Releases: Contrast-Security-OSS/agent-operator
Releases · Contrast-Security-OSS/agent-operator
v6.0.0
Version v6.0.0 released!
- CRDs have been updated
- If you are updating the helm chart, please run
kubectl apply -f https://github.com/Contrast-Security-OSS/agent-operator/releases/latest/download/crds.yamlbefore upgrading to update the CRDs. https://docs.contrastsecurity.com/en/helm-upgrades.html#major-upgrades-292514
- If you are updating the helm chart, please run
- Add support for setting AgentConnection and AgentConfiguration on ClusterAgentInjector
- Referenced AgentConnection or AgentConfiguration need to be in the same namespace as the ClusterAgentInjector
- Upgrade to .NET 10 and dotnet-operator-sdk 10.x
- Setting
CONTRAST_AGENT_TELEMETRY_OPTOUT=1on the agent-operator will now opt-out agents from telemetry collection - Fixed a regression where the internal state would go out of sync
- Missing operator settings are now exposed in the helm chart:
| Agent Operator Setting | Helm Chart Setting |
|---|---|
| CONTRAST_EVENT_QUEUE_MERGE_WINDOW_SECONDS | operator.eventQueueMergeWindowSeconds |
| CONTRAST_AGENT_TELEMETRY_OPTOUT | operator.telemetryOptOut |
| CONTRAST_LOG_LEVEL | operator.operatorLogLevel |
| CONTRAST_RUN_INIT_CONTAINER_AS_NON_ROOT | operator.initContainer.nonRoot |
| CONTRAST_WATCHER_TIMEOUT_SECONDS | operator.watcherTimeout |
Breaking Changes
- Docker image base changed from Debian to Ubuntu Platforms for .NET 10 container images dotnet/dotnet-docker#6539, because of this the operator-user/operator-group ids have changed to 1001
- If the
spec.connection.nameorspec.configuration.nameon a AgentInjector (created by a ClusterAgentInjector) was edited manually; those references will now be overwritten when the ClusterAgentInjector updates the AgentInjector.
contrast/agent-operator:6.0.0
contrast/agent-operator@sha256:add8aa999e215c9e622ec4474714f53fc95462b117e78fec2a89949969c1166c
quay.io/contrast/agent-operator:6.0.0
quay.io/contrast/agent-operator@sha256:add8aa999e215c9e622ec4474714f53fc95462b117e78fec2a89949969c1166c
v5.1.0
Version v5.1.0 released!
- Add helm values.schema.json https://helm.sh/docs/topics/charts/#schema-files
- Expose init-container and agent-operator SecurityContext in values.yaml
- Add
operator.enableAgentStdoutto values.yaml andCONTRAST_ENABLE_AGENT_STDOUToperator env var to globally enable agents to log to stdout - Fix setting
imageCredentials.pullSecretNamein values.yaml to empty/null was still addingimagePullSecretsto agent-operator deployment - Log a warning if
DOTNET_EnableDiagnostics=0orCOMPlus_EnableDiagnostics=0is detected during dotnet-core agent injection (these env vars disable profiling in .NET 8+)
contrast/agent-operator:5.1.0
contrast/agent-operator@sha256:440efea3b89cf6c61a28deefc97df7f24130d57ebd513b57e0245f0ad2e09faf
quay.io/contrast/agent-operator:5.1.0
quay.io/contrast/agent-operator@sha256:440efea3b89cf6c61a28deefc97df7f24130d57ebd513b57e0245f0ad2e09faf
v5.0.2
Version v5.0.2 released!
- Upgraded project dependencies which included security fixes
contrast/agent-operator:5.0.2
contrast/agent-operator@sha256:d649323b63ca0707f2f5df212f5a3cfcfc7f8b54dba524cfe352bcbb0d262d9b
quay.io/contrast/agent-operator:5.0.2
quay.io/contrast/agent-operator@sha256:d649323b63ca0707f2f5df212f5a3cfcfc7f8b54dba524cfe352bcbb0d262d9b
v5.0.1
Version v5.0.1 released!
- Add support for patching an existing PYTHONPATH for python-agent injection
contrast/agent-operator:5.0.1
contrast/agent-operator@sha256:6508b4bbb6dcd5de1c12fe38087f88c7a66f19e3b289ffaebb84cc2dc978d962
quay.io/contrast/agent-operator:5.0.1
quay.io/contrast/agent-operator@sha256:6508b4bbb6dcd5de1c12fe38087f88c7a66f19e3b289ffaebb84cc2dc978d962
v5.0.0
Version v5.0.0 released!
