search

kubernetes-sigs / security-profiles-operator

The Kubernetes Security Profiles Operator
Apache License 2.0
699 stars 107 forks source link

Release 0.4.2 #879

Closed saschagrunert closed 2 years ago

saschagrunert commented 2 years ago

Planned for the next couple of days.

saschagrunert commented 2 years ago

Release notes:

Welcome to our glorious next release of the **security-profiles-operator**! We hope you enjoy this release as much as we do! The general usage and setup can be found [in our documentation][0]. :partying_face: :dancers: 

To install the operator, run:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/security-profiles-operator/v0.4.2/deploy/operator.yaml


Feel free to provide us any kind of feedback in the official [Kubernetes Slack #security-profiles-operator channel][1].

[0]: https://github.com/kubernetes-sigs/security-profiles-operator/blob/v0.4.2/installation-usage.md
[1]: https://app.slack.com/client/T09NY5SBT/C013FQNB0A2

## Changes by Kind

### Feature

- Added more verbose output to operator version information. (#859, @saschagrunert)
- Automatically determine if cert-manager is required or not, for example in OpenShift deployments.
  - Automatically enable SELinux support in OpenShift deployments. (#810, @saschagrunert)
- Update BTF to remove unnecessary distributions. (#812, @saschagrunert)
- Updated metrics container to contain a read-only root filesystem. (#869, @saschagrunert)
- Add a new field selinuxTypeTag in the SPOD CRD which allows to configure the SELinux type in the SPOd deployment (#851, @ccojocar)
- Extend the ProfileRecording CRD with a containers list which allows to select only specific containers in a pod for which the profile will be recorded (#833, @ccojocar)

### Documentation

- Added list of kernels supporting the bpf recorder via BTF. (#805, @saschagrunert)
- Added note about OpenShift in installation docs. (#813, @saschagrunert)

### Other (Cleanup or Flake)

- Updated cert-manager to v1.7.1 (#804, @saschagrunert)
- Updated cert-manager to v1.7.2. (#863, @saschagrunert)
- Updated libbpf to v0.7.0 (#821, @saschagrunert)
- Keep retrieving the remaining profiles when a PID is no longer found. (#824, @ccojocar)

