Releases: tuxerrante/kapparmor
Releases · tuxerrante/kapparmor
kapparmor-0.1.6
8a0b858
This commit was signed with the committer’s verified signature.
tuxerrante
Affinito Alessandro
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.
0.1.6 - 2024-07-16
- Update to go 1.22.5
- Security: fix CVE-2024-24790
- Fixed produced image to ubuntu:24.04@sha256:2e863c44b718727c860746568e1d54afd13b2fa71b160f5cd9058fc436217b30
- Publication of a roadmap
- Docs update
0.1.5 - 2023-05-16
- Feature: manage custom labels
- Feature: validate profile file content
- Feature: Validate app and chart version
- Feature: catch SIGTERM signal
- Fix: profile content checking when they have same name
- update to go 1.20
- Docs update
0.1.2 - 2023-02-22
Fixed
- Support for profile names coming after comments and include lines
Added
- Tested on multiple nodes cluster
- Base images switched to go 1.20
0.1.1 - 2023-02-13
Fixed
- Moved shared testing functions to a dedicated module
- Minor documentation and readme fixes
Added
- Enforce profiles filenames to be the same as the profile names
- Changelog automatically read by chart-releaser
0.1.0 - 2023-02-01
Fixed
- "Unable to replace profiles. Permission denied, app seems still confined." - Switched to ubuntu image
- No need for SYS_ADMIN capabilities
- Ignore hidden and system folders while scanning for profiles
Added
- Instructions to test the app in a virtual machine directly running the go app or in microk8s pushing the built container to the local registry
0.0.6 - 2023-01-26
Added
Helm:
- Added SYS_ADMIN capabilities to the daemonset
- Mounted needed folders in the Dockerfile and in the daemonset
- Added POLL_TIME and profiles files as configurable options through configmaps
Go:
- Added first testing function
- Moved file operations functions to dedicated module
- Fixed POLL_TIME value passing from configmap
CI/CD:
- Explicit changelog to help users understanding the project features
- Automatic generation of release notes based on changelog file
- Configurable poll time and profiles directory in the helm values file
0.0.5 - 2023-01-23
Added
Helm:
- Helm Chart based mainly on a DaemonSet and a configmap. No operator needed.
- Load all AppArmor profiles in the configmap template
Go:
- Possibility to load continuously the security profiles from a configmap with a configurable poll time
CI/CD:
- Helm chart linting and testing before releasing
- Security vulnerability tests on Go dependencies and container file.
- Auto generation of GitHub pages
- Container image tag is set to current commit SHA for every release.
Fixed
- Being still an alpha release I will add everything in the "Added" section
What's Changed
- Origin/gh pages by @tuxerrante in #1
- Dev by @tuxerrante in #2
- Dev by @tuxerrante in #3
- test alpha release by @tuxerrante in #4
- release also from PR by @tuxerrante in #5
- Dev by @tuxerrante in #6
- Dev by @tuxerrante in #7
- chanmged chart-testing charts setting by @tuxerrante in #8
- configmap template auto filled by profiles by @tuxerrante in #9
- release only during a PR or when tagging by @tuxerrante in #10
- fix GITHUB_SHA writtend during CI by @tuxerrante in #11
- Feature/has the same content test by @tuxerrante in #12
- 0.1.0 First working release by @tuxerrante in #13
- Feature: continuous unit testing and test coverage by @tuxerrante in #14
- feature: Enforce profiles filenames to be the same as the profile names by @tuxerrante in #15
- Feature: support profiles not starting with their names as first line, hostPath creation by @tuxerrante in #16
- Start build-app also on tags by @tuxerrante in #17
- #18 - Manage custom labels, validate profile content, manage SIGTERM by @tuxerrante in #18
Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.1.6
Contributors
tuxerrante
Assets 3
v0.1.9
What's Changed
CI:
- Fixed Codecov plugin issues
- Refresh container image every Sunday night
- Git auto CRLF set to false
git config --global core.autocrlf false - Bumped multiple actions
- Bash CI to automate go version bump from one source of truth (
config/config)
Code:
- golang:1.22 as builder containerfile image
- The k8s service resource is now settable from the values.yaml
- Introduced Fuzz testing for profile filenames
- If POLL_TIME is set less than 1 it will default to 1 second
Project Security Fixes
- Signed commits:
git config commit.gpgsign true - Added repository Security policy
- Added OpenSSF scorecard workflow
- Least Privileged GitHub Actions Token Permissions: setting minimum token permissions for the GITHUB_TOKEN
- Pinning actions to full length commit
- Intergated Harden-Runner in the CI: it prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access.
- Pinned image tags to digests in Dockerfiles.
