tetra 1.4.0

[BrewTestBot]

Created by brew bump

---

Created with brew bump-formula-pr.

release notes

# Release notes
Upgrade notes
Read the upgrade notes carefully before upgrading Tetragon.

Depending on your setup, changes listed here might require a manual intervention.
Helm Values

It's now supported to run multiple Tetragon operator replicas simultaneously. Enable it by setting tetragonOperator.replicas=2 and tetragonOperator.failoverLease.enabled=true.
tetragonOperator.strategy now sets a default rollingUpdate strategy (maxSurge=1, maxUnavailable=0) to reduce downtime during an upgrade.
The Tetragon operator Deployment now sets a default podAntiAffinity (preferredDuringSchedulingIgnoredDuringExecution) to improve the Pod distribution (if possible), without enforcing it to avoid being stuck during upgrades on single or two node clusters.

TracingPolicy (k8s CRD)

FollowFD, UnfollowFD, and CopyFD actions are being deprecarted in this (1.4) and are

scheduled for removal in the next (1.5)

Metrics

tetragon_map_errors_total metric is replaced by map_errors_update_total and map_errors_delete_total.

Changes
total: 298 commits, prs: 110 pr commits: 298
Major Changes

feat: include ancestors in process events (feat: include ancestors in process events cilium/tetragon#2938) by @t0x01
Add attribute resolution (Add dynamic extraction of a parameter attribute cilium/tetragon#3143) by @ScriptSathi
policies: add support for setting a monitoring mode in tracing policies (configurable policy mode cilium/tetragon#3393) by @kkourt
Windows: Build tetragon on Windows (Part -1) (Windows: Build tetragon on Windows (Part -1) cilium/tetragon#3445) by @ExceptionalHandler

Bugfixes

[fix] fix probe_read_str return type ([fix] fix probe_read_str return type cilium/tetragon#3236) by @arthur-zhang
tetragon: avoid the agent from hanging in some corner error conditions (fixes in server cleanup cilium/tetragon#3321) by @kkourt
Fix in_init_tree flag for processes started before Tetragon. (proc_reader: handle in_init_tree cilium/tetragon#3338) by @will-isovalent
Fix a bug where unloading programs where detaching them even in the case of unpin false (i.e.) --keep-sensors-on-exit (pkg/sensors: RawDetachUnloader do not detach on unpin false cilium/tetragon#3347) by @mtardy
Fix path truncations in event values for cwd and path/file function arguments. The function responsible for reading dentry was upgraded to 4096 but some users were still using the previous limitation of 256. (bpf: fix path truncation in cwd and copying path arguments cilium/tetragon#3427) by @mtardy
Use BTF to access skb_ext (Use BTF to access skb_ext cilium/tetragon#3439) by @xabrouck
watcher: Fix K8sWatcher.FindPod (watcher: Fix K8sWatcher.FindPod cilium/tetragon#3409) by @lambdanis

Minor Changes


tetra: Fix tetra debug progs fail (tetra: Fix tetra debug progs fail cilium/tetragon#3235) by @olsajiri


tetragon: factor generic maps (tetragon: factor generic maps cilium/tetragon#3257) by @olsajiri


fix: nspid assign is not correct (fix: nspid assign is not correct cilium/tetragon#3267) by @arthur-zhang


bug: fix assign vfsmnt correctly (bug: fix assign vfsmnt correctly cilium/tetragon#3261) by @arthur-zhang


[bug] matchPIDs is using first pid only ([bug] matchPIDs is using first pid only cilium/tetragon#3255) by @arthur-zhang


tetragon: Fix override program pin for fmodret and kprobe multi (tetragon: Fix override program pin for fmodret and kprobe multi cilium/tetragon#3298) by @olsajiri


tetra: Add CEL filter to the CLI (tetra: Add CEL filter to the CLI cilium/tetragon#3124) by @knrc


tetragon: update vmlinux.h (tetragon: update vmlinux.h cilium/tetragon#3308) by @olsajiri


doc: note that kernels >= 6.11 require new cgroupv1 configs (doc: note that kernels >= 6.11 require new cgroupv1 configs cilium/tetragon#3284) by @tixxdz


tetra: Set default for retries to 1 (tetra: Set default for retries to 1 cilium/tetragon#3335) by @olsajiri


tetragon: assorted fixes (tetragon: assorted fixes cilium/tetragon#3323) by @olsajiri


tetragon: Add map_errors_update_total/map_errors_delete_total metrics (tetragon: Add map_errors_update_total/map_errors_delete_total metrics cilium/tetragon#3346) by @olsajiri