- CRDs have been updated
- If you are updating the helm chart, please run
kubectl apply -f https://github.com/Contrast-Security-OSS/agent-operator/releases/latest/download/crds.yamlbefore upgrading to update the CRDs. https://docs.contrastsecurity.com/en/helm-upgrades.html#major-upgrades-292514
- If you are updating the helm chart, please run
- Add ClusterAgentInjectors https://github.com/Contrast-Security-OSS/agent-operator/blob/v5.0.0/docs/public/03-configuration-reference.md#clusteragentinjector
- Add support for mounting AgentConnection secrets as a volume
- Set
mountAsVolume: trueon an AgentConnection or ClusterAgentConnection to enable https://github.com/Contrast-Security-OSS/agent-operator/blob/v5.0.0/docs/public/03-configuration-reference.md#agentconnection
- Set
- Add support for
namespaceLabelSelectoron ClusterAgentConnection, ClusterAgentConfiguration, and ClusterAgentInjector- Added read-only permissions for
namespacesto ClusterRole - The helm chart includes a default selector for ClusterAgentInjectors, add
agents.contrastsecurity.com/agent-injectors: 'true'label to a namespace to add agent injectors to that namespace
- Added read-only permissions for
- Allow setting contrast-agent-operator pod requests/limits in the helm chart
- Allow setting contrast-agent-operator pod labels/annotations in the helm chart
- Increased default init-container memory limit
- Fixed an issue that caused pod patching to fail if the init-container requests/limits were empty
Breaking Changes
- The helm chart will now create ClusterAgentInjectors instead of AgentInjectors
- To create AgentInjectors instead, set
agentInjectors.useClusterAgentInjectorstofalse
- To create AgentInjectors instead, set
- Removed
agentInjectors.lookupNamespaces.deployToAllAccessibleNamespacesfrom the helm chart, this is replaced by:
agentInjectors:
useClusterAgentInjectors: true
namespaces:
- '*'
contrast/agent-operator:5.0.0
contrast/agent-operator@sha256:1fabb779107815b6e39fd44321cdf9e058a2b8c49fc22a6a497ad992336574b4
quay.io/contrast/agent-operator:5.0.0
quay.io/contrast/agent-operator@sha256:1fabb779107815b6e39fd44321cdf9e058a2b8c49fc22a6a497ad992336574b4
v4.1.1
Version v4.1.1 released!
- Publish CRDs as a separate manifest to make helm upgrades easier
kubectl apply -f https://github.com/Contrast-Security-OSS/agent-operator/releases/latest/download/crds.yamlcan be run beforehelm upgradeto update the CRDs
contrast/agent-operator:4.1.1
contrast/agent-operator@sha256:8c1d7e47ebbfa430d4531ef7ec14832aa1e530880cba56410a0abbbe484cfb0c
quay.io/contrast/agent-operator:4.1.1
quay.io/contrast/agent-operator@sha256:8c1d7e47ebbfa430d4531ef7ec14832aa1e530880cba56410a0abbbe484cfb0c
v4.1.0
Version v4.1.0 released!
- Add support for Contrast Flex Agent
- Adds flex AgentInjector to default helm values.yaml
- Updated AgentInjector crd to add flex agent type
contrast/agent-operator:4.1.0
contrast/agent-operator@sha256:6620b94ee17353146ce55a78ab30b122ff5d6d92b41cdd6fde5d7b8b9ed6d356
quay.io/contrast/agent-operator:4.1.0
quay.io/contrast/agent-operator@sha256:6620b94ee17353146ce55a78ab30b122ff5d6d92b41cdd6fde5d7b8b9ed6d356
v4.0.0
Version v4.0.0 released!
- MutatingWebhook no longer triggers for resources in
kube-systemorkube-node-leasenamespaces - ClusterRole permissions are now explicit
Breaking Changes
- AgentInjector type
nodejsnow uses--importinstead of--requirefor injecting the NodeJS Agent- Please use
nodejsfor NodeJS LTS >= 18.19.0 andnodejs-legacyfor NodeJS LTS < 18.19.0
- Please use
- AgentInjector type
nodejs-esmis deprecated - Removed default injector for
nodejs-esmfrom helm chart
contrast/agent-operator:4.0.0
contrast/agent-operator@sha256:ae1e3c2be97756e2788273b5b0a9975c74ffd3eef7102a0ff84b4f3c62e14c31
quay.io/contrast/agent-operator:4.0.0
quay.io/contrast/agent-operator@sha256:ae1e3c2be97756e2788273b5b0a9975c74ffd3eef7102a0ff84b4f3c62e14c31
v3.2.1
Version v3.2.1 released!
- Increase default ephemeral-storage request/limit on agent init-containers to 400Mi to reflect agent size on disk
contrast/agent-operator:3.2.1
contrast/agent-operator@sha256:59f29799efd91d6006f4b23b63877866e8ca8548c6ce6312e204bf0a53805c2a
quay.io/contrast/agent-operator:3.2.1
quay.io/contrast/agent-operator@sha256:59f29799efd91d6006f4b23b63877866e8ca8548c6ce6312e204bf0a53805c2a
v3.2.0
Version v3.2.0 released!
- Default ephemeral-storage request/limit on agent init-containers to 10Mi to resolve issues with GKE Autopilot
contrast/agent-operator:3.2.0
contrast/agent-operator@sha256:e9b475d33288f65e545bc88f7ab92c9598ce093e71c6981c7820791cbd2a874c
quay.io/contrast/agent-operator:3.2.0
quay.io/contrast/agent-operator@sha256:e9b475d33288f65e545bc88f7ab92c9598ce093e71c6981c7820791cbd2a874c