diff --git a/contrib/upgrade-notes/v1.1.2.md b/contrib/upgrade-notes/v1.1.2.md new file mode 100644 index 00000000000..bfce1cbf5fb --- /dev/null +++ b/contrib/upgrade-notes/v1.1.2.md @@ -0,0 +1,21 @@ +## Upgrade notes for version v1.1.2 + +### Helm + +The default livenessProbe was changed to use a gRPC liveness probe instead of the tetra status +command. + +Users can migrate to the old behavior by using a helm configuration such as: +``` + tetragon: + livenessProbe: + timeoutSeconds: 60 + exec: + command: + - tetra + - status + - --server-address + - "54321" + - --retries + - "5" +``` diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md index 18356035140..634722c9c6a 100644 --- a/docs/content/en/docs/reference/helm-chart.md +++ b/docs/content/en/docs/reference/helm-chart.md @@ -84,7 +84,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | tetragon.hostProcPath | string | `"/proc"` | Location of the host proc filesystem in the runtime environment. If the runtime runs in the host, the path is /proc. Exceptions to this are environments like kind, where the runtime itself does not run on the host. | | tetragon.image.override | string | `nil` | | | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` | | -| tetragon.image.tag | string | `"v1.1.1"` | | +| tetragon.image.tag | string | `"v1.1.2"` | | | tetragon.livenessProbe | object | `{}` | Overrides the default livenessProbe for the tetragon container. | | tetragon.ociHookSetup | object | `{"enabled":false,"extraVolumeMounts":[],"installDir":"/opt/tetragon","interface":"oci-hooks","resources":{},"securityContext":{"privileged":true}}` | Configure tetragon's init container for setting up tetragon-oci-hook on the host | | tetragon.ociHookSetup.enabled | bool | `false` | enable init container to setup tetragon-oci-hook | @@ -103,13 +103,13 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | tetragon.redactionFilters | string | `""` | | | tetragon.resources | object | `{}` | | | tetragon.securityContext.privileged | bool | `true` | | -| tetragonOperator | object | `{"affinity":{},"annotations":{},"enabled":true,"extraLabels":{},"extraPodLabels":{},"extraVolumeMounts":[],"extraVolumes":[],"forceUpdateCRDs":false,"image":{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.1.1"},"nodeSelector":{},"podAnnotations":{},"podInfo":{"enabled":false},"podSecurityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}},"priorityClassName":"","prometheus":{"address":"","enabled":true,"port":2113,"serviceMonitor":{"enabled":false,"labelsOverride":{},"scrapeInterval":"10s"}},"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{},"serviceAccount":{"annotations":{},"create":true,"name":""},"skipCRDCreation":false,"strategy":{},"tolerations":[{"operator":"Exists"}],"tracingPolicy":{"enabled":true}}` | Tetragon Operator settings | +| tetragonOperator | object | `{"affinity":{},"annotations":{},"enabled":true,"extraLabels":{},"extraPodLabels":{},"extraVolumeMounts":[],"extraVolumes":[],"forceUpdateCRDs":false,"image":{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.1.2"},"nodeSelector":{},"podAnnotations":{},"podInfo":{"enabled":false},"podSecurityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}},"priorityClassName":"","prometheus":{"address":"","enabled":true,"port":2113,"serviceMonitor":{"enabled":false,"labelsOverride":{},"scrapeInterval":"10s"}},"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{},"serviceAccount":{"annotations":{},"create":true,"name":""},"skipCRDCreation":false,"strategy":{},"tolerations":[{"operator":"Exists"}],"tracingPolicy":{"enabled":true}}` | Tetragon Operator settings | | tetragonOperator.annotations | object | `{}` | Annotations for the Tetragon Operator Deployment. | | tetragonOperator.enabled | bool | `true` | Enables the Tetragon Operator. | | tetragonOperator.extraLabels | object | `{}` | Extra labels to be added on the Tetragon Operator Deployment. | | tetragonOperator.extraPodLabels | object | `{}` | Extra labels to be added on the Tetragon Operator Deployment Pods. | | tetragonOperator.extraVolumes | list | `[]` | Extra volumes for the Tetragon Operator Deployment. | -| tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.1.1"}` | tetragon-operator image. | +| tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.1.2"}` | tetragon-operator image. | | tetragonOperator.nodeSelector | object | `{}` | Steer the Tetragon Operator Deployment Pod placement via nodeSelector, tolerations and affinity rules. | | tetragonOperator.podAnnotations | object | `{}` | Annotations for the Tetragon Operator Deployment Pods. | | tetragonOperator.podInfo.enabled | bool | `false` | Enables the PodInfo CRD and the controller that reconciles PodInfo custom resources. | diff --git a/docs/hugo.toml b/docs/hugo.toml index 447e2dd94a7..4682ed9fc99 100644 --- a/docs/hugo.toml +++ b/docs/hugo.toml @@ -120,7 +120,7 @@ demo_app_url = "https://raw.githubusercontent.com/cilium/cilium/v1.15.3/examples # Used in the "version-banner" partial to display a version number for the # current doc set. # renovate: datasource=docker depName=quay.io/cilium/tetragon -version = "v1.1.1" +version = "v1.1.2" [params.search.algolia] appId = "UI18HE156K" diff --git a/install/kubernetes/tetragon/Chart.yaml b/install/kubernetes/tetragon/Chart.yaml index a1bd3e7c270..b8d1a973dea 100644 --- a/install/kubernetes/tetragon/Chart.yaml +++ b/install/kubernetes/tetragon/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tetragon description: Helm chart for Tetragon type: application -version: 1.1.1 +version: 1.1.