v0.10.0

[github.com/gardener/gardener-extension-shoot-rsyslog-relp:v0.10.0]

⚠️ Breaking Changes

• [OPERATOR] shoot-rsyslog-relp no longer supports Shoots with Кubernetes version <= 1.28. by @RadaBDimitrova [#291]

Helm Charts

• shoot-rsyslog-relp-admission-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-application:v0.10.0
• shoot-rsyslog-relp-admission-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-runtime:v0.10.0
• shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp:v0.10.0

Container (OCI) Images

• gardener-extension-shoot-rsyslog-relp-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.10.0
• gardener-extension-shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.10.0

v0.9.0

[gardener/gardener-extension-shoot-rsyslog-relp]

⚠️ Breaking Changes

• [OPERATOR] The type of the imageVectorOverwrite value is changed from string to object. by @ialidzhikov [#260]

🏃 Others

• [OPERATOR] Update base image from debian11 to debian12. by @MartinWeindel [#264]
• [OPERATOR] The RBAC is now reduced to only the required resources and verbs. by @plkokanov [#266]

Helm Charts

• shoot-rsyslog-relp-admission-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-application:v0.9.0
• shoot-rsyslog-relp-admission-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-runtime:v0.9.0
• shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp:v0.9.0

Container (OCI) Images

• gardener-extension-shoot-rsyslog-relp-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.9.0
• gardener-extension-shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.9.0

v0.8.1

[gardener/gardener-extension-shoot-rsyslog-relp]

🐛 Bug Fixes

• [OPERATOR] Fixed an issue that caused augenrules --load to be executed every time the configure-rsyslog.sh script runs instead of only when audit rules have changed. by @plkokanov [#263]

Helm Charts

• shoot-rsyslog-relp-admission-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-application:v0.8.1
• shoot-rsyslog-relp-admission-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-runtime:v0.8.1
• shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp:v0.8.1

Docker Images

• gardener-extension-shoot-rsyslog-relp-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.8.1
• gardener-extension-shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.8.1

v0.8.0

[gardener/gardener-extension-shoot-rsyslog-relp]

⚠️ Breaking Changes

• [OPERATOR] The Helm charts for the application and runtime parts of the gardener-extension-shoot-rsyslog-relp-admission admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the runtime chart on the Garden runtime cluster, and the application chart on the virtual garden. Additionally, the intermediate global level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#228]

📰 Noteworthy

• [OPERATOR] A new field, messageContent, has been added to the loggingRules section of the rsyslog-relp.extensions.gardener.cloud/v1alpha1.RsyslogRelpConfig API. This enhancement allows users to filter log messages sent to the target server based on their content. The messageContent field includes two subfields:
  • messageContent.regex: This subfield specifies a regular expression to determine which log messages should be sent to the target server.
  • messageContent.exclude: This subfield specifies a regular expression to exclude log messages from being sent to the target server.
    These additions provide more granular control over log message filtering, enhancing the flexibility and efficiency of log management. by @RadaBDimitrova [#243]
• [OPERATOR] Memory resource limits have been removed from charts/gardener-extension-shoot-rsyslog-relp-admission/values.yaml and charts/gardener-extension-shoot-rsyslog-relp/values.yaml, and therefore from the corresponding deployments. by @plkokanov [#211]

🐛 Bug Fixes

• [DEVELOPER] Fixed an issue that caused skaffold to fail to tag the gardener-extension-shoot-rsyslog-relp image during the execution of the make remote-extension-up command. by @plkokanov [#236]
• [OPERATOR] The script which configures the audit rules on the system now ensures that the /var/lib/node-exporter/textfile-collector directory exists before attempting to write the result of the augenrules --load command to the /var/lib/node-exporter/textfile-collector/rsyslog_auditd.prom file. by @plkokanov [#256]
• [OPERATOR] An issue causing the ControllerDeployment in provider-local NOT to update the locally built image if the image is already present in the skaffold's cache is now fixed. make extension-up is now guaranteed to always use the image version that corresponds to the local git revision of the repository. by @RadaBDimitrova [#242]

🏃 Others

• [OPERATOR] Containers, which do not require privilege escalations, now forbid privilege escalations explicitly. by @georgibaltiev [#226]
• [OPERATOR] The parallel execution of e2e tests is increased from 2 to 3 to speed up the e2e test execution times. by @RadaBDimitrova [#248]
• [OPERATOR] Prepare for deployment of admission controller by gardener-operator by @MartinWeindel [#228]
• [OPERATOR] The ServiceTrafficDistribution feature is being used on to make Services topology-aware when the runtime Kubernetes version is 1.31+. by @ialidzhikov [#224]
• [OPERATOR] extension-shoot-rsyslog-relp no longer supports Shoots with Кubernetes version <= 1.26. by @RadaBDimitrova [#190]

Helm Charts

• shoot-rsyslog-relp-admission-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-application:v0.8.0
• shoot-rsyslog-relp-admission-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-runtime:v0.8.0
• shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp:v0.8.0

Docker Images

• gardener-extension-shoot-rsyslog-relp-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.8.0
• gardener-extension-shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.8.0

v0.7.0

[gardener/gardener-extension-shoot-rsyslog-relp]

📰 Noteworthy

• [DEVELOPER] gosec is made available for SAST(static application security testing), it can be run with make sast or make sast-report, but is also incorporated in the verify and verify-extended makefile targets. by @Kostov6 [#189]