- Closed 44 (!) security issues coming from Scorecard security scanner. Also with the help of stepsecurity.io
Full Changelog: v0.1.5...v0.1.9
kapparmor-0.1.5
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.
[Unreleased]
- E2E tests
- Create a new profile
- Update an existing profile
- Remove an existing profile
- Remove a non existing profile
- check current confinement state of the app
- Remove kubernetes Service and DaemonSet exposed ports if useless
- Add daemonset commands for checking readiness
- Add different logging levels
0.1.5 - 2023-05-16
- Feature: manage custom labels
- Feature: validate profile file content
- Feature: Validate app and chart version
- Feature: catch SIGTERM signal
- Fix: profile content checking when they have same name
- update to go 1.20
- Docs update
0.1.2 - 2023-02-22
Fixed
- Support for profile names coming after comments and include lines
Added
- Tested on multiple nodes cluster
- Base images switched to go 1.20
0.1.1 - 2023-02-13
Fixed
- Moved shared testing functions to a dedicated module
- Minor documentation and readme fixes
Added
- Enforce profiles filenames to be the same as the profile names
- Changelog automatically read by chart-releaser
0.1.0 - 2023-02-01
Fixed
- "Unable to replace profiles. Permission denied, app seems still confined." - Switched to ubuntu image
- No need for SYS_ADMIN capabilities
- Ignore hidden and system folders while scanning for profiles
Added
- Instructions to test the app in a virtual machine directly running the go app or in microk8s pushing the built container to the local registry
0.0.6 - 2023-01-26
Added
Helm:
- Added SYS_ADMIN capabilities to the daemonset
- Mounted needed folders in the Dockerfile and in the daemonset
- Added POLL_TIME and profiles files as configurable options through configmaps
Go:
- Added first testing function
- Moved file operations functions to dedicated module
- Fixed POLL_TIME value passing from configmap
CI/CD:
- Explicit changelog to help users understanding the project features
- Automatic generation of release notes based on changelog file
- Configurable poll time and profiles directory in the helm values file
0.0.5 - 2023-01-23
Added
Helm:
- Helm Chart based mainly on a DaemonSet and a configmap. No operator needed.
- Load all AppArmor profiles in the configmap template
Go:
- Possibility to load continuously the security profiles from a configmap with a configurable poll time
CI/CD:
- Helm chart linting and testing before releasing
- Security vulnerability tests on Go dependencies and container file.
- Auto generation of GitHub pages
- Container image tag is set to current commit SHA for every release.
Fixed
- Being still an alpha release I will add everything in the "Added" section
What's Changed
- Origin/gh pages by @tuxerrante in #1
- Dev by @tuxerrante in #2
- Dev by @tuxerrante in #3
- test alpha release by @tuxerrante in #4
- release also from PR by @tuxerrante in #5
- Dev by @tuxerrante in #6
- Dev by @tuxerrante in #7
- chanmged chart-testing charts setting by @tuxerrante in #8
- configmap template auto filled by profiles by @tuxerrante in #9
- release only during a PR or when tagging by @tuxerrante in #10
- fix GITHUB_SHA writtend during CI by @tuxerrante in #11
- Feature/has the same content test by @tuxerrante in #12
- 0.1.0 First working release by @tuxerrante in #13
- Feature: continuous unit testing and test coverage by @tuxerrante in #14
- feature: Enforce profiles filenames to be the same as the profile names by @tuxerrante in #15
- Feature: support profiles not starting with their names as first line, hostPath creation by @tuxerrante in #16
- Start build-app also on tags by @tuxerrante in #17
- #18 - Manage custom labels, validate profile content, manage SIGTERM by @tuxerrante in #18
New Contributors
- @tuxerrante made their first contribution in #1
Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.1.5
Contributors
tuxerrante
Assets 3
kapparmor-0.1.2
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.
[Unreleased]
- Go unit tests
- Create a new profile
- Update an existing profile
- Remove an existing profile
- Remove a non existing profile
- check current confinement state of the app
- Remove kubernetes Service and DaemonSet exposed ports if useless
- Add daemonset commands for checking readiness
- Test on multiple nodes cluster
0.1.1 - 2023-02-13
Fixed
- Moved shared testing functions to a dedicated module
- Minor documentation and readme fixes
Added
- Enforce profiles filenames to be the same as the profile names
- Changelog automatically read by chart-releaser
0.1.0 - 2023-02-01
Fixed
- "Unable to replace profiles. Permission denied, app seems still confined." - Switched to ubuntu image
- No need for SYS_ADMIN capabilities
- Ignore hidden and system folders while scanning for profiles
Added
- Instructions to test the app in a virtual machine directly running the go app or in microk8s pushing the built container to the local registry
0.0.6 - 2023-01-26
Added
Helm:
- Added SYS_ADMIN capabilities to the daemonset
- Mounted needed folders in the Dockerfile and in the daemonset
- Added POLL_TIME and profiles files as configurable options through configmaps
Go:
- Added first testing function
- Moved file operations functions to dedicated module
- Fixed POLL_TIME value passing from configmap
CI/CD:
- Explicit changelog to help users understanding the project features
- Automatic generation of release notes based on changelog file
- Configurable poll time and profiles directory in the helm values file
0.0.5 - 2023-01-23
Added
Helm:
- Helm Chart based mainly on a DaemonSet and a configmap. No operator needed.
