Skip to content

v0.8.0

Choose a tag to compare

View all tags
@Danny-Wei Danny-Wei released this 23 Jun 07:14
· 49 commits to release-0.8 since this release
v0.8.0
cfddc5a

vArmor v0.8.0 has been released. For a comprehensive overview of the new features, refer to our blog.

Added

  • Added a self-hosted runner and e2e test cases for the BPF enforcer (#205)
  • Supported defining multiple ports and port ranges for network egress rules (#202)
  • Added PodServiceEgressControl feature for restricting access to pods and services (#206, #216, #217, #221)
  • Added a pod-self entity to restrict containers from accessing the IP of the Pod they are located in (#207)
  • Added an unspecified entity to restrict containers from accessing the 0.0.0.0 and :: (#208)
  • Added a localhost entity to restrict containers from accessing the loopback address (#209)
  • Enhanced DefenseInDepth mode with flexible profile sources and observation support (#210)
  • Extracted profile name from the Pod annotation and added it to the violation event for improved log traceability (#210)
  • Supported injecting metadata into the violation event (#214)
  • Supported BPF enforcer removal from existing policies (#213)
  • Added the block-access-to-kube-apiserver built-in rule (#222)
  • Added the ingress-nightmare-mitigation built-in rule (#222)

Changed

  • Saved AppArmor and Seccomp profiles as plain text into the CR object (#201)
  • Enhanced concurrency safety for status synchronization (#201)
  • Extracted common fields from CRD definitions into a common file (#210)
  • Upgraded libseccomp-golang to v0.11.0 (#210)
  • Improved error handling in ArmorProfile processing to collect all profile errors (#212)
  • Set default qps and burst values for Kubernetes client (#218)
  • Increased the value of MaxTargetContainerCountForBpfLsm from 100 to 110 (#207)

Full Changelog: v0.7.1...v0.8.0

Assets 2
Loading