Releases: stackrox/acs-fleet-manager
Releases · stackrox/acs-fleet-manager
2024-07-03.1
What's Changed
- ROX-22549: Change cluster_id label to cluster_name for the addon status metric by @kovayur in #1872
- ROX-21884: remove commented out tenant name change test by @vladbologa in #1873
- ROX-23253: add emailsender TLS service to helm template by @johannes94 in #1861
- ROX-22549: Remove excessive labels for the addon metric by @kovayur in #1880
- Bump golang.org/x/net from 0.25.0 to 0.26.0 by @dependabot in #1874
- Bump golang.org/x/sys from 0.20.0 to 0.21.0 by @dependabot in #1875
- Bump github.com/go-logr/logr from 1.4.1 to 1.4.2 by @dependabot in #1876
- Bump github.com/gruntwork-io/terratest from 0.46.14 to 0.46.15 by @dependabot in #1877
- Bump github.com/openshift-online/ocm-sdk-go from 0.1.419 to 0.1.423 by @dependabot in #1878
- ROX-23749: Allow Scanner V4 observability ingress on port 9091 by @vladbologa in #1881
- ROX-23749: allow indexer and scanner egress to kube API by @vladbologa in #1886
- ROX-22549: Add the addon metric to the grafana dashboard by @kovayur in #1884
- ROX-23260: Add Rate Limiter Service by @kurlov in #1867
- ROX-24660: install Compliance Operator on integration by @SimonBaeumer in #1885
- ROX-23709: Fix the volume mount error by @kovayur in #1889
- ROX-23260: Add Rate Limiter to Email Sender by @kurlov in #1887
- ROX-23709: Fix token expiration by @kovayur in #1891
- Bump github.com/aws/aws-sdk-go-v2 from 1.27.0 to 1.27.2 by @dependabot in #1894
- Bump github.com/prometheus/common from 0.53.0 to 0.54.0 by @dependabot in #1892
- Bump github.com/spf13/cobra from 1.8.0 to 1.8.1 by @dependabot in #1896
- Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.19.0 by @dependabot in #1893
- ROX-24792: remove compliance operator by @SimonBaeumer in #1897
- ROX-23260: add external secret for emailsender db config by @johannes94 in #1882
- ROX-23967: Tenant network policies tests by @vladbologa in #1835
- ROX-23259: emailsender aws sts by @kurlov in #1899
- ROX-23258: add emailsender to egress NP for central by @johannes94 in #1883
- ROX-23260: Use fleetshardsync clusterName value by @kurlov in #1900
- ROX-23260: Use fleetshardsync cluster values by @kurlov in #1901
- ROX 23555: Remove egress-proxy by @ebensh in #1768
- ROX-23251: Add migration to email sender by @kurlov in #1902
- ROX-23260: Setup rate limiter by @kurlov in #1904
- ROX-24844: Add a script to easily import an init-bundle to Secrets Manager by @kovayur in #1905
- Bump github.com/aws/aws-sdk-go-v2 from 1.27.2 to 1.30.0 by @dependabot in #1908
- Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 by @dependabot in #1907
- ROX-24844: Init bundle script fixes by @kovayur in #1911
- Bump github.com/aws/aws-sdk-go-v2/config from 1.27.15 to 1.27.21 by @dependabot in #1910
- fix: use senderAddress helm value for emailsender by @johannes94 in #1913
- Bump github.com/aws/aws-sdk-go from 1.51.15 to 1.54.7 by @dependabot in #1914
- ROX-23260: Use orgID for tenantID by @kurlov in #1912
- ROX-24867: Add Probe CPU Limits by @ebensh in #1898
- ROX-24867: Fix string value of cpu limits by @ebensh in #1916
- Use emailsender clusterName in secret by @kurlov in #1915
- ROX-11558: Run fleetshard-operator on dev/CI environments by @kovayur in #1890
- ROX-22549: Refine the addon metrics reporting by @kovayur in #1919
- Use the github role instead of the technical user in AWS integration tests by @kovayur in #1921
- ROX-24936: add AWS integration test for emailsender by @johannes94 in #1920
- Bump github.com/prometheus/common from 0.54.0 to 0.55.0 by @dependabot in #1928