Add support for struct socket and struct sockaddr. (Add socket and sockaddr types cilium/tetragon#3358) by @kevsecurity


tetragon: map changes (tetragon: map changes cilium/tetragon#3328) by @olsajiri


tetragon: Add GetExecveEntries function (tetragon: Add GetExecveEntries function cilium/tetragon#3390) by @olsajiri


helm: add cri.enabled, cri.socketHostPath, and cgidmap.enables variables (helm: add support  for cgidmap/cri cilium/tetragon#3382) by @kkourt
metrics: add metrics for cgidmap CRI resolution


cgroups: relax deployment detection logic (cgroups: relax deployment detection logic cilium/tetragon#3400) by @tixxdz


tetragon: Move extract code into separate function (tetragon: Move extract code into separate function cilium/tetragon#3416) by @olsajiri


tetragon: assorted fixes (tetragon: assorted fixes cilium/tetragon#3394) by @olsajiri


tetragon: harden actions a bit (tetragon: harden actions a bit cilium/tetragon#3279) by @olsajiri


generic sensor: add a dentry type (add dentry type cilium/tetragon#3423) by @olsajiri


gRPC: the deprecated sensors API is now removed. (sensor cleanups cilium/tetragon#3437) by @kkourt


helm: Removed default toleration (operator: Exists) for the operator Deployment (helm: Removed default tolerations for the operator cilium/tetragon#3442) by @PhilipSchmid


Remove kernel version check for LSM Resolve flag (Remove kernel version check for LSM Resolve flag cilium/tetragon#3415) by @ScriptSathi


tetragon: Pass argument pointer to extract_arg (tetragon: Pass argument pointer to extract_arg cilium/tetragon#3441) by @olsajiri


dentry fixes (dentry fixes cilium/tetragon#3450) by @olsajiri


rthooks: Fix rootDir in createRuntime hook (rthooks: Fix rootDir in createRuntime hook cilium/tetragon#3466) by @tpapagian


tetra: increase connection timeout to 30s (tetra: increase connection timeout to 30s cilium/tetragon#3468) by @kkourt


renovate: add v1.2 for golang 1.23 (renovate: add v1.2 for golang 1.23 cilium/tetragon#3472) by @olsajiri


reshufle some packages (reshufle some packages cilium/tetragon#3481) by @olsajiri


assorted path related fixes (assorted path related fixes cilium/tetragon#3494) by @olsajiri


tetragon: Add extra bounds check to extract_arg (tetragon: Add extra bounds check to extract_arg cilium/tetragon#3503) by @olsajiri


helm: Allow extending clusterroles and operator configmap (helm: Allow extending clusterroles and operator configmap cilium/tetragon#3482) by @lambdanis


tracingpolicy: FollowFD, UnfollowFD, and CopyFD actions are deprecarted (deprecate followFD and friends cilium/tetragon#3491) by @kkourt


pkg/bpf: mount securityfs to check lsm bpf (pkg/bpf: mount securityfs to check lsm bpf cilium/tetragon#3512) by @anfedotoff


tetragon: assorted heap fixes (tetragon: assorted heap fixes cilium/tetragon#3515) by @olsajiri


operator: Support running multiple operator replicas simultaneously (Added support to run multiple Tetragon operator replicas simultaneously cilium/tetragon#3443) by @PhilipSchmid