## Dependencies

### Added

- github.com/Azure/go-autorest/autorest/to: [v0.4.0](https://github.com/Azure/go-autorest/autorest/to/tree/v0.4.0)
- github.com/Azure/go-autorest/autorest/validation: [v0.3.1](https://github.com/Azure/go-autorest/autorest/validation/tree/v0.3.1)
- github.com/MakeNowJust/heredoc: [bb23615](https://github.com/MakeNowJust/heredoc/tree/bb23615)
- github.com/Masterminds/goutils: [v1.1.1](https://github.com/Masterminds/goutils/tree/v1.1.1)
- github.com/Masterminds/semver/v3: [v3.1.1](https://github.com/Masterminds/semver/v3/tree/v3.1.1)
- github.com/Masterminds/sprig/v3: [v3.2.2](https://github.com/Masterminds/sprig/v3/tree/v3.2.2)
- github.com/Masterminds/squirrel: [v1.5.0](https://github.com/Masterminds/squirrel/tree/v1.5.0)
- github.com/Nvveen/Gotty: [cd52737](https://github.com/Nvveen/Gotty/tree/cd52737)
- github.com/Venafi/vcert/v4: [v4.14.3](https://github.com/Venafi/vcert/v4/tree/v4.14.3)
- github.com/akamai/AkamaiOPEN-edgegrid-golang: [v1.1.1](https://github.com/akamai/AkamaiOPEN-edgegrid-golang/tree/v1.1.1)
- github.com/cenkalti/backoff/v3: [v3.0.0](https://github.com/cenkalti/backoff/v3/tree/v3.0.0)
- github.com/chai2010/gettext-go: [c6fed77](https://github.com/chai2010/gettext-go/tree/c6fed77)
- github.com/cloudflare/cloudflare-go: [v0.20.0](https://github.com/cloudflare/cloudflare-go/tree/v0.20.0)
- github.com/common-nighthawk/go-figure: [734e95f](https://github.com/common-nighthawk/go-figure/tree/734e95f)
- github.com/cpu/goacmedns: [v0.1.1](https://github.com/cpu/goacmedns/tree/v0.1.1)
- github.com/dave/dst: [v0.26.2](https://github.com/dave/dst/tree/v0.26.2)
- github.com/dave/gopackages: [46e7023](https://github.com/dave/gopackages/tree/46e7023)
- github.com/dave/jennifer: [v1.2.0](https://github.com/dave/jennifer/tree/v1.2.0)
- github.com/dave/kerr: [bc25dd6](https://github.com/dave/kerr/tree/bc25dd6)
- github.com/dave/rebecca: [v0.9.1](https://github.com/dave/rebecca/tree/v0.9.1)
- github.com/digitalocean/godo: [v1.65.0](https://github.com/digitalocean/godo/tree/v1.65.0)
- github.com/exponent-io/jsonpath: [d6023ce](https://github.com/exponent-io/jsonpath/tree/d6023ce)
- github.com/fatih/camelcase: [v1.0.0](https://github.com/fatih/camelcase/tree/v1.0.0)
- github.com/go-errors/errors: [v1.0.1](https://github.com/go-errors/errors/tree/v1.0.1)
- github.com/gobwas/glob: [v0.2.3](https://github.com/gobwas/glob/tree/v0.2.3)
- github.com/google/shlex: [e7afc7f](https://github.com/google/shlex/tree/e7afc7f)
- github.com/gosuri/uitable: [v0.0.4](https://github.com/gosuri/uitable/tree/v0.0.4)
- github.com/gotestyourself/gotestyourself: [v2.2.0+incompatible](https://github.com/gotestyourself/gotestyourself/tree/v2.2.0)
