Skip to content

Release v1.3.0

Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 13 Dec 13:12
· 76 commits to main since this release

Please update the description with the actual release notes and publish the release.
See the release issue for instructions.

If this release was created from a test tag, please delete it.

v1.3.0

total: 364 commits, prs: 130 pr commits: 364

Upgrade notes

Read the upgrade notes carefully before upgrading Tetragon.
Depending on your setup, changes listed here might require a manual intervention.

  • Behavior of export-file-perm flag (and corresponding Helm value tetragon.exportFilePerm) changed. In case the export file exists, but has different permissions than specified in the option, Tetragon will change the file permissions on the next log rotation. In older versions, log rotation preserved permissions of the existing file. Before upgrading check if permissions of the existing export file match the option (600 by default), and set the agent flag or Helm value to the desired value if needed.

Events (protobuf API)

New events for syscall64 type

Previous versions of Tetragon did not distinguish between different ABIs when using the syscall64 type
because the output was just a size_arg with the id. When executing the getcpu syscall, for example, the JSON
for 64- and 32-bits would be:

"args":[{"size_arg":"309"}]
"args":[{"size_arg":"318"}]

Note that id 318 for x86_64 is a different syscall: getrandom so we cannot distinguish between a getrandom syscall on x86_64
and a getcpu call on 32-bit (i386). To address this issue, the output of syscall64 was changed to a SyscallId object that
also includes the ABI. So the JSON for 64- and 32-bits getcpu now is:

"args":[{"syscall_id":{"id":309,"abi":"x64"}}]
"args":[{"syscall_id":{"id":318,"abi":"i386"}}]

Users that want to maintain the old behavior can use the --enable-compatibility-syscall64-size-type flag for this version.
The flag will be removed in v1.4.

Metrics

  • tetragon_ratelimit_dropped_total metric is renamed to tetragon_export_ratelimit_events_dropped_total

Major Changes:

  • IMA hashes in LSM events (#2818) by @anfedotoff
  • tetragon: add support for associating pod information when nested cgroups are used (#3170) by @kkourt

Bugfixes:

  • Fix clone event eventcache retry handler when missing pod info. (#2899) by @tpapagian
  • pkg/sensors: fix memory use of unloaded sensors (#3021) by @mtardy
  • tetragon: fix the process exit signal when core dumped (#3039) by @justin0u0
  • tetragon: improve how we handle cgroupv1 and cgroupv2 (#3053) by @tixxdz
  • [metrics] Fix overhead_program metrics for return probes (#3074) by @tpapagian
  • exec: fix tracking of matchBinary children (#3186) by @kkourt

Minor Changes:

  • Refactor & rename ratelimit metrics (#2890) by @lambdanis

  • bpf: improve the bpffs layout of tetragon objects (#2128) by @olsajiri

  • tetragon: Assorted fixes (#2906) by @olsajiri

  • tetragon: assorted fixes (#2926) by @olsajiri

  • tracing: support 32-bit ARM (aarch32) syscalls (#2898) by @kkourt

  • tetragon: Fix map PinPath setup in case the map is shared (#2944) by @olsajiri

  • Added metrics for LRU data cache (#2908) by @AshishNaware

  • tetragon: Factor grpc exec events test (#2952) by @olsajiri

  • bpf: support all operators (including Mask) for the syscall64 type (#2948) by @kkourt

  • tetragon: Add map ownership (#2945) by @olsajiri

  • tracingpolicy: add BPF operations support (#2943) by @tixxdz

  • Add an "enabled" switch to enable/disable the gops server via the Helm chart. It is now disabled by default. (#2961) by @XelK

  • Enabled tetra bash autocompletion in the Tetragon image (#2965) by @PhilipSchmid

  • tetragon: sensor cleanup fixes (#2968) by @olsajiri

  • tracing: include ABI information for syscall64 type (#2986) by @kkourt

  • tetra: Add debug progs command (#2967) by @olsajiri

  • Expose BPF map kernel memory use by tracing policy via the gRPC API and the metrics. Use tetra tp list to see the breakdown of BPF map memory use by policy or look for the tetragon_tracingpolicy_kernel_memory_bytes metric. (#2984) by @mtardy

  • tetragon: Use namespace in sensor policy directory (#2987) by @olsajiri

  • tetragon: Unpin map only if you are owner (#3004) by @olsajiri

  • enforcer: add tetragon_enforcer_missed_notifications_total metric (#2994) by @kkourt

  • ci:github: retry Test Tetragon on failure (#3001) by @tixxdz

  • Add an optional cluster_name field to GetEventsResponse (#3025) by @michi-covalent

  • tetragon: Make sure lsm programs return bounded value (#3032) by @olsajiri

  • tetragon: Fix TestCopyFd test on new v5.10 kernels (#3037) by @olsajiri

  • metrics: add version to build information (#3035) by @kkourt

  • Remove --expose-kernel-addresses and --pprof-addr flags (#3042) by @michi-covalent

  • Remove --enable-process-ancestors flag (#3043) by @michi-covalent

  • tetra: fix --policy-names to apply all event types (#3044) by @justin0u0

  • api: add bpf program types (#2997) by @tixxdz

  • tetragon: Fix TestExitSignal test (#3055) by @olsajiri

  • helm: Add part-of and component labels (#3052) by @lambdanis

  • tetragon: Add overhead metrics (#3040) by @olsajiri

  • tetragon: Load base sensor via sensor manager (#3045) by @olsajiri

  • crd: Added shortnames and catagory for Tetragon CRDs (#3065) by @PhilipSchmid

  • tetragon: Move procevents.GetRunningProcs call from base sensor load (#3097) by @olsajiri

  • Add Common Expression Language filter (#3098) by @michi-covalent

  • tetragon: un/pin fixes (#3079) by @olsajiri

  • tetragon: Allow multiple symbol instances in kprobe spec (#3121) by @olsajiri

  • tetragon: Unflake the TestGeneratedExecEvents test (#3141) by @olsajiri

  • tetragon: Setup tailcalls directly in bpf programs (#3002) by @olsajiri

  • Implement new regex filter type for parent process arguments. (#3155) by @will-isovalent

  • tetragon: update bpf makefile (#3159) by @olsajiri

  • sensors: reduce logging information by not emitting one line per map/prog being loaded by default (#3174) by @kkourt

  • cgtracker: add policyfilter support (#3180) by @kkourt

  • tetragon: Remove not needed rule commands (#3197) by @olsajiri

    • Introduce the in_init_tree flag for process events which indicates whether a process spawned from its container's init process tree (#3209) by @will-isovalent

    • Introduce a container_id export filter

    • Introduce an in_init_tree export filter

  • tetragon: setup to let match binary names use args as well (#3210) by @jrfastab

CI Changes:

Documentation changes:

Dependency updates:

  • deps: upgrade to Cilium 1.17.0-pre.cdf10116cea (#2911) by @mtardy
  • chore(deps): update all lvh-images main (main) (patch) (#2615) by @cilium-renovate[bot]
  • fix(deps): update module github.com/containerd/containerd to v2 (main) (#3092) by @cilium-renovate[bot]
  • chore(deps): update docker.io/golangci/golangci-lint docker tag to v1.62.0 (main) (#3101) by @cilium-renovate[bot]
  • fix(deps): update all go dependencies main (main) (minor) (#3154) by @cilium-renovate[bot]
  • fix(deps): update all go dependencies main (main) (patch) (#3176) by @cilium-renovate[bot]

Misc Changes: