From 4a6643e71e2357324ab8ab73ecb7286d73e96ef8 Mon Sep 17 00:00:00 2001 From: Kornilios Kourtis Date: Fri, 13 Dec 2024 09:21:09 +0100 Subject: [PATCH] Prepare for v1.3.0 release Signed-off-by: Kornilios Kourtis --- contrib/upgrade-notes/latest.md | 27 ++--------- contrib/upgrade-notes/v1.3.0.md | 47 ++++++++++++++++++++ docs/config/_default/hugo.toml | 2 +- docs/content/en/docs/reference/helm-chart.md | 4 +- install/kubernetes/tetragon/Chart.yaml | 4 +- install/kubernetes/tetragon/README.md | 6 +-- install/kubernetes/tetragon/values.yaml | 4 +- 7 files changed, 60 insertions(+), 34 deletions(-) create mode 100644 contrib/upgrade-notes/v1.3.0.md diff --git a/contrib/upgrade-notes/latest.md b/contrib/upgrade-notes/latest.md index fb89bcae05e..6781dd46772 100644 --- a/contrib/upgrade-notes/latest.md +++ b/contrib/upgrade-notes/latest.md @@ -3,7 +3,7 @@ Read the upgrade notes carefully before upgrading Tetragon. Depending on your setup, changes listed here might require a manual intervention. -* Behavior of `export-file-perm` flag (and corresponding Helm value `tetragon.exportFilePerm`) changed. In case the export file exists, but has different permissions than specified in the option, Tetragon will change the file permissions on the next log rotation. In older versions, log rotation preserved permissions of the existing file. Before upgrading check if permissions of the existing export file match the option (600 by default), and set the agent flag or Helm value to the desired value if needed. +* TBD ### Agent Options @@ -19,29 +19,8 @@ Depending on your setup, changes listed here might require a manual intervention ### Events (protobuf API) - -#### New events for `syscall64` type - -Previous versions of Tetragon did not distinguish between different ABIs when using the syscall64 type -because the output was just a `size_arg` with the id. When executing the `getcpu` syscall, for example, the JSON -for 64- and 32-bits would be: -``` -"args":[{"size_arg":"309"}] -"args":[{"size_arg":"318"}] -``` - -Note that id 318 for `x86_64` is a different syscall: `getrandom` so we cannot distinguish between a `getrandom` syscall on x86_64 -and a `getcpu` call on 32-bit (`i386`). To address this issue, the output of `syscall64` was changed to a `SyscallId` object that -also includes the ABI. So the JSON for 64- and 32-bits `getcpu` now is: - -``` -"args":[{"syscall_id":{"id":309,"abi":"x64"}}] -"args":[{"syscall_id":{"id":318,"abi":"i386"}}] -``` - -Users that want to maintain the old behavior can use the `--enable-compatibility-syscall64-size-type` flag for this version. -The flag will be removed in v1.4. +* TBD ### Metrics -* `tetragon_ratelimit_dropped_total` metric is renamed to `tetragon_export_ratelimit_events_dropped_total` +* TBD diff --git a/contrib/upgrade-notes/v1.3.0.md b/contrib/upgrade-notes/v1.3.0.md new file mode 100644 index 00000000000..fb89bcae05e --- /dev/null +++ b/contrib/upgrade-notes/v1.3.0.md @@ -0,0 +1,47 @@ +## Upgrade notes + +Read the upgrade notes carefully before upgrading Tetragon. +Depending on your setup, changes listed here might require a manual intervention. + +* Behavior of `export-file-perm` flag (and corresponding Helm value `tetragon.exportFilePerm`) changed. In case the export file exists, but has different permissions than specified in the option, Tetragon will change the file permissions on the next log rotation. In older versions, log rotation preserved permissions of the existing file. Before upgrading check if permissions of the existing export file match the option (600 by default), and set the agent flag or Helm value to the desired value if needed. + +### Agent Options + +* TBD + +### Helm Values + +* TBD + +### TracingPolicy (k8s CRD) + +* TBD + +### Events (protobuf API) + + +#### New events for `syscall64` type + +Previous versions of Tetragon did not distinguish between different ABIs when using the syscall64 type +because the output was just a `size_arg` with the id. When executing the `getcpu` syscall, for example, the JSON +for 64- and 32-bits would be: +``` +"args":[{"size_arg":"309"}] +"args":[{"size_arg":"318"}] +``` + +Note that id 318 for `x86_64` is a different syscall: `getrandom` so we cannot distinguish between a `getrandom` syscall on x86_64 +and a `getcpu` call on 32-bit (`i386`). To address this issue, the output of `syscall64` was changed to a `SyscallId` object that +also includes the ABI. So the JSON for 64- and 32-bits `getcpu` now is: + +``` +"args":[{"syscall_id":{"id":309,"abi":"x64"}}] +"args":[{"syscall_id":{"id":318,"abi":"i386"}}] +``` + +Users that want to maintain the old behavior can use the `--enable-compatibility-syscall64-size-type` flag for this version. +The flag will be removed in v1.4. + +### Metrics + +* `tetragon_ratelimit_dropped_total` metric is renamed to `tetragon_export_ratelimit_events_dropped_total` diff --git a/docs/config/_default/hugo.toml b/docs/config/_default/hugo.toml index 5c8cb3222b0..539efc3b544 100644 --- a/docs/config/_default/hugo.toml +++ b/docs/config/_default/hugo.toml @@ -123,7 +123,7 @@ demo_app_url = "https://raw.githubusercontent.com/cilium/cilium/v1.15.3/examples # Used in the "version-banner" partial to display a version number for the # current doc set. # renovate: datasource=docker depName=quay.io/cilium/tetragon -version = "v1.2.0" +version = "v1.3.0" [params.search.algolia] appId = "UI18HE156K" diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md index c79892a3c0e..14b25b94148 100644 --- a/docs/content/en/docs/reference/helm-chart.md +++ b/docs/content/en/docs/reference/helm-chart.md @@ -108,7 +108,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | tetragon.hostProcPath | string | `"/proc"` | Location of the host proc filesystem in the runtime environment. If the runtime runs in the host, the path is /proc. Exceptions to this are environments like kind, where the runtime itself does not run on the host. | | tetragon.image.override | string | `nil` | | | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` | | -| tetragon.image.tag | string | `"v1.2.1"` | | +| tetragon.image.tag | string | `"v1.3.0"` | | | tetragon.livenessProbe | object | `{}` | Overrides the default livenessProbe for the tetragon container. | | tetragon.ociHookSetup | object | `{"enabled":false,"extraVolumeMounts":[],"failAllowNamespaces":"","installDir":"/opt/tetragon","interface":"oci-hooks","resources":{},"securityContext":{"privileged":true}}` | Configure tetragon's init container for setting up tetragon-oci-hook on the host NOTE: This is deprecated, please use .rthooks | | tetragon.ociHookSetup.enabled | bool | `false` | enable init container to setup tetragon-oci-hook | @@ -141,7 +141,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | tetragonOperator.extraVolumeMounts | list | `[]` | | | tetragonOperator.extraVolumes | list | `[]` | Extra volumes for the Tetragon Operator Deployment. | | tetragonOperator.forceUpdateCRDs | bool | `false` | | -| tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.2.1"}` | tetragon-operator image. | +| tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.3.0"}` | tetragon-operator image. | | tetragonOperator.nodeSelector | object | `{}` | Steer the Tetragon Operator Deployment Pod placement via nodeSelector, tolerations and affinity rules. | | tetragonOperator.podAnnotations | object | `{}` | Annotations for the Tetragon Operator Deployment Pods. | | tetragonOperator.podInfo.enabled | bool | `false` | Enables the PodInfo CRD and the controller that reconciles PodInfo custom resources. | diff --git a/install/kubernetes/tetragon/Chart.yaml b/install/kubernetes/tetragon/Chart.yaml index 0d4443f4b65..3729987869f 100644 --- a/install/kubernetes/tetragon/Chart.yaml +++ b/install/kubernetes/tetragon/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tetragon description: Helm chart for Tetragon type: application -version: 1.2.0 +version: 1.3.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 1.2.0 +appVersion: 1.3.0 diff --git a/install/kubernetes/tetragon/README.md b/install/kubernetes/tetragon/README.md index 0baa0edc25e..7c8c30ac2ff 100644 --- a/install/kubernetes/tetragon/README.md +++ b/install/kubernetes/tetragon/README.md @@ -1,6 +1,6 @@ # tetragon -![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) +![Version: 1.3.0](https://img.shields.io/badge/Version-1.3.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.3.0](https://img.shields.io/badge/AppVersion-1.3.0-informational?style=flat-square) Helm chart for Tetragon @@ -90,7 +90,7 @@ Helm chart for Tetragon | tetragon.hostProcPath | string | `"/proc"` | Location of the host proc filesystem in the runtime environment. If the runtime runs in the host, the path is /proc. Exceptions to this are environments like kind, where the runtime itself does not run on the host. | | tetragon.image.override | string | `nil` | | | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` | | -| tetragon.image.tag | string | `"v1.2.1"` | | +| tetragon.image.tag | string | `"v1.3.0"` | | | tetragon.livenessProbe | object | `{}` | Overrides the default livenessProbe for the tetragon container. | | tetragon.ociHookSetup | object | `{"enabled":false,"extraVolumeMounts":[],"failAllowNamespaces":"","installDir":"/opt/tetragon","interface":"oci-hooks","resources":{},"securityContext":{"privileged":true}}` | Configure tetragon's init container for setting up tetragon-oci-hook on the host NOTE: This is deprecated, please use .rthooks | | tetragon.ociHookSetup.enabled | bool | `false` | enable init container to setup tetragon-oci-hook | @@ -123,7 +123,7 @@ Helm chart for Tetragon | tetragonOperator.extraVolumeMounts | list | `[]` | | | tetragonOperator.extraVolumes | list | `[]` | Extra volumes for the Tetragon Operator Deployment. | | tetragonOperator.forceUpdateCRDs | bool | `false` | | -| tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.2.1"}` | tetragon-operator image. | +| tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.3.0"}` | tetragon-operator image. | | tetragonOperator.nodeSelector | object | `{}` | Steer the Tetragon Operator Deployment Pod placement via nodeSelector, tolerations and affinity rules. | | tetragonOperator.podAnnotations | object | `{}` | Annotations for the Tetragon Operator Deployment Pods. | | tetragonOperator.podInfo.enabled | bool | `false` | Enables the PodInfo CRD and the controller that reconciles PodInfo custom resources. | diff --git a/install/kubernetes/tetragon/values.yaml b/install/kubernetes/tetragon/values.yaml index 183833db664..f09d11dec2b 100644 --- a/install/kubernetes/tetragon/values.yaml +++ b/install/kubernetes/tetragon/values.yaml @@ -40,7 +40,7 @@ tetragon: image: override: ~ repository: quay.io/cilium/tetragon - tag: v1.2.1 + tag: v1.3.0 resources: {} extraArgs: {} extraEnv: [] @@ -281,7 +281,7 @@ tetragonOperator: image: override: ~ repository: quay.io/cilium/tetragon-operator - tag: v1.2.1 + tag: v1.3.0 pullPolicy: IfNotPresent # -- Extra volumes for the Tetragon Operator Deployment. extraVolumes: []