.149.0 → v0.152.0
• google.golang.org/genproto/googleapis/api: 49dd2c1 → bbf56f3
• google.golang.org/genproto/googleapis/bytestream: d783a09 → 83a465c
• google.golang.org/genproto/googleapis/rpc: 49dd2c1 → 83a465c
• google.golang.org/genproto: 49dd2c1 → bbf56f3
• google.golang.org/grpc: v1.59.0 → v1.60.1
• k8s.io/api: v0.28.4 → v0.29.0
• k8s.io/apiextensions-apiserver: v0.28.3 → v0.28.4
• k8s.io/apimachinery: v0.28.4 → v0.29.0
• k8s.io/apiserver: v0.28.3 → v0.28.4
• k8s.io/cli-runtime: v0.28.4 → v0.29.0
• k8s.io/client-go: v0.28.4 → v0.29.0
• k8s.io/code-generator: v0.28.3 → v0.28.4
• k8s.io/component-base: v0.28.3 → v0.28.4
• k8s.io/kms: v0.28.3 → v0.28.4
• k8s.io/utils: 3b25d92 → b307cd5
• sigs.k8s.io/structured-merge-diff/v4: v4.3.0 → v4.4.1

Removed

• github.com/99designs/gqlgen: v0.17.36
• github.com/DataDog/gostackparse: v0.7.0
• github.com/IBM/sarama: v1.40.0
• github.com/Shopify/sarama: v1.38.1
• github.com/aws/aws-sdk-go-v2/service/dynamodb: v1.21.4
• github.com/aws/aws-sdk-go-v2/service/ec2: v1.93.2
• github.com/aws/aws-sdk-go-v2/service/eventbridge: v1.20.4
• github.com/aws/aws-sdk-go-v2/service/internal/endpoint-discovery: v1.7.34
• github.com/aws/aws-sdk-go-v2/service/kinesis: v1.18.4
• github.com/aws/aws-sdk-go-v2/service/sfn: v1.19.4
• github.com/aws/aws-sdk-go-v2/service/sns: v1.21.4
• github.com/aws/aws-sdk-go-v2/service/sqs: v1.24.4
• github.com/bradfitz/gomemcache: acc6962
• github.com/bytedance/sonic: v1.10.0
• github.com/chenzhuoyu/base64x: 296ad89
• github.com/chenzhuoyu/iasm: v0.9.0
• github.com/confluentinc/confluent-kafka-go/v2: v2.2.0
• github.com/confluentinc/confluent-kafka-go: v1.9.2
• github.com/decred/dcrd/crypto/blake256: v1.0.1
• github.com/denisenkom/go-mssqldb: v0.11.0
• github.com/dimfeld/httptreemux/v5: v5.5.0
• github.com/dvyukov/go-fuzz: 6a8e9d1
• github.com/eapache/go-resiliency: v1.4.0
• github.com/eapache/go-xerial-snappy: c322873
• github.com/eapache/queue: v1.1.0
• github.com/elastic/elastic-transport-go/v8: v8.1.0
• github.com/elastic/go-elasticsearch/v6: v6.8.5
• github.com/elastic/go-elasticsearch/v7: v7.17.1
• github.com/elastic/go-elasticsearch/v8: v8.4.0
• github.com/emicklei/go-restful: v2.16.0+incompatible
• github.com/garyburd/redigo: v1.6.4
• github.com/gin-contrib/sse: v0.1.0
• github.com/gin-gonic/gin: v1.9.1
• github.com/globalsign/mgo: eeefdec
• github.com/go-pg/pg/v10: v10.11.1
• github.com/go-pg/zerochecker: v0.2.0
• github.com/go-playground/assert/v2: v2.2.0
• github.com/go-redis/redis/v7: v7.4.1
• github.com/go-redis/redis/v8: v8.11.5
• github.com/go-redis/redis: v6.15.9+incompatible
• github.com/go-stack/stack: v1.8.0
• github.com/gobuffalo/attrs: a9411de
• github.com/gobuffalo/depgen: v0.1.0
• github.com/gobuffalo/envy: v1.7.0
• github.com/gobuffalo/genny: v0.1.1