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 1.1.1 +appVersion: 1.1.2 diff --git a/install/kubernetes/tetragon/README.md b/install/kubernetes/tetragon/README.md index ca27893643b..ca7a1705995 100644 --- a/install/kubernetes/tetragon/README.md +++ b/install/kubernetes/tetragon/README.md @@ -1,6 +1,6 @@ # tetragon -![Version: 1.1.1](https://img.shields.io/badge/Version-1.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.1](https://img.shields.io/badge/AppVersion-1.1.1-informational?style=flat-square) +![Version: 1.1.2](https://img.shields.io/badge/Version-1.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.2](https://img.shields.io/badge/AppVersion-1.1.2-informational?style=flat-square) Helm chart for Tetragon @@ -66,7 +66,7 @@ Helm chart for Tetragon | tetragon.hostProcPath | string | `"/proc"` | Location of the host proc filesystem in the runtime environment. If the runtime runs in the host, the path is /proc. Exceptions to this are environments like kind, where the runtime itself does not run on the host. | | tetragon.image.override | string | `nil` | | | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` | | -| tetragon.image.tag | string | `"v1.1.1"` | | +| tetragon.image.tag | string | `"v1.1.2"` | | | tetragon.livenessProbe | object | `{}` | Overrides the default livenessProbe for the tetragon container. | | tetragon.ociHookSetup | object | `{"enabled":false,"extraVolumeMounts":[],"installDir":"/opt/tetragon","interface":"oci-hooks","resources":{},"securityContext":{"privileged":true}}` | Configure tetragon's init container for setting up tetragon-oci-hook on the host | | tetragon.ociHookSetup.enabled | bool | `false` | enable init container to setup tetragon-oci-hook | @@ -85,13 +85,13 @@ Helm chart for Tetragon | tetragon.redactionFilters | string | `""` | | | tetragon.resources | object | `{}` | | | tetragon.securityContext.privileged | bool | `true` | | -| tetragonOperator | object | `{"affinity":{},"annotations":{},"enabled":true,"extraLabels":{},"extraPodLabels":{},"extraVolumeMounts":[],"extraVolumes":[],"forceUpdateCRDs":false,"image":{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.1.1"},"nodeSelector":{},"podAnnotations":{},"podInfo":{"enabled":false},"podSecurityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}},"priorityClassName":"","prometheus":{"address":"","enabled":true,"port":2113,"serviceMonitor":{"enabled":false,"labelsOverride":{},"scrapeInterval":"10s"}},"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{},"serviceAccount":{"annotations":{},"create":true,"name":""},"skipCRDCreation":false,"strategy":{},"tolerations":[{"operator":"Exists"}],"tracingPolicy":{"enabled":true}}` | Tetragon Operator settings | +| tetragonOperator | object | `{"affinity":{},"annotations":{},"enabled":true,"extraLabels":{},"extraPodLabels":{},"extraVolumeMounts":[],"extraVolumes":[],"forceUpdateCRDs":false,"image":{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.1.2"},"nodeSelector":{},"podAnnotations":{},"podInfo":{"enabled":false},"podSecurityContext":{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}},"priorityClassName":"","prometheus":{"address":"","enabled":true,"port":2113,"serviceMonitor":{"enabled":false,"labelsOverride":{},"scrapeInterval":"10s"}},"resources":{"limits":{"cpu":"500m","memory":"128Mi"},"requests":{"cpu":"10m","memory":"64Mi"}},"securityContext":{},"serviceAccount":{"annotations":{},"create":true,"name":""},"skipCRDCreation":false,"strategy":{},"tolerations":[{"operator":"Exists"}],"tracingPolicy":{"enabled":true}}` | Tetragon Operator settings | | tetragonOperator.annotations | object | `{}` | Annotations for the Tetragon Operator Deployment. | | tetragonOperator.enabled | bool | `true` | Enables the Tetragon Operator. | | tetragonOperator.extraLabels | object | `{}` | Extra labels to be added on the Tetragon Operator Deployment. | | tetragonOperator.extraPodLabels | object | `{}` | Extra labels to be added on the Tetragon Operator Deployment Pods. | | tetragonOperator.extraVolumes | list | `[]` | Extra volumes for the Tetragon Operator Deployment. | -| tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.1.1"}` | tetragon-operator image. | +| tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.1.2"}` | tetragon-operator image. | | tetragonOperator.nodeSelector | object | `{}` | Steer the Tetragon Operator Deployment Pod placement via nodeSelector, tolerations and affinity rules. | | tetragonOperator.podAnnotations | object | `{}` | Annotations for the Tetragon Operator Deployment Pods. | | tetragonOperator.podInfo.enabled | bool | `false` | Enables the PodInfo CRD and the controller that reconciles PodInfo custom resources. | diff --git a/install/kubernetes/tetragon/values.yaml b/install/kubernetes/tetragon/values.yaml index 7a54ed5ca4e..332ee015c8c 100644 --- a/install/kubernetes/tetragon/values.yaml +++ b/install/kubernetes/tetragon/values.yaml @@ -53,7 +53,7 @@ tetragon: image: override: ~ repository: quay.io/cilium/tetragon - tag: v1.1.1 + tag: v1.1.2 resources: {} extraArgs: {} extraEnv: [] @@ -265,7 +265,7 @@ tetragonOperator: image: override: ~ repository: quay.io/cilium/tetragon-operator - tag: v1.1.1 + tag: v1.1.2 pullPolicy: IfNotPresent # -- Extra volumes for the Tetragon Operator Deployment. extraVolumes: []