diff --git a/contrib/upgrade-notes/latest.md b/contrib/upgrade-notes/latest.md index 9402e12c29e..6781dd46772 100644 --- a/contrib/upgrade-notes/latest.md +++ b/contrib/upgrade-notes/latest.md @@ -5,61 +5,22 @@ Depending on your setup, changes listed here might require a manual intervention * TBD -#### Agent Options +### Agent Options * TBD -#### Helm Values +### Helm Values -* Tetragon container now uses the gRPC liveness probe by default. To continue using "tetra status" for liveness probe, -specify `tetragon.livenessProbe` Helm value. For example: -```yaml -tetragon: - livenessProbe: - timeoutSeconds: 60 - exec: - command: - - tetra - - status - - --server-address - - "54321" - - --retries - - "5" -``` -* Deprecated `tetragon.skipCRDCreation` Helm value is removed. Use `crds.installMethod=none` instead. - -* `tetragon.ociHookSetup` Helm value is deprecated. Use `tetragon.rthooks` instead. +* TBD -#### TracingPolicy (k8s CRD) +### TracingPolicy (k8s CRD) * TBD -#### Events (protobuf API) +### Events (protobuf API) -* Sensor managing methods have been deprecated: - * `ListSensors` - * `EnableSensor` - * `DisableSensor` - * `RemoveSensor` +* TBD -#### Metrics +### Metrics -* `tetragon_policyfilter_metrics_total` metric is renamed to `tetragon_policyfilter_operations_total`, and its `op` - label is renamed to `operation`. -* `tetragon_missed_events_total` metric is renamed to `tetragon_bpf_missed_events_total`. -* Metrics related to ring buffer and events queue are renamed: - * `tetragon_ringbuf_perf_event_errors_total` -> `tetragon_observer_ringbuf_errors_total` - * `tetragon_ringbuf_perf_event_received_total` -> `tetragon_observer_ringbuf_events_received_total` - * `tetragon_ringbuf_perf_event_lost_total` -> `tetragon_observer_ringbuf_events_lost_total` - * `tetragon_ringbuf_queue_received_total` -> `tetragon_observer_ringbuf_queue_events_received_total` - * `tetragon_ringbuf_queue_lost_total` -> `tetragon_observer_ringbuf_queue_events_lost_total` -* `tetragon_errors_total{type="process_cache_evicted"}` metric is replaced by `tetragon_process_cache_evicted_total`. -* `tetragon_errors_total{type=~"process_cache_miss_on_get|process_cache_miss_on_remove"}` metrics are replaced by - `tetragon_process_cache_misses_total{operation=~"get|remove"}`. -* `tetragon_event_cache__errors_total` metrics are replaced by - `tetragon_event_cache_fetch_failures_total{entry_type=""}`. -* `tetragon_event_cache_accesses_total` metric is renamed to `tetragon_event_cache_inserts_total`. -* `tetragon_event_cache_retries_total` metric is renamed to `tetragon_event_cache_fetch_retries_total`. -* `tetragon_errors_total{type="event_missing_process_info"}` metric is replaced by - `tetragon_events_missing_process_info_total`. -* `tetragon_errors_total{type="handler_error"}` metric is removed. Use `tetragon_handler_errors_total` instead. +* TBD diff --git a/contrib/upgrade-notes/v1.2.0.md b/contrib/upgrade-notes/v1.2.0.md new file mode 100644 index 00000000000..9402e12c29e --- /dev/null +++ b/contrib/upgrade-notes/v1.2.0.md @@ -0,0 +1,65 @@ +## Upgrade notes + +Read the upgrade notes carefully before upgrading Tetragon. +Depending on your setup, changes listed here might require a manual intervention. + +* TBD + +#### Agent Options + +* TBD + +#### Helm Values + +* Tetragon container now uses the gRPC liveness probe by default. To continue using "tetra status" for liveness probe, +specify `tetragon.livenessProbe` Helm value. For example: +```yaml +tetragon: + livenessProbe: + timeoutSeconds: 60 + exec: + command: + - tetra + - status + - --server-address + - "54321" + - --retries + - "5" +``` +* Deprecated `tetragon.skipCRDCreation` Helm value is removed. Use `crds.installMethod=none` instead. + +* `tetragon.ociHookSetup` Helm value is deprecated. Use `tetragon.rthooks` instead. + +#### TracingPolicy (k8s CRD) + +* TBD + +#### Events (protobuf API) + +* Sensor managing methods have been deprecated: + * `ListSensors` + * `EnableSensor` + * `DisableSensor` + * `RemoveSensor` + +#### Metrics + +* `tetragon_policyfilter_metrics_total` metric is renamed to `tetragon_policyfilter_operations_total`, and its `op` + label is renamed to `operation`. +* `tetragon_missed_events_total` metric is renamed to `tetragon_bpf_missed_events_total`. +* Metrics related to ring buffer and events queue are renamed: + * `tetragon_ringbuf_perf_event_errors_total` -> `tetragon_observer_ringbuf_errors_total` + * `tetragon_ringbuf_perf_event_received_total` -> `tetragon_observer_ringbuf_events_received_total` + * `tetragon_ringbuf_perf_event_lost_total` -> `tetragon_observer_ringbuf_events_lost_total` + * `tetragon_ringbuf_queue_received_total` -> `tetragon_observer_ringbuf_queue_events_received_total` + * `tetragon_ringbuf_queue_lost_total` -> `tetragon_observer_ringbuf_queue_events_lost_total` +* `tetragon_errors_total{type="process_cache_evicted"}` metric is replaced by `tetragon_process_cache_evicted_total`. +* `tetragon_errors_total{type=~"process_cache_miss_on_get|process_cache_miss_on_remove"}` metrics are replaced by + `tetragon_process_cache_misses_total{operation=~"get|remove"}`. +* `tetragon_event_cache__errors_total` metrics are replaced by + `tetragon_event_cache_fetch_failures_total{entry_type=""}`. +* `tetragon_event_cache_accesses_total` metric is renamed to `tetragon_event_cache_inserts_total`. +* `tetragon_event_cache_retries_total` metric is renamed to `tetragon_event_cache_fetch_retries_total`. +* `tetragon_errors_total{type="event_missing_process_info"}` metric is replaced by + `tetragon_events_missing_process_info_total`. +* `tetragon_errors_total{type="handler_error"}` metric is removed. Use `tetragon_handler_errors_total` instead. diff --git a/docs/config/_default/hugo.toml b/docs/config/_default/hugo.toml index 7652197784e..efaeab09bc3 100644 --- a/docs/config/_default/hugo.toml +++ b/docs/config/_default/hugo.toml @@ -118,7 +118,7 @@ demo_app_url = "https://raw.githubusercontent.com/cilium/cilium/v1.15.3/examples # Used in the "version-banner" partial to display a version number for the # current doc set. # renovate: datasource=docker depName=quay.io/cilium/tetragon -version = "v1.1.2" +version = "v1.2.0" [params.search.algolia] appId = "UI18HE156K" diff --git a/docs/content/en/docs/reference/helm-chart.md b/docs/content/en/docs/reference/helm-chart.md index efe75b3702a..80b6c21d583 100644 --- a/docs/content/en/docs/reference/helm-chart.md +++ b/docs/content/en/docs/reference/helm-chart.md @@ -103,7 +103,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | tetragon.hostProcPath | string | `"/proc"` | Location of the host proc filesystem in the runtime environment. If the runtime runs in the host, the path is /proc. Exceptions to this are environments like kind, where the runtime itself does not run on the host. | | tetragon.image.override | string | `nil` | | | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` | | -| tetragon.image.tag | string | `"v1.1.2"` | | +| tetragon.image.tag | string | `"v1.2.0"` | | | tetragon.livenessProbe | object | `{}` | Overrides the default livenessProbe for the tetragon container. | | tetragon.ociHookSetup | object | `{"enabled":false,"extraVolumeMounts":[],"failAllowNamespaces":"","installDir":"/opt/tetragon","interface":"oci-hooks","resources":{},"securityContext":{"privileged":true}}` | Configure tetragon's init container for setting up tetragon-oci-hook on the host NOTE: This is deprecated, please use .rthooks | | tetragon.ociHookSetup.enabled | bool | `false` | enable init container to setup tetragon-oci-hook | @@ -135,7 +135,7 @@ To use [the values available](#values), with `helm install` or `helm upgrade`, u | tetragonOperator.extraVolumeMounts | list | `[]` | | | tetragonOperator.extraVolumes | list | `[]` | Extra volumes for the Tetragon Operator Deployment. | | tetragonOperator.forceUpdateCRDs | bool | `false` | | -| tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.1.2"}` | tetragon-operator image. | +| tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.2.0"}` | tetragon-operator image. | | tetragonOperator.nodeSelector | object | `{}` | Steer the Tetragon Operator Deployment Pod placement via nodeSelector, tolerations and affinity rules. | | tetragonOperator.podAnnotations | object | `{}` | Annotations for the Tetragon Operator Deployment Pods. | | tetragonOperator.podInfo.enabled | bool | `false` | Enables the PodInfo CRD and the controller that reconciles PodInfo custom resources. | diff --git a/install/kubernetes/tetragon/Chart.yaml b/install/kubernetes/tetragon/Chart.yaml index e80c33a788d..0d4443f4b65 100644 --- a/install/kubernetes/tetragon/Chart.yaml +++ b/install/kubernetes/tetragon/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: tetragon description: Helm chart for Tetragon type: application -version: 1.1.0 +version: 1.