- Bump github.com/aws/aws-sdk-go-v2/service/ses from 1.22.8 to 1.24.1 by @dependabot in #1927
- Bump github.com/golang/glog from 1.2.0 to 1.2.1 by @dependabot in #1929
- ROX-24458: Move app interface CI to podman by @kurlov in #1926
- ROX-25022: emailsender dev docs by @johannes94 in #1930
- ROX-24458: Add podman support for dockerfile by @kurlov in #1931
- ROX-23261: Add email sender metrics by @kurlov in #1923
- ROX-24458: probe build fix by @kurlov in #1932
- ROX-23967: Add more tenant network policy tests by @vladbologa in #1918
- fix: add a cleanup job for email events by @johannes94 in #1924
- Drop redundant resource values for rbac proxy by @kurlov in #1903
- ROX-24553: Possibility to add additional VPA recommenders by @ludydoo in #1888
- ROX-21290: fix rbac by @ludydoo in #1935
- ROX-22354: autorotate DP secrets if data has changed by @johannes94 in #1933
Full Changelog: 2024-06-10.1...2024-07-03.1
Contributors
ludydoo, ebensh, and 6 other contributors
Assets 2
2024-06-10.1
What's Changed
- Bump github.com/containers/image/v5 from 5.30.1 to 5.31.0 by @dependabot in #1853
- Bump gotest.tools/gotestsum from 1.11.0 to 1.12.0 in /tools by @dependabot in #1851
- ROX-23252: Reuse FSS image tag for email sender by @kurlov in #1858
- ROX-23252: Automatically update email sender image tag by @kurlov in #1859
- fix: emailsender cmd by @johannes94 in #1862
- Fix fleetmanager caching bug by @ludydoo in #1863
- Fix proxy config when secureTenantNetwork by @ludydoo in #1865
- Remove CODEOWNERS by @ebensh in #1864
- ROX-24158: remove unnecessary field from tenant default network policy by @vladbologa in #1866
- Bump github.com/go-gormigrate/gormigrate/v2 from 2.1.1 to 2.1.2 by @dependabot in #1852
- ROX-23255: add auth implementation for emailsender API by @johannes94 in #1826
- ROX-22549: Add an addon metric to track version mismatch by @kovayur in #1868
- ROX-23709: Rework local kubernetes issuer resolution by @kovayur in #1856
- ROX-23249: multiple emailsender issues discovered by debugging by @johannes94 in #1869
- ROX-20474: Add TENANT_IMAGE_PULL_SECRET to the dp-terraform helm chart by @kovayur in #1870
Full Changelog: 2024-06-04.1...2024-06-10.1
Contributors
ludydoo, ebensh, and 5 other contributors
Assets 2
2024-06-04.1
What's Changed
- Add syntax annotation to Dockerfile by @kovayur in #1838
- Bump peter-evans/repository-dispatch from 1 to 3 by @dependabot in #1808
- ROX-23749: fix scanner-v4-matcher network policy by @vladbologa in #1840
- Revert "Add syntax annotation to Dockerfile" by @vladbologa in #1841
- ROX-24158: Wait for central-service pods to terminate before netpol deletion by @vladbologa in #1842
- fix(tests): Update ACS to 4.4.2 in e2e tests and dev env by @vladbologa in #1846
- ROX-23254: Add SendRawEmail method by @kurlov in #1847
- Drop quay-ips pull secret from operator SA by @kurlov in #1849
- ROX-23709: Load token from file in fleetshard-sync by @kovayur in #1802
- ROX-23252: Fix default image value for email sender service by @kurlov in #1850
- ROX-23708: Add quay RO user to operator SA by @kurlov in #1855
- fix: emailsender rbac template by @johannes94 in #1857
- ROX-23252: Connect email sender service to the endpoint by @kurlov in #1848
Full Changelog: 2024-05-28.1...2024-06-04.1
Contributors
kovayur, kurlov, and 3 other contributors
Assets 2
2024-05-28.1
What's Changed
- ROX-23709: Refactor authentication handler by @kovayur in #1789
- ROX-23252: Add emailsender deployment by @kurlov in #1782