- github.com/hashicorp/vault/api: [v1.1.1](https://github.com/hashicorp/vault/api/tree/v1.1.1)
- github.com/hashicorp/vault/sdk: [v0.2.1](https://github.com/hashicorp/vault/sdk/tree/v0.2.1)
- github.com/huandu/xstrings: [v1.3.2](https://github.com/huandu/xstrings/tree/v1.3.2)
- github.com/jetstack/cert-manager: [v1.7.2](https://github.com/jetstack/cert-manager/tree/v1.7.2)
- github.com/jmoiron/sqlx: [v1.3.1](https://github.com/jmoiron/sqlx/tree/v1.3.1)
- github.com/lann/builder: [47ae307](https://github.com/lann/builder/tree/47ae307)
- github.com/lann/ps: [62de8c4](https://github.com/lann/ps/tree/62de8c4)
- github.com/lib/pq: [v1.10.0](https://github.com/lib/pq/tree/v1.10.0)
- github.com/liggitt/tabwriter: [89fcab3](https://github.com/liggitt/tabwriter/tree/89fcab3)
- github.com/mitchellh/copystructure: [v1.1.1](https://github.com/mitchellh/copystructure/tree/v1.1.1)
- github.com/mitchellh/go-wordwrap: [v1.0.0](https://github.com/mitchellh/go-wordwrap/tree/v1.0.0)
- github.com/mitchellh/reflectwalk: [v1.0.1](https://github.com/mitchellh/reflectwalk/tree/v1.0.1)
- github.com/monochromegane/go-gitignore: [205db1a](https://github.com/monochromegane/go-gitignore/tree/205db1a)
- github.com/munnerz/crd-schema-fuzz: [v1.0.0](https://github.com/munnerz/crd-schema-fuzz/tree/v1.0.0)
- github.com/openshift/api: [b632c5f](https://github.com/openshift/api/tree/b632c5f)
- github.com/openshift/build-machinery-go: [7e33a7e](https://github.com/openshift/build-machinery-go/tree/7e33a7e)
- github.com/patrickmn/go-cache: [v2.1.0+incompatible](https://github.com/patrickmn/go-cache/tree/v2.1.0)
- github.com/pavel-v-chernykh/keystore-go/v4: [v4.2.0](https://github.com/pavel-v-chernykh/keystore-go/v4/tree/v4.2.0)
- github.com/pierrec/lz4: [v2.5.2+incompatible](https://github.com/pierrec/lz4/tree/v2.5.2)
- github.com/rubenv/sql-migrate: [55d5740](https://github.com/rubenv/sql-migrate/tree/55d5740)
- github.com/ryanuber/go-glob: [v1.0.0](https://github.com/ryanuber/go-glob/tree/v1.0.0)
- github.com/shopspring/decimal: [v1.2.0](https://github.com/shopspring/decimal/tree/v1.2.0)
- github.com/xlab/treeprint: [a009c39](https://github.com/xlab/treeprint/tree/a009c39)
- go.starlark.net: 8dd3e2e
- golang.org/x/arch: b19384d
- gopkg.in/gorp.v1: v1.7.2
- gopkg.in/src-d/go-billy.v4: v4.3.0
- helm.sh/helm/v3: v3.7.1
- k8s.io/cli-runtime: v0.23.1
- k8s.io/kube-aggregator: v0.23.1
- k8s.io/kubectl: v0.23.1
- oras.land/oras-go: v0.4.0
- sigs.k8s.io/gateway-api: v0.3.0
- sigs.k8s.io/kustomize/api: v0.10.1
- sigs.k8s.io/kustomize/kyaml: v0.13.0
- software.sslmate.com/src/go-pkcs12: c5206de