🐛 Bug Fixes

• [DEVELOPER] An issue causing make extension-up to fail to patch the ControllerDeployment is now mitigated. by @ialidzhikov [#194]
• [DEVELOPER] An issue causing make extension-up to do NOT generate a new tag for local source code changes is now fixed. by @ialidzhikov [#194]

Helm Charts

• shoot-rsyslog-relp-admission-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-application:v0.7.0
• shoot-rsyslog-relp-admission-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-runtime:v0.7.0
• shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp:v0.7.0

Docker Images

• gardener-extension-shoot-rsyslog-relp-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.7.0
• gardener-extension-shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.7.0

v0.6.0

[gardener/gardener-extension-shoot-rsyslog-relp]

📰 Noteworthy

• [DEVELOPER] Monitoring config is now getting deleted on extension removal by @Kostov6 [#185]

✨ New Features

• [OPERATOR] A new api object rsyslog-relp.extensions.gardener.cloud/v1alpha1.Auditd is introduced which is used to specify a configuration for the linux audit daemon on the shoot nodes. by @plkokanov [#149]
• [OPERATOR] Helm charts of extension and admission controller are published as OCI artifacts now. by @oliver-goetz [#147]
• [OPERATOR] Two new fields have been added to the provider config for the shoot-rsyslog-relp extension:
  • .auditConfig.enabled allows users to opt in whether to enable the reconfiguration of audit rules on the shoot's nodes and to also configure auditd to send logs to rsyslog. By default this field is true.
  • .auditConfig.configMapReferenceName is a reference to a ConfigMap shoot resource which contains audit configuration. This field is only taken into account if .auditRulesConfig.enabled is true. The ConfigMap must contain a data key auditd which must contain a value of type rsyslog-relp.extensions.gardener.cloud/v1alpha1.Auditd. by @plkokanov [#149]

🏃 Others

• [OPERATOR] A priorityClassName can now be set for the admission deployment via the gardener-extension-shoot-rsyslog-relp-admission Helm chart. by @timuthy [#135]

Helm Charts

• shoot-rsyslog-relp-admission-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-application:v0.6.0
• shoot-rsyslog-relp-admission-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp-admission-runtime:v0.6.0
• shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/shoot-rsyslog-relp:v0.6.0

Docker Images

• gardener-extension-shoot-rsyslog-relp-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.6.0
• gardener-extension-shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.6.0

v0.5.2

[gardener/gardener-extension-shoot-rsyslog-relp]

🐛 Bug Fixes

• [OPERATOR] Fixed an issue that caused the -a exit,always -F arch=b64 -S mount_setattr -F auid!=-1 -F key=privileged_special audit rule to not get correctly applied. by @plkokanov [#151]

Docker Images

• gardener-extension-shoot-rsyslog-relp-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.5.2
• gardener-extension-shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.5.2

v0.5.1

[gardener/gardener-extension-shoot-rsyslog-relp]

🏃 Others

• [OPERATOR] The memory of the rsyslog.service systemd unit is now limited via a drop-in config. The following configurations are used: MemoryMin=15M, MemoryHigh=150M, MemoryMax=300M, MemorySwapMax=0 by @plkokanov [#139]

Docker Images

• gardener-extension-shoot-rsyslog-relp-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.5.1
• gardener-extension-shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.5.1

v0.5.0

[gardener/gardener-extension-shoot-rsyslog-relp]

⚠️ Breaking Changes

• [USER] When changing referenced TLS secret in shoot.spec.resources[] the user should provide only immutable secret by @Kostov6 [#76]

🐛 Bug Fixes

• [OPERATOR] Fixed an issue that caused audit logs to be duplicated in journald if the system-journald-audit socket was enabled. Now if the system-journald-audit socket exists on the node, it is disabled and stopped when this extension is used. by @plkokanov [#104]
• [USER] Rsyslog processes logs on nodes with os suse-chost 15 SP3 by @Kostov6 [#123]

🏃 Others

• [OPERATOR] Errors that can occur when loading audit rules are now ignored and reported as warnings. This allows all correct audit rules to be loaded. by @plkokanov [#128]
• [OPERATOR] The rsyslog-relp action which is used to forward logs to a RELP server now uses a separate in-memory queue of 100000 messages. Additionally, it also uses a disk queue of max 48 MiB which is used to store messages after the in-memory queue is exhausted or to save the current messages in the in-memory queue when the rsyslog service is restarted. by @plkokanov [#115]
• [OPERATOR] This extension is now using the new way of providing monitoring configuration (ref GEP-19) in case a shoot cluster's Prometheus has been migrated to management via prometheus-operator. by @rfranzke [#99]

Docker Images

• gardener-extension-shoot-rsyslog-relp-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.5.0
• gardener-extension-shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.5.0

v0.4.4

[gardener/gardener-extension-shoot-rsyslog-relp]

🏃 Others

• [OPERATOR] The directory where the tls certificates are copied on the node - /etc/ssl/rsyslog, is now created with default (0755) permissions so that it can be read by an rsyslog process that is started without cap_dac_override capability. by @plkokanov [#112]

Docker Images

• gardener-extension-shoot-rsyslog-relp-admission: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp-admission:v0.4.4
• gardener-extension-shoot-rsyslog-relp: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/shoot-rsyslog-relp:v0.4.4