- Load all AppArmor profiles in the configmap template
Go:
- Possibility to load continuously the security profiles from a configmap with a configurable poll time
CI/CD:
- Helm chart linting and testing before releasing
- Security vulnerability tests on Go dependencies and container file.
- Auto generation of GitHub pages
- Container image tag is set to current commit SHA for every release.
Fixed
- Being still an alpha release I will add everything in the "Added" section
What's Changed
- Origin/gh pages by @tuxerrante in #1
- Dev by @tuxerrante in #2
- Dev by @tuxerrante in #3
- test alpha release by @tuxerrante in #4
- release also from PR by @tuxerrante in #5
- Dev by @tuxerrante in #6
- Dev by @tuxerrante in #7
- chanmged chart-testing charts setting by @tuxerrante in #8
- configmap template auto filled by profiles by @tuxerrante in #9
- release only during a PR or when tagging by @tuxerrante in #10
- fix GITHUB_SHA writtend during CI by @tuxerrante in #11
- Feature/has the same content test by @tuxerrante in #12
- 0.1.0 First working release by @tuxerrante in #13
- Feature: continuous unit testing and test coverage by @tuxerrante in #14
- feature: Enforce profiles filenames to be the same as the profile names by @tuxerrante in #15
New Contributors
- @tuxerrante made their first contribution in #1
Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.1.2
Contributors
tuxerrante
Assets 3
kapparmor-0.1.1
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.
[Unreleased]
- Go unit tests
- Create a new profile
- Update an existing profile
- Remove an existing profile
- Remove a non existing profile
- check current confinement state of the app
- Remove kubernetes Service and DaemonSet exposed ports if useless
- Add daemonset commands for checking readiness
- Test on multiple nodes cluster
0.1.1 - 2023-02-13
Fixed
- Moved shared testing functions to a dedicated module
- Minor documentation and readme fixes
Added
- Enforce profiles filenames to be the same as the profile names
- Changelog automatically read by chart-releaser
0.1.0 - 2023-02-01
Fixed
- "Unable to replace profiles. Permission denied, app seems still confined." - Switched to ubuntu image
- No need for SYS_ADMIN capabilities
- Ignore hidden and system folders while scanning for profiles
Added
- Instructions to test the app in a virtual machine directly running the go app or in microk8s pushing the built container to the local registry
0.0.6 - 2023-01-26
Added
Helm:
- Added SYS_ADMIN capabilities to the daemonset
- Mounted needed folders in the Dockerfile and in the daemonset
- Added POLL_TIME and profiles files as configurable options through configmaps
Go:
- Added first testing function
- Moved file operations functions to dedicated module
- Fixed POLL_TIME value passing from configmap
CI/CD:
- Explicit changelog to help users understanding the project features
- Automatic generation of release notes based on changelog file
- Configurable poll time and profiles directory in the helm values file
0.0.5 - 2023-01-23
Added
Helm:
- Helm Chart based mainly on a DaemonSet and a configmap. No operator needed.
- Load all AppArmor profiles in the configmap template
Go:
- Possibility to load continuously the security profiles from a configmap with a configurable poll time
CI/CD:
- Helm chart linting and testing before releasing
- Security vulnerability tests on Go dependencies and container file.
- Auto generation of GitHub pages
- Container image tag is set to current commit SHA for every release.
Fixed
- Being still an alpha release I will add everything in the "Added" section
What's Changed
- Origin/gh pages by @tuxerrante in #1
- Dev by @tuxerrante in #2
- Dev by @tuxerrante in #3
- test alpha release by @tuxerrante in #4
- release also from PR by @tuxerrante in #5
- Dev by @tuxerrante in #6
- Dev by @tuxerrante in #7
- chanmged chart-testing charts setting by @tuxerrante in #8
- configmap template auto filled by profiles by @tuxerrante in #9
- release only during a PR or when tagging by @tuxerrante in #10
- fix GITHUB_SHA writtend during CI by @tuxerrante in #11
- Feature/has the same content test by @tuxerrante in #12
- 0.1.0 First working release by @tuxerrante in #13
- Feature: continuous unit testing and test coverage by @tuxerrante in #14
New Contributors
- @tuxerrante made their first contribution in #1
Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.1.1
Contributors
tuxerrante
Assets 3
kapparmor-0.1.0
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.