- ROX-23709: Trust Data Plane OAuth issuers in fleetshard authorization middleware by @kovayur in #1801
- Bump external secrets by @kurlov in #1820
- ROX-24273: garbage collection for tenant-resources chart by @ludydoo in #1819
- fix: move README.md from templates dir by @vladbologa in #1823
- ROX-23254: Add AWS SES client V2 by @kurlov in #1822
- ROX-23619: Bump go version to 1.21 and stackrox dependency by @kovayur in #1821
- ROX-23254: Email Sender add API package by @kurlov in #1815
- Bump actions/cache from 2 to 4 by @dependabot in #1807
- ROX-24986: Add Central VerticalPodAutoscaler by @ludydoo in #1824
- fix: checkAudience by returning if an audience matched by @johannes94 in #1827
- Improve logging for tenant resources helm chart values by @ludydoo in #1830
- Fix emailsender docker base version by @ludydoo in #1831
- Bump github.com/containers/image to v5.30.1 by @kovayur in #1829
- Bump github.com/spyzhov/ajson from 0.9.0 to 0.9.1 by @dependabot in #1816
- ROX-23709: Fix private/admin api matching from regex to string by @kovayur in #1828
- Bump ubi8/ubi-minimal from 8.9 to 8.10 by @dependabot in #1834
- Bump ubi8/ubi-minimal from 8.9 to 8.10 in /probe by @dependabot in #1832
- Bump ubi8/ubi-minimal from 8.9 to 8.10 in /dp-terraform/helm by @dependabot in #1833
- ROX-23709: Unskip/Fix E2E tests that use private API by @kovayur in #1836
- Fix invalid memory address error by @ludydoo in #1837
- Bump pre-commit/action from 3.0.0 to 3.0.1 by @dependabot in #1806
- Bump dorny/paths-filter from 2 to 3 by @dependabot in #1736
- fix emailsender helm template by @ludydoo in #1839
Full Changelog: 2024-05-21.1...2024-05-28.1
Contributors
ludydoo, kovayur, and 4 other contributors
Assets 2
2024-05-21.1
What's Changed
- Build on microshift preset for crc by @kovayur in #1810
- Bump github.com/openshift-online/ocm-sdk-go from 0.1.415 to 0.1.419 by @dependabot in #1787
- ROX-24127: tenant resources via gitops by @ludydoo in #1803
- ROX-23252: Add email sender to build and push by @kurlov in #1811
- Drop default CPU limit for ACS operator by @kurlov in #1812
- ROX-24259: Do not add team as cluster-admins during DP cluster IdP setup by @vladbologa in #1813
Full Changelog: 2024-05-13.1...2024-05-21.1
Contributors
ludydoo, kovayur, and 3 other contributors
Assets 2
2024-05-13.1
What's Changed
- ROX-23251: Add local deployment for email sender service by @kurlov in #1756
- fix: Remove eu-west-1 regions for cloudwatch exporter by @mclasmeier in #1775
- Bump github.com/prometheus/common from 0.46.0 to 0.53.0 by @dependabot in #1772
- ROX-23550: Add NetworkPolicy to Tenant Helm chart by @ebensh in #1767
- ROX 23550: Fix deployment, quote parameter by @ebensh in #1779
- feat: enable scanner-v4 monitoring by @stehessel in #1776
- ROX-23550: Change DNS from kube-dns to openshift-dns by @ebensh in #1781
- ROX-23252: Add local deployment for email sender service by @kurlov in #1777
- ROX-23252: add email sender to build and push by @kurlov in #1784
- Revert "ROX-23252: add email sender to build and push" by @johannes94 in #1785
- ROX 23550: Fix fleetshard sync to central by @ebensh in #1788
- ROX-23984: install vpa operator by @ludydoo in #1780
- Bump github.com/jackc/pgx/v5 from 5.5.3 to 5.5.4 by @dependabot in #1790
- Bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #1791
- Bump actions/setup-python from 3 to 5 by @dependabot in #1773
- Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3 by @dependabot in #1792
- Bump actions/setup-go from 2 to 5 by @dependabot in #1738
- Bump golang.org/x/sync from 0.6.0 to 0.7.0 by @dependabot in #1771