• github.com/gobuffalo/gitgen: cc08618
• github.com/gobuffalo/gogen: v0.1.1
• github.com/gobuffalo/logger: 86e12af
• github.com/gobuffalo/mapi: v1.0.2
• github.com/gobuffalo/packd: v0.1.0
• github.com/gobuffalo/packr/v2: v2.2.0
• github.com/gobuffalo/syncx: 33c2958
• github.com/gocql/gocql: 0eacd31
• github.com/gofiber/fiber/v2: v2.50.0
• github.com/gofrs/uuid: v4.4.0+incompatible
• github.com/golang-sql/civil: b832511
• github.com/golang-sql/sqlexp: v0.1.0
• github.com/gomodule/redigo: v1.8.9
• github.com/googleapis/gnostic: v0.5.5
• github.com/graph-gophers/graphql-go: v1.5.0
• github.com/hailocab/go-hostpool: e80d13c
• github.com/hashicorp/go-uuid: v1.0.3
• github.com/hashicorp/golang-lru/v2: v2.0.3
• github.com/jackc/pgpassfile: v1.0.0
• github.com/jackc/pgservicefile: 091c0ba
• github.com/jackc/pgx/v5: v5.3.1
• github.com/jcmturner/aescts/v2: v2.0.0
• github.com/jcmturner/dnsutils/v2: v2.0.0
• github.com/jcmturner/gofork: v1.7.6
• github.com/jcmturner/gokrb5/v8: v8.4.4
• github.com/jcmturner/rpc/v2: v2.0.3
• github.com/jinzhu/gorm: v1.9.16
• github.com/jinzhu/inflection: v1.0.0
• github.com/jinzhu/now: v1.1.5
• github.com/joho/godotenv: v1.3.0
• github.com/karrick/godirwalk: v1.10.3
• github.com/klauspost/cpuid/v2: v2.2.5
• github.com/konsorten/go-windows-terminal-sequences: v1.0.2
• github.com/labstack/echo/v4: v4.11.1
• github.com/labstack/echo: v3.3.10+incompatible
• github.com/labstack/gommon: v0.4.0
• github.com/markbates/oncer: bf2de49
• github.com/markbates/safe: v1.0.1
• github.com/microsoft/go-mssqldb: v0.21.0
• github.com/richardartoul/molecule: 32cfee0
• github.com/segmentio/kafka-go: v0.4.42
• github.com/spaolacci/murmur3: v1.1.0
• github.com/tidwall/btree: v1.6.0
• github.com/tidwall/buntdb: v1.3.0
• github.com/tidwall/gjson: v1.16.0
• github.com/tidwall/grect: v0.1.4
• github.com/tidwall/match: v1.1.1
• github.com/tidwall/rtred: v0.1.2
• github.com/tidwall/tinyqueue: v0.1.1
• github.com/tmthrgd/go-hex: 447a304
• github.com/twitchtv/twirp: v8.1.3+incompatible
• github.com/twitchyliquid64/golang-asm: v0.15.1
• github.com/ugorji/go/codec: v1.2.11
• github.com/valyala/bytebufferpool: v1.0.0
• github.com/valyala/fasthttp: v1.50.0
• github.com/valyala/fasttemplate: v1.2.2
• github.com/valyala/tcplisten: v1.0.0
• github.com/vmihailenco/bufpool: v0.1.11
• github.com/vmihailenco/msgpack/v5: v5.3.5
• github.com/vmihailenco/tagparser/v2: v2.0.0
• github.com/vmihailenco/tagparser: v0.1.2
• github.com/zenazn/goji: v1.0.1
• golang.org/x/arch: v0.4.0
• gopkg.in/jinzhu/gorm.v1: v1.9.2
• gopkg.in/olivere/elastic.v3: v3.0.75
• gopkg.in/olivere/elastic.v5: v5.0.84
• gorm.io/driver/mysql: v1.0.1
• gorm.io/driver/postgres: v1.4.6
• gorm.io/driver/sqlserver: v1.4.2
• gorm.io/gorm: v1.25.3
• honnef.co/go/gotraceui: v0.2.0
• mellium.im/sasl: v0.3.1

[saschagrunert]

Done