Release v0.2.46

• add registry id and registry scan id attributes
• export registry status

Overview

This PR fixes #

Signed Commits

• Yes, I signed my commits.

Release v0.2.45

Signed-off-by: refaelm refaelm@armosec.io

Overview

This PR fixes #

Signed Commits

• Yes, I signed my commits.

Release v0.2.42

• add check registry operator command
• support scanRegistryV2 command

Overview

This PR fixes #

Signed Commits

• Yes, I signed my commits.

Release v0.2.41

Signed-off-by: refaelm refaelm@armosec.io

Overview

This PR fixes #

Signed Commits

• Yes, I signed my commits.

Release v0.2.40

Bumps github.com/cilium/cilium from 1.16.0 to 1.16.1.

Release notes

Sourced from github.com/cilium/cilium's releases.

1.16.1

Security Advisories

This release addresses the following security vulnerabilities:

• GHSA-vwf8-q6fw-4wcm
• GHSA-qcm3-7879-xcww

Summary of Changes

Minor Changes:

• Deprecate providing Hubble TLS secrets in helm values (Backport PR #34297, Upstream PR #34114, @​chancez)
• gateway-api: Add required labels and annotations (Backport PR #34215, Upstream PR #33990, @​sayboras)
• helm: add config for nat-map-stats-{interval, entries} config. (Backport PR #34158, Upstream PR #33847, @​tommyp1ckles)
• Internal listener references are now properly qualified with namespace and CEC name. (Backport PR #34158, Upstream PR #34104, @​jrajahalme)
• Support configuring imagePullSecrets for spire agent/server pods (Backport PR #34158, Upstream PR #33952, @​chancez)

Bugfixes:

• auth: Fix data race in Upsert (Backport PR #34158, Upstream PR #33905, @​chaunceyjiang)
• BGPv1 + BGPv2: Fix incorrect service reconciliation in setups with multiple BGP instances (virtual routers) (Backport PR #34297, Upstream PR #34177, @​rastislavs)
• bgpv1: Fix data race in bgppSelection (Backport PR #34158, Upstream PR #33904, @​chaunceyjiang)
• bgpv2: Avoid duplicate route policy naming (Backport PR #34158, Upstream PR #34031, @​rastislavs)
• BGPv2: Fix Service advertisement selector: do not require matching CiliumLoadBalancerIPPool (Backport PR #34201, Upstream PR #34182, @​rastislavs)
• Fix a nil dereference crash during cilium-agent initialization affecting setups with FQDN policies. The crash is triggered when a restored endpoint performs a DNS request just a the right time during early cilium-agent restoration. Problem is not expected to be persistent and the agent should get pass the problematic part of the initialization on restart. (Backport PR #34158, Upstream PR #34059, @​joamaki)
• Fix appArmorProfile condition for CronJob helm template (Backport PR #34297, Upstream PR #34100, @​sathieu)
• Fix bug causing etcd upsertion/deletion events to be potentially missed during the initial synchronization, when Cilium operates in KVStore mode, or Cluster Mesh is enabled. (Backport PR #34181, Upstream PR #34091, @​giorio94)
• Fix issue in picking node IP addresses from the loopback device. This fixes a regression in v1.15 and v1.16 where VIPs assigned to the lo device were not considered by Cilium. Fix spurious updates node addresses to avoid unnecessary datapath reinitializations. (Backport PR #34085, Upstream PR #34012, @​joamaki)
• Fix possible connection disruption on agent restart with WireGuard + kvstore (Backport PR #34158, Upstream PR #34062, @​giorio94)
• Fixes DNS proxy "connect: cannot assign requested address" errors in transparent mode, which were due to opening multiple TCP connections to the upstream DNS server. (Backport PR #34201, Upstream PR #33989, @​bimmlerd)
• gateway-api: Add HTTP method condition in sortable routes (Backport PR #34158, Upstream PR #34109, @​sayboras)
• gateway-api: Enqueue gateway for Reference Grant changes (Backport PR #34158, Upstream PR #34032, @​sayboras)
• lbipam: fixed bug in sharing key logic (Backport PR #34158, Upstream PR #34106, @​dylandreimerink)
• cilium/cilium#34322@​nathanjsweet)
• service: Relax protocol matching for L7 Service (Backport PR #34195, Upstream PR #34131, @​sayboras)

CI Changes:

• .github: ginkgo: remove duplicate datapath ipv4only test in f09/f21. (Backport PR #34297, Upstream PR #34071, @​tommyp1ckles)
• bpf: egressgw: don't install allow-all policy in to-netdev tests (Backport PR #34201, Upstream PR #34143, @​julianwiedmann)
• ci: multi pool run tests concurrently (Backport PR #34297, Upstream PR #33945, @​viktor-kurchenko)
• Fix workflow telemetry in ci-ipsec-upgrade (Backport PR #34158, Upstream PR #34097, @​chancez)
• gha: Add extended features in gateway profile run (Backport PR #34215, Upstream PR #34098, @​sayboras)
• gha: Free up Github runner disk space (Backport PR #34297, Upstream PR #34247, @​sayboras)
• gha: lint...

Release v0.2.34

Merge pull request #249 from kubescape/bump

bump armoapi-go

Release v0.2.32

Merge pull request #246 from kubescape/fix

use same cooldownqueue as node-agent and synchronizer

Release v0.2.31

Merge pull request #245 from kubescape/bump

optimize memory with pagers

v0.2.6

What's Changed

• chore(deps): Bump github.com/opencontainers/runc from 1.1.5 to 1.1.12 by @dependabot in #210
• send skipTLSVerify and Insecure in image scanning command by @amirmalka in #212

Full Changelog: v0.2.4...v0.2.6

v0.2.4

What's Changed

• Fix/bump k8s interface by @dwertent in #206
• fixed watchers by @dwertent in #207
• Adding tests, updating logs by @dwertent in #208
• fields arrangement by @dwertent in #209