- Bump n1hility/cancel-previous-runs from 2 to 3 by @dependabot in #1740
- Bump actions/checkout from 2 to 4 by @dependabot in #1737
- ROX-23984: install vpa operator group by @ludydoo in #1793
- ROX-23984: fix vpa subscription by @ludydoo in #1795
- ROX-23984: fix vpa operator group by @ludydoo in #1796
- Revert "ROX-23984: fix vpa operator group (#1796)" by @ludydoo in #1797
- ROX-23984: fix vpa subscription by @ludydoo in #1798
- ROX-24166: Remove kube-rbac-proxy sidecar by @vladbologa in #1794
- ROX-23550: Add scanner egress to Internet for image registry access by @ebensh in #1804
- ROX-23555: Disable egress proxy creation when securing tenant network by @ebensh in #1805
- ROX-24120: Add overlay for collector DaemonSet by @mclasmeier in #1799
- ROX-21702: fix error matching logic for central-tls secret not found by @johannes94 in #1800
- Reduce period length for violation metrics from 5m to 1m by @mclasmeier in #1770
Full Changelog: 2024-04-23.1...2024-05-13.1
Contributors
ludydoo, ebensh, and 6 other contributors
Assets 2
2024-04-23.1
What's Changed
- fix: consider zero-cost resources allowed by @0x656b694d in #1732
- ROX-16615: run probe cleanup after all specs have been completed by @kovayur in #1757
- ROX-23607: Rotate fleet manager static tokens by @kurlov in #1760
- ROX-16615: Remove deploy Data Plane GitHub Actions by @kovayur in #1761
- chore(deps): bump helm.sh/helm/v3 to fix important CVE by @vladbologa in #1759
- ROX-16615: Delete probe helm chart by @kovayur in #1762
- ROX-23219: Specify additional tenant's auth via gitops by @ivan-degtiarenko in #1714
- ROX-23557: Add annotation for ACL Logging to tenant namespaces by @mclasmeier in #1764
- Bump github.com/openshift-online/ocm-sdk-go from 0.1.405 to 0.1.415 by @dependabot in #1766
- ROX-23559: Export Violation Denial Metrics by @mclasmeier in #1763
- ROX-23251: Add base for email sender service by @kurlov in #1754
- Bump github.com/segmentio/chamber/v2 from 2.14.0 to 2.14.1 in /tools by @dependabot in #1701
- Bump aws-actions/configure-aws-credentials from 1.pre.node16 to 4.0.2 by @dependabot in #1739
- ROX-23251: Add metrics for email sender service by @kurlov in #1755
Full Changelog: 2024-04-09.1...2024-04-23.1
Contributors
kovayur, kurlov, and 5 other contributors
Assets 2
2024-04-09.1
What's Changed
- chore(probe): unset cpu limits by @stehessel in #1731
- ROX-20581: probe labels by @ludydoo in #1730
- chore: dependabot upgrade gha by @janisz in #1735
- Bump github.com/aws/aws-sdk-go from 1.50.34 to 1.51.15 by @dependabot in #1741
- ROX-23370: add requests and limits to FM initContainer by @vladbologa in #1747
- ROX-16615: Remove empty cpu limits from the probe Deployment by @kovayur in #1749
- ROX-16615: Add probe metrics endpoint by @kovayur in #1750
- fix: always build images in github actions on main and stage by @johannes94 in #1751
Full Changelog: 2024-03-26.1...2024-04-09.1
Contributors
ludydoo, janisz, and 5 other contributors
Assets 2
2024-03-26.1
What's Changed
- ROX-22541: Add scannerB4 components to egress proxy by @kurlov in #1673
- fix(scannerv4): adjust proxy settings by @dhaus67 in #1674
- Add a legend for the request rate fleet manager widget by @rukletsov in #1675
- Bump dogfood collector memory to prevent OOMs by @ludydoo in #1676
- ROX-22358: reset grace period on restore by @0x656b694d in #1663
- Bump github.com/matryer/moq from 0.3.3 to 0.3.4 in /tools by @dependabot in #1658
- ROX-22557: Count expired centrals by @0x656b694d in #1677
- Bump github.com/getsentry/sentry-go from 0.26.0 to 0.27.0 by @dependabot in #1679