CI Changes

[CI] Fix virt-customize issue in vmtests ([CI] Fix virt-customize issue in vmtests cilium/tetragon#3232) by @tpapagian
ci: remove buildjet runners and use GitHub arm64 runners (ci: remove buildjet runners and use GitHub arm64 runners cilium/tetragon#3280) by @mtardy
renovate: disable digest update on Dockerfiles (renovate: disable digest update on Dockerfiles cilium/tetragon#3285) by @mtardy
renovate: fix for config change 70ad4e78d5b4 (renovate: fix for config change 70ad4e78d5b4 cilium/tetragon#3286) by @mtardy
renovate: remove matchBaseBranches on main for grouping rules (renovate: remove matchBaseBranches on main for grouping rules cilium/tetragon#3324) by @mtardy
renovate: update various versions in source code (renovate: update various versions in source code cilium/tetragon#3342) by @mtardy
CI: build tetragon on every commit of a PR (CI: build tetragon on every commit of a PR cilium/tetragon#3354) by @mtardy
renovate: Group cel-go together with k8s dependencies (renovate: Group cel-go together with k8s dependencies cilium/tetragon#3383) by @lambdanis
workflows: only run build every commit on pull request event (workflows: only run build every commit on pull request event cilium/tetragon#3386) by @mtardy
renovate: more robust parser for Go version in go.mod (renovate: more robust parser for Go version in go.mod cilium/tetragon#3401) by @mtardy
Various renovate config tunings (Various renovate config tunings cilium/tetragon#3420) by @mtardy
fix bug in e2e tests and update its dependencies (fix bug in e2e tests and update its dependencies cilium/tetragon#3421) by @mtardy
workflow: fix a bug in build every commit (workflow: fix a bug in build every commit cilium/tetragon#3449) by @mtardy
chore: added verifier tests (chore: added verifier tests cilium/tetragon#3433) by @AshishNaware
renovate config: automerge more (renovate config: automerge more cilium/tetragon#3505) by @mtardy
ci: Refactor linters, formatters and generators checks (ci: Refactor linters, formatters and generators checks cilium/tetragon#3509) by @lambdanis
api: Copy API reference into docs (api: Copy API reference into docs  cilium/tetragon#3525) by @lambdanis

Documentation changes

docs: Add dev setup instructions for Apple silicon Macs (docs: Add dev setup instructions for Apple silicon Macs cilium/tetragon#3231) by @michi-covalent
docs: local dev with Apple Silicon small fixes (docs: local dev with Apple Silicon small fixes cilium/tetragon#3237) by @mtardy
docs: remove redundance CLI command in tracing policy example (docs: remove redundance CLI command in tracing policy example cilium/tetragon#3256) by @arthur-zhang
docs: enhancements to the troubleshooting section (docs: enhancements to the troubleshooting section cilium/tetragon#3238) by @mtardy
fix: correcting the script path for minikube installation steps in do… (fix: correcting the script path for minikube installation steps in do… cilium/tetragon#3111) by @d-cryptic
Add link to Kubecon NA 2024 talk discussing Tetragon (Add Tetragon talk from Kubecon NA cilium/tetragon#3303) by @daxmc99
fix: Troubleshooting documentation for System dump (fix: Troubleshooting documentation for System dump cilium/tetragon#3325) by @z63d
docs: fix typo referencing kube-system as kubesystem (docs: fix typo referencing kube-system as kubesystem cilium/tetragon#3334) by @z63d
docs: fix the Example jq filter in Observability Policies (docs: fix the Example jq filter in Observability Policies cilium/tetragon#3367) by @z63d
fix: returnArg index of TracingPolicy is not specified (fix: returnArg index of TracingPolicy is not specified cilium/tetragon#3388) by @z63d
docs: fix tracing policy options (docs: fix tracing policy options cilium/tetragon#3470) by @z63d
docs: Remove incorrect event types from field filter docs examples. (docs: remove incorrect event types cilium/tetragon#3489) by @will-isovalent
docs: fix typo (docs: fix typo cilium/tetragon#3528) by @jetlime

Dependency updates

fix(deps): update module github.com/cilium/ebpf to v0.17.1 (main) (fix(deps): update module github.com/cilium/ebpf to v0.17.1 (main) cilium/tetragon#3206) by @cilium-renovate[bot]
fix(deps): update module google.golang.org/grpc to v1.70.0 (main) (fix(deps): update module google.golang.org/grpc to v1.70.0 (main) cilium/tetragon#3330) by @cilium-renovate[bot]
chore(deps): update all github action dependencies (main) (chore(deps): update all github action dependencies (main) cilium/tetragon#3387) by @cilium-renovate[bot]
chore(deps): update docker.io/golangci/golangci-lint docker tag to v1.64.5 (main) (chore(deps): update docker.io/golangci/golangci-lint docker tag to v1.64.5 (main) cilium/tetragon#3398) by @cilium-renovate[bot]

Misc Changes

start v1.4 development (start v1.4 development cilium/tetragon#3226) by @kkourt
fix: improve error handling for tracing policies directory access (fix: improve error handling for tracing policies directory access cilium/tetragon#3289) by @arthur-zhang
Add tetra policyfilter listpolicies command (Add tetra policyfilter listpolicies command cilium/tetragon#3122) by @tpapagian
tetragon: add get_current_task_btf (tetragon: add get_current_task_btf cilium/tetragon#3305) by @jrfastab
bpf: declare maps with __type for key and value (bpf: declare maps with __type for key and value cilium/tetragon#3307) by @mtardy
clang-format: use ignore file (clang-format: use ignore file cilium/tetragon#3322) by @kkourt
Create an AUTHORS file for tetragon (Create an AUTHORS file for tetragon cilium/tetragon#3319) by @kkourt
tetra/debug: Clone GetDebugResponse entries (tetra/debug: Clone GetDebugResponse entries cilium/tetragon#3343) by @tpapagian
Add the ability to get process cache entries (Add the ability to get process cache entries cilium/tetragon#3348) by @tpapagian
pkg/sensors: pin link in TracingAttach (pkg/sensors: pin link in TracingAttach cilium/tetragon#3352) by @mtardy
vmtests: disable TestFastK8s (vmtests: disable TestFastK8s cilium/tetragon#3356) by @kkourt
gitattributes: auto resolve merge conflicts for generated files (gitattributes: auto resolve merge conflicts for generated files cilium/tetragon#3366) by @will-isovalent
api: build using buf (api: build using buf cilium/tetragon#3368) by @will-isovalent
Refactor CRD defaulting and validation as generic (Refactor CRD defaulting and validation as generic cilium/tetragon#3403) by @lambdanis
buf fixes (buf fixes cilium/tetragon#3417) by @kkourt
ci: fixes for buf workflow (ci: fixes for buf workflow cilium/tetragon#3418) by @will-isovalent
api/Makefile: make it work for worktrees (api/Makefile: make it work for worktrees cilium/tetragon#3419) by @kkourt
pkg/bpf: remove redundant check from HasLSMPrograms (pkg/bpf: remove redundant check from HasLSMPrograms cilium/tetragon#3422) by @anfedotoff
filters: Minor CEL refactoring (filters: Minor CEL refactoring cilium/tetragon#3426) by @lambdanis
watcher: Refactor K8sWatcher to reuse config and factories (watcher: Refactor K8sWatcher to reuse config and factories cilium/tetragon#3413) by @lambdanis
Revert "pkg/bpf: remove redundant check from HasLSMPrograms" (Revert "pkg/bpf: remove redundant check from HasLSMPrograms"  cilium/tetragon#3456) by @ScriptSathi
syscallmetrics: use syscall type (syscallmetrics: use syscall type cilium/tetragon#3462) by @kkourt
bpf: verification fixes (bpf: verification fixes cilium/tetragon#3460) by @kkourt
tetra: add a --reconnect option to getevents command (tetra/getevents: add a --reconnect option cilium/tetragon#3438) by @kkourt
install/kubernetes: fix typo (install/kubernetes: fix typo cilium/tetragon#3499) by @kkourt
main: Split k8s watchers into process metadata and policy (main: Split k8s watchers into process metadata and policy cilium/tetragon#3524) by @lambdanis
bpf: Fix complexity issue in selectors (bpf: Fix complexity issue in selectors cilium/tetragon#3523) by @tpapagian
Prepare for v1.4.0 release (Prepare for v1.4.0 release cilium/tetragon#3545) by @kkourt

[github-actions]

🤖 An automated task has requested bottles to be published to this PR.