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. -appVersion: 1.1.0 +appVersion: 1.2.0 diff --git a/install/kubernetes/tetragon/README.md b/install/kubernetes/tetragon/README.md index 2251df8830d..732ffcc162a 100644 --- a/install/kubernetes/tetragon/README.md +++ b/install/kubernetes/tetragon/README.md @@ -1,6 +1,6 @@ # tetragon -![Version: 1.1.0](https://img.shields.io/badge/Version-1.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.1.0](https://img.shields.io/badge/AppVersion-1.1.0-informational?style=flat-square) +![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.2.0](https://img.shields.io/badge/AppVersion-1.2.0-informational?style=flat-square) Helm chart for Tetragon @@ -85,7 +85,7 @@ Helm chart for Tetragon | tetragon.hostProcPath | string | `"/proc"` | Location of the host proc filesystem in the runtime environment. If the runtime runs in the host, the path is /proc. Exceptions to this are environments like kind, where the runtime itself does not run on the host. | | tetragon.image.override | string | `nil` | | | tetragon.image.repository | string | `"quay.io/cilium/tetragon"` | | -| tetragon.image.tag | string | `"v1.1.2"` | | +| tetragon.image.tag | string | `"v1.2.0"` | | | tetragon.livenessProbe | object | `{}` | Overrides the default livenessProbe for the tetragon container. | | tetragon.ociHookSetup | object | `{"enabled":false,"extraVolumeMounts":[],"failAllowNamespaces":"","installDir":"/opt/tetragon","interface":"oci-hooks","resources":{},"securityContext":{"privileged":true}}` | Configure tetragon's init container for setting up tetragon-oci-hook on the host NOTE: This is deprecated, please use .rthooks | | tetragon.ociHookSetup.enabled | bool | `false` | enable init container to setup tetragon-oci-hook | @@ -117,7 +117,7 @@ Helm chart for Tetragon | tetragonOperator.extraVolumeMounts | list | `[]` | | | tetragonOperator.extraVolumes | list | `[]` | Extra volumes for the Tetragon Operator Deployment. | | tetragonOperator.forceUpdateCRDs | bool | `false` | | -| tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.1.2"}` | tetragon-operator image. | +| tetragonOperator.image | object | `{"override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/tetragon-operator","tag":"v1.2.0"}` | tetragon-operator image. | | tetragonOperator.nodeSelector | object | `{}` | Steer the Tetragon Operator Deployment Pod placement via nodeSelector, tolerations and affinity rules. | | tetragonOperator.podAnnotations | object | `{}` | Annotations for the Tetragon Operator Deployment Pods. | | tetragonOperator.podInfo.enabled | bool | `false` | Enables the PodInfo CRD and the controller that reconciles PodInfo custom resources. | diff --git a/install/kubernetes/tetragon/values.yaml b/install/kubernetes/tetragon/values.yaml index 0281e711322..f1686d31f08 100644 --- a/install/kubernetes/tetragon/values.yaml +++ b/install/kubernetes/tetragon/values.yaml @@ -40,7 +40,7 @@ tetragon: image: override: ~ repository: quay.io/cilium/tetragon - tag: v1.1.2 + tag: v1.2.0 resources: {} extraArgs: {} extraEnv: [] @@ -268,7 +268,7 @@ tetragonOperator: image: override: ~ repository: quay.io/cilium/tetragon-operator - tag: v1.1.2 + tag: v1.2.0 pullPolicy: IfNotPresent # -- Extra volumes for the Tetragon Operator Deployment. extraVolumes: [] @@ -340,7 +340,6 @@ crds: # default doesn't perform CRD downgrades. These can be configured in tetragonOperator section. # The "helm" method always installs all CRDs for the chart version. installMethod: "operator" - # -- Method for installing Tetagon rthooks (tetragon-rthooks) daemonset # The tetragon-rthooks daemonset is responsible for installing run-time hooks on the host. # See: https://tetragon.io/docs/concepts/runtime-hooks