Skip to content

Releases: tuxerrante/kapparmor

kapparmor-0.1.6

17 Jul 10:50
@github-actions github-actions
kapparmor-0.1.6
8a0b858
This commit was signed with the committer’s verified signature.
tuxerrante Affinito Alessandro
GPG key ID: 8AF44DFB120B26C9
Learn about vigilant mode.
Compare
Choose a tag to compare
kapparmor-0.1.6 Latest
Latest

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

0.1.6 - 2024-07-16

  • Update to go 1.22.5
  • Fixed produced image to ubuntu:24.04@sha256:2e863c44b718727c860746568e1d54afd13b2fa71b160f5cd9058fc436217b30
  • Publication of a roadmap
  • Docs update

0.1.5 - 2023-05-16

0.1.2 - 2023-02-22

Fixed

  • Support for profile names coming after comments and include lines

Added

  • Tested on multiple nodes cluster
  • Base images switched to go 1.20

0.1.1 - 2023-02-13

Fixed

  • Moved shared testing functions to a dedicated module
  • Minor documentation and readme fixes

Added

  • Enforce profiles filenames to be the same as the profile names
  • Changelog automatically read by chart-releaser

0.1.0 - 2023-02-01

Fixed

  1. "Unable to replace profiles. Permission denied, app seems still confined." - Switched to ubuntu image
  2. No need for SYS_ADMIN capabilities
  3. Ignore hidden and system folders while scanning for profiles

Added

  1. Instructions to test the app in a virtual machine directly running the go app or in microk8s pushing the built container to the local registry

0.0.6 - 2023-01-26

Added

Helm:

  • Added SYS_ADMIN capabilities to the daemonset
  • Mounted needed folders in the Dockerfile and in the daemonset
  • Added POLL_TIME and profiles files as configurable options through configmaps

Go:

  • Added first testing function
  • Moved file operations functions to dedicated module
    • Fixed POLL_TIME value passing from configmap

CI/CD:

  • Explicit changelog to help users understanding the project features
    • Automatic generation of release notes based on changelog file
  • Configurable poll time and profiles directory in the helm values file

0.0.5 - 2023-01-23

Added

Helm:

  • Helm Chart based mainly on a DaemonSet and a configmap. No operator needed.
  • Load all AppArmor profiles in the configmap template

Go:

  • Possibility to load continuously the security profiles from a configmap with a configurable poll time

CI/CD:

  • Helm chart linting and testing before releasing
  • Security vulnerability tests on Go dependencies and container file.
  • Auto generation of GitHub pages
  • Container image tag is set to current commit SHA for every release.

Fixed

  • Being still an alpha release I will add everything in the "Added" section

What's Changed

Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.1.6

Contributors

tuxerrante
Assets 3
Loading

v0.1.9

19 Feb 19:04
@tuxerrante tuxerrante
v0.1.9
01f9efb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.9 Pre-release
Pre-release

What's Changed

CI:

  • Fixed Codecov plugin issues
  • Refresh container image every Sunday night
  • Git auto CRLF set to false git config --global core.autocrlf false
  • Bumped multiple actions
  • Bash CI to automate go version bump from one source of truth (config/config)

Code:

  • golang:1.22 as builder containerfile image
  • The k8s service resource is now settable from the values.yaml
  • Introduced Fuzz testing for profile filenames
  • If POLL_TIME is set less than 1 it will default to 1 second

Project Security Fixes

  • Signed commits: git config commit.gpgsign true
  • Added repository Security policy
  • Added OpenSSF scorecard workflow
  • Least Privileged GitHub Actions Token Permissions: setting minimum token permissions for the GITHUB_TOKEN
  • Pinning actions to full length commit
  • Intergated Harden-Runner in the CI: it prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access.
  • Pinned image tags to digests in Dockerfiles.
  • Closed 44 (!) security issues coming from Scorecard security scanner. Also with the help of stepsecurity.io

Full Changelog: v0.1.5...v0.1.9

Assets 2
Loading

kapparmor-0.1.5

15 May 15:21
@github-actions github-actions
kapparmor-0.1.5
5d23662
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
kapparmor-0.1.5

Changelog

All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

[Unreleased]

  1. E2E tests
    • Create a new profile
    • Update an existing profile
    • Remove an existing profile
    • Remove a non existing profile
    • check current confinement state of the app
  2. Remove kubernetes Service and DaemonSet exposed ports if useless
  3. Add daemonset commands for checking readiness
  4. Add different logging levels

0.1.5 - 2023-05-16

0.1.2 - 2023-02-22

Fixed

  • Support for profile names coming after comments and include lines

Added

  • Tested on multiple nodes cluster
  • Base images switched to go 1.20

0.1.1 - 2023-02-13

Fixed

  • Moved shared testing functions to a dedicated module
  • Minor documentation and readme fixes

Added

  • Enforce profiles filenames to be the same as the profile names
  • Changelog automatically read by chart-releaser

0.1.0 - 2023-02-01

Fixed

  1. "Unable to replace profiles. Permission denied, app seems still confined." - Switched to ubuntu image
  2. No need for SYS_ADMIN capabilities
  3. Ignore hidden and system folders while scanning for profiles

Added

  1. Instructions to test the app in a virtual machine directly running the go app or in microk8s pushing the built container to the local registry

0.0.6 - 2023-01-26

Added

Helm:

  • Added SYS_ADMIN capabilities to the daemonset
  • Mounted needed folders in the Dockerfile and in the daemonset
  • Added POLL_TIME and profiles files as configurable options through configmaps

Go:

  • Added first testing function
  • Moved file operations functions to dedicated module
    • Fixed POLL_TIME value passing from configmap

CI/CD:

  • Explicit changelog to help users understanding the project features
    • Automatic generation of release notes based on changelog file
  • Configurable poll time and profiles directory in the helm values file

0.0.5 - 2023-01-23

Added

Helm:

  • Helm Chart based mainly on a DaemonSet and a configmap. No operator needed.
  • Load all AppArmor profiles in the configmap template

Go:

  • Possibility to load continuously the security profiles from a configmap with a configurable poll time

CI/CD:

  • Helm chart linting and testing before releasing
  • Security vulnerability tests on Go dependencies and container file.
  • Auto generation of GitHub pages
  • Container image tag is set to current commit SHA for every release.

Fixed

  • Being still an alpha release I will add everything in the "Added" section

What's Changed

New Contributors

Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.1.5

Contributors

tuxerrante
Assets 3
Loading

kapparmor-0.1.2

16 Feb 15:17
@github-actions github-actions
kapparmor-0.1.2
14367e8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
kapparmor-0.1.2

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

[Unreleased]

  1. Go unit tests
    • Create a new profile
    • Update an existing profile
    • Remove an existing profile
    • Remove a non existing profile
    • check current confinement state of the app
  2. Remove kubernetes Service and DaemonSet exposed ports if useless
  3. Add daemonset commands for checking readiness
  4. Test on multiple nodes cluster

0.1.1 - 2023-02-13

Fixed

  • Moved shared testing functions to a dedicated module
  • Minor documentation and readme fixes

Added

  • Enforce profiles filenames to be the same as the profile names
  • Changelog automatically read by chart-releaser

0.1.0 - 2023-02-01

Fixed

  1. "Unable to replace profiles. Permission denied, app seems still confined." - Switched to ubuntu image
  2. No need for SYS_ADMIN capabilities
  3. Ignore hidden and system folders while scanning for profiles

Added

  1. Instructions to test the app in a virtual machine directly running the go app or in microk8s pushing the built container to the local registry

0.0.6 - 2023-01-26

Added

Helm:

  • Added SYS_ADMIN capabilities to the daemonset
  • Mounted needed folders in the Dockerfile and in the daemonset
  • Added POLL_TIME and profiles files as configurable options through configmaps

Go:

  • Added first testing function
  • Moved file operations functions to dedicated module
    • Fixed POLL_TIME value passing from configmap

CI/CD:

  • Explicit changelog to help users understanding the project features
    • Automatic generation of release notes based on changelog file
  • Configurable poll time and profiles directory in the helm values file

0.0.5 - 2023-01-23

Added

Helm:

  • Helm Chart based mainly on a DaemonSet and a configmap. No operator needed.
  • Load all AppArmor profiles in the configmap template

Go:

  • Possibility to load continuously the security profiles from a configmap with a configurable poll time

CI/CD:

  • Helm chart linting and testing before releasing
  • Security vulnerability tests on Go dependencies and container file.
  • Auto generation of GitHub pages
  • Container image tag is set to current commit SHA for every release.

Fixed

  • Being still an alpha release I will add everything in the "Added" section

What's Changed

New Contributors

Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.1.2

Contributors

tuxerrante
Assets 3
Loading

kapparmor-0.1.1

13 Feb 18:05
@github-actions github-actions
kapparmor-0.1.1
925e46f
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
kapparmor-0.1.1

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

[Unreleased]

  1. Go unit tests
    • Create a new profile
    • Update an existing profile
    • Remove an existing profile
    • Remove a non existing profile
    • check current confinement state of the app
  2. Remove kubernetes Service and DaemonSet exposed ports if useless
  3. Add daemonset commands for checking readiness
  4. Test on multiple nodes cluster

0.1.1 - 2023-02-13

Fixed

  • Moved shared testing functions to a dedicated module
  • Minor documentation and readme fixes

Added

  • Enforce profiles filenames to be the same as the profile names
  • Changelog automatically read by chart-releaser

0.1.0 - 2023-02-01

Fixed

  1. "Unable to replace profiles. Permission denied, app seems still confined." - Switched to ubuntu image
  2. No need for SYS_ADMIN capabilities
  3. Ignore hidden and system folders while scanning for profiles

Added

  1. Instructions to test the app in a virtual machine directly running the go app or in microk8s pushing the built container to the local registry

0.0.6 - 2023-01-26

Added

Helm:

  • Added SYS_ADMIN capabilities to the daemonset
  • Mounted needed folders in the Dockerfile and in the daemonset
  • Added POLL_TIME and profiles files as configurable options through configmaps

Go:

  • Added first testing function
  • Moved file operations functions to dedicated module
    • Fixed POLL_TIME value passing from configmap

CI/CD:

  • Explicit changelog to help users understanding the project features
    • Automatic generation of release notes based on changelog file
  • Configurable poll time and profiles directory in the helm values file

0.0.5 - 2023-01-23

Added

Helm:

  • Helm Chart based mainly on a DaemonSet and a configmap. No operator needed.
  • Load all AppArmor profiles in the configmap template

Go:

  • Possibility to load continuously the security profiles from a configmap with a configurable poll time

CI/CD:

  • Helm chart linting and testing before releasing
  • Security vulnerability tests on Go dependencies and container file.
  • Auto generation of GitHub pages
  • Container image tag is set to current commit SHA for every release.

Fixed

  • Being still an alpha release I will add everything in the "Added" section

What's Changed

New Contributors

Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.1.1

Contributors

tuxerrante
Assets 3
Loading

kapparmor-0.1.0

01 Feb 10:46
@github-actions github-actions
kapparmor-0.1.0
4970502
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
kapparmor-0.1.0

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog,
and this project adheres to Semantic Versioning.

[Unreleased]

  1. Go unit tests
    • Create a new profile
    • Update an existing profile
    • Remove an existing profile
    • Remove a non existing profile
  2. Remove kubernetes Service and DaemonSet exposed ports if useless
  3. Evaluate an automatic changelog generation from commits like googleapis/release-please
  4. Add daemonset commands for checking readiness
  5. Add tests for all the main functions
  6. Add test for checking current confinement state of the app
  7. Test on multiple nodes cluster

0.1.0 - 2023-02-01

Fixed

  1. "Unable to replace profiles. Permission denied, app seems still confined." - Switched to ubuntu image
  2. No need