### Changed

- github.com/Azure/azure-sdk-for-go: [v16.2.1+incompatible → v56.2.0+incompatible](https://github.com/Azure/azure-sdk-for-go/compare/v16.2.1...v56.2.0)
- github.com/Azure/go-autorest/autorest/adal: [v0.9.13 → v0.9.14](https://github.com/Azure/go-autorest/autorest/adal/compare/v0.9.13...v0.9.14)
- github.com/Azure/go-autorest/autorest: [v0.11.18 → v0.11.19](https://github.com/Azure/go-autorest/autorest/compare/v0.11.18...v0.11.19)
- github.com/aquasecurity/libbpfgo: [0.6.1 → 0.7.0](https://github.com/aquasecurity/libbpfgo/compare/0.6.1...0.7.0)
- github.com/asaskevich/govalidator: [f61b66f → 21a406d](https://github.com/asaskevich/govalidator/compare/f61b66f...21a406d)
- github.com/aws/aws-sdk-go: [v1.37.6 → v1.40.21](https://github.com/aws/aws-sdk-go/compare/v1.37.6...v1.40.21)
- github.com/carolynvs/magex: [v0.6.0 → v0.7.0](https://github.com/carolynvs/magex/compare/v0.6.0...v0.7.0)
- github.com/containerd/cgroups: [v1.0.1 → v1.0.2](https://github.com/containerd/cgroups/compare/v1.0.1...v1.0.2)
- github.com/containerd/continuity: [v0.1.0 → v0.2.2](https://github.com/containerd/continuity/compare/v0.1.0...v0.2.2)
- github.com/containers/common: [v0.47.3 → v0.47.5](https://github.com/containers/common/compare/v0.47.3...v0.47.5)
- github.com/docker/cli: [a8ff7f8 → v20.10.7+incompatible](https://github.com/docker/cli/compare/a8ff7f8...v20.10.7)
- github.com/docker/distribution: [v2.7.1+incompatible → v2.8.0+incompatible](https://github.com/docker/distribution/compare/v2.7.1...v2.8.0)
- github.com/go-logr/logr: [v1.2.2 → v1.2.3](https://github.com/go-logr/logr/compare/v1.2.2...v1.2.3)
- github.com/google/gofuzz: [v1.1.0 → v1.2.0](https://github.com/google/gofuzz/compare/v1.1.0...v1.2.0)
- github.com/hashicorp/go-retryablehttp: [v0.6.4 → v0.6.6](https://github.com/hashicorp/go-retryablehttp/compare/v0.6.4...v0.6.6)
- github.com/hashicorp/go-sockaddr: [v1.0.0 → v1.0.2](https://github.com/hashicorp/go-sockaddr/compare/v1.0.0...v1.0.2)
- github.com/kr/pretty: [v0.2.1 → v0.3.0](https://github.com/kr/pretty/compare/v0.2.1...v0.3.0)
- github.com/maxbrunsfeld/counterfeiter/v6: [v6.4.1 → v6.5.0](https://github.com/maxbrunsfeld/counterfeiter/v6/compare/v6.4.1...v6.5.0)
- github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring: [v0.54.0 → v0.55.1](https://github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/compare/v0.54.0...v0.55.1)
- github.com/rogpeppe/go-internal: [v1.3.0 → v1.6.1](https://github.com/rogpeppe/go-internal/compare/v1.3.0...v1.6.1)
- github.com/spf13/cobra: [v1.3.0 → v1.4.0](https://github.com/spf13/cobra/compare/v1.3.0...v1.4.0)
- github.com/stretchr/testify: [v1.7.0 → v1.7.1](https://github.com/stretchr/testify/compare/v1.7.0...v1.7.1)
- github.com/urfave/cli/v2: [v2.3.0 → v2.4.0](https://github.com/urfave/cli/v2/compare/v2.3.0...v2.4.0)
- github.com/yuin/goldmark: [v1.4.0 → v1.4.1](https://github.com/yuin/goldmark/compare/v1.4.0...v1.4.1)
- golang.org/x/mod: v0.5.0 → 9b9b3d8
- golang.org/x/net: 491a49a → 27dd868
- golang.org/x/sys: da31bd3 → 039c03c
- golang.org/x/term: 6886f2d → 03fcf44
- golang.org/x/tools: d4cc65f → v0.1.10
- google.golang.org/genproto: 3a66f56 → 00ab72f
- google.golang.org/grpc: v1.44.0 → v1.45.0
- google.golang.org/protobuf: v1.27.1 → v1.28.0
- k8s.io/api: v0.23.3 → v0.23.5
- k8s.io/apiextensions-apiserver: v0.23.0 → v0.23.5
- k8s.io/apimachinery: v0.23.3 → v0.23.5
- k8s.io/apiserver: v0.23.0 → v0.23.5
- k8s.io/client-go: v0.23.3 → v0.23.5
- k8s.io/code-generator: v0.23.0 → v0.23.5
- k8s.io/component-base: v0.23.0 → v0.23.5
- k8s.io/klog/v2: v2.40.1 → v2.60.1
- k8s.io/utils: 6203023 → 3a6ce19
- sigs.k8s.io/apiserver-network-proxy/konnectivity-client: v0.0.25 → v0.0.30
- sigs.k8s.io/controller-runtime: v0.11.0 → v0.11.2
- sigs.k8s.io/release-utils: v0.4.0 → v0.6.0

### Removed

- github.com/andybalholm/brotli: [v1.0.0](https://github.com/andybalholm/brotli/tree/v1.0.0)
- github.com/dsnet/compress: [v0.0.1](https://github.com/dsnet/compress/tree/v0.0.1)
- github.com/dsnet/golib: [1ea1667](https://github.com/dsnet/golib/tree/1ea1667)
- github.com/klauspost/cpuid: [v1.2.0](https://github.com/klauspost/cpuid/tree/v1.2.0)
- github.com/mholt/archiver/v3: [v3.5.0](https://github.com/mholt/archiver/v3/tree/v3.5.0)
- github.com/nwaples/rardecode: [v1.1.0](https://github.com/nwaples/rardecode/tree/v1.1.0)
- github.com/pierrec/lz4/v4: [v4.0.3](https://github.com/pierrec/lz4/v4/tree/v4.0.3)
- github.com/xi2/xz: [48954b6](https://github.com/xi2/xz/tree/48954b6)