[Unreleased]
- Go unit tests
- Create a new profile
- Update an existing profile
- Remove an existing profile
- Remove a non existing profile
- Remove kubernetes Service and DaemonSet exposed ports if useless
- Evaluate an automatic changelog generation from commits like googleapis/release-please
- Add daemonset commands for checking readiness
- Add tests for all the main functions
- Add test for checking current confinement state of the app
- Test on multiple nodes cluster
0.1.0 - 2023-02-01
Fixed
- "Unable to replace profiles. Permission denied, app seems still confined." - Switched to ubuntu image
- No need for SYS_ADMIN capabilities
- Ignore hidden and system folders while scanning for profiles
Added
- Instructions to test the app in a virtual machine directly running the go app or in microk8s pushing the built container to the local registry
0.0.6 - 2023-01-26
Added
Helm:
- Added SYS_ADMIN capabilities to the daemonset
- Mounted needed folders in the Dockerfile and in the daemonset
- Added POLL_TIME and profiles files as configurable options through configmaps
Go:
- Added first testing function
- Moved file operations functions to dedicated module
- Fixed POLL_TIME value passing from configmap
CI/CD:
- Explicit changelog to help users understanding the project features
- Automatic generation of release notes based on changelog file
- Configurable poll time and profiles directory in the helm values file
0.0.5 - 2023-01-23
Added
Helm:
- Helm Chart based mainly on a DaemonSet and a configmap. No operator needed.
- Load all AppArmor profiles in the configmap template
Go:
- Possibility to load continuously the security profiles from a configmap with a configurable poll time
CI/CD:
- Helm chart linting and testing before releasing
- Security vulnerability tests on Go dependencies and container file.
- Auto generation of GitHub pages
- Container image tag is set to current commit SHA for every release.
Fixed
- Being still an alpha release I will add everything in the "Added" section
What's Changed
- Origin/gh pages by @tuxerrante in #1
- Dev by @tuxerrante in #2
- Dev by @tuxerrante in #3
- test alpha release by @tuxerrante in #4
- release also from PR by @tuxerrante in #5
- Dev by @tuxerrante in #6
- Dev by @tuxerrante in #7
- chanmged chart-testing charts setting by @tuxerrante in #8
- configmap template auto filled by profiles by @tuxerrante in #9
- release only during a PR or when tagging by @tuxerrante in #10
- fix GITHUB_SHA writtend during CI by @tuxerrante in #11
- Feature/has the same content test by @tuxerrante in #12
New Contributors
- @tuxerrante made their first contribution in #1
Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.1.0
Contributors
tuxerrante
Assets 3
kapparmor-0.0.6
A project to deploy profiles through a kubernetes daemonset and a configmap
What's Changed
- Origin/gh pages by @tuxerrante in #1
- Dev by @tuxerrante in #2
- Dev by @tuxerrante in #3
- test alpha release by @tuxerrante in #4
- release also from PR by @tuxerrante in #5
- Dev by @tuxerrante in #6
- Dev by @tuxerrante in #7
- chanmged chart-testing charts setting by @tuxerrante in #8
- configmap template auto filled by profiles by @tuxerrante in #9
- release only during a PR or when tagging by @tuxerrante in #10
- fix GITHUB_SHA writtend during CI by @tuxerrante in #11
- Feature/has the same content test by @tuxerrante in #12
New Contributors
- @tuxerrante made their first contribution in #1
Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.0.6
Contributors
tuxerrante
Assets 3
kapparmor-0.0.5-alpha
A project to deploy profiles through a kubernetes daemonset and a configmap
What's Changed
- Origin/gh pages by @tuxerrante in #1
- Dev by @tuxerrante in #2
- Dev by @tuxerrante in #3
- test alpha release by @tuxerrante in #4
- release also from PR by @tuxerrante in #5
- Dev by @tuxerrante in #6
- Dev by @tuxerrante in #7
- chanmged chart-testing charts setting by @tuxerrante in #8
- configmap template auto filled by profiles by @tuxerrante in #9
- release only during a PR or when tagging by @tuxerrante in #10
New Contributors
- @tuxerrante made their first contribution in #1
Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.0.5-alpha
Contributors
tuxerrante