- Bump github.com/gorilla/handlers from 1.5.1 to 1.5.2 by @dependabot in #1678
- Bump github.com/segmentio/chamber/v2 from 2.13.6 to 2.14.0 in /tools by @dependabot in #1657
- Bump github.com/operator-framework/api from 0.20.0 to 0.22.0 by @dependabot in #1654
- Bump golang.org/x/oauth2 from 0.16.0 to 0.17.0 by @dependabot in #1652
- fix: check if telemetry is enabled by @0x656b694d in #1686
- Parameterize envoy resources by @porridge in #1688
- ROX-22859: Remove unused ACS Operator template by @kurlov in #1680
- ROX-22887: Use go 1.20 to build images in CI by @ebensh in #1690
- Bump github.com/openshift-online/ocm-sdk-go from 0.1.401 to 0.1.405 by @dependabot in #1681
- Bump github.com/prometheus/client_model from 0.5.0 to 0.6.0 by @dependabot in #1682
- Delete the duplicate line from the service template by @kovayur in #1691
- Bump k8s.io/api from 0.29.1 to 0.29.2 by @dependabot in #1684
- Bump github.com/auth0/go-jwt-middleware/v2 from 2.2.0 to 2.2.1 by @dependabot in #1683
- Bump operator-framework/helm-operator from v1.33.0 to v1.34.0 in /dp-terraform/helm by @dependabot in #1687
- Rollback helm-operator to v1.33.0 by @kovayur in #1694
- ROX-22551: Cleanup Fleet Manager after the addon CI/CD implementation by @kovayur in #1665
- Bump github.com/aws/aws-sdk-go from 1.50.10 to 1.50.34 by @dependabot in #1693
- ROX-22926: Enable dogfood local scanner by @ludydoo in #1695
- ROX-22926: Fix scannerComponent by @ludydoo in #1697
- ROX-22926: Fix scannerComponent by @ludydoo in #1699
- Disable ESO webhook by @kovayur in #1698
- ROX-22593: git hook fix by @ludydoo in #1696
- sync: rc-2024-03-12.1 to stage by @roxbot in #1710
- sync: stage to production by @roxbot in #1711
- ROX-21836: Use Envoy config from App-interface by @kurlov in #1712
- Bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #1706
- ROX-22361: Log ACSCS instance state change by @ivan-degtiarenko in #1708
- ROX-21836: Drop Envoy redundant config by @kurlov in #1713
- Bump github.com/onsi/ginkgo/v2 from 2.15.0 to 2.16.0 in /tools by @dependabot in #1700
- Deploy fleet-manager from template in e2e tests by @kovayur in #1659
- ROX-16615: Make the probe service create multiple centrals (per region / cloud provider) by @kovayur in #1719
- ROX-16615: Probe template by @kovayur in #1722
- ROX-22428: Rename dinosaurService#Update by @kovayur in #1721
- ROX-22428: Use
sql.NullTimeinstead of*time.Timeindbapiby @0x656b694d in #1720 - ROX-21682: Add support for central-encryption-key-chain by @vladbologa in #1723
- ROX-22557: Expiration central count grafana panel by @0x656b694d in #1724
- ROX-21682: remove double base64 encoding by @vladbologa in #1727
- ROX-16587: API for switching billing model of a central by @0x656b694d in #1598
- sync: rc-2024-03-26.1 to stage by @roxbot in #1728
- sync: stage to production by @roxbot in #1729
Full Changelog: 2024-02-20.1...2024-03-26.1
Contributors
ludydoo, porridge, and 9 other contributors
Assets 2
2024-02-20.1
What's Changed
- ROX-22237: Bump ocm-sdk-go and switch it back to upstream by @kovayur in #1651
- Add the addon step to the PR checklist by @kovayur in #1662
- Bump helm.sh/helm/v3 from 3.13.3 to 3.14.1 by @dependabot in #1664
- ROX-16615: Add probe image build on app-interface by @kovayur in #1666
- Bump stackrox deps 190983eddb0a by @kurlov in #1669
- chore: additional quota cost logging, tests by @0x656b694d in #1660
- sync: rc-2020-02-20.1 to stage by @roxbot in #1671
- sync: stage to production by @roxbot in #1672
Full Changelog: 2024-02-08.1...2024-02-20.1
Contributors
kovayur, kurlov, and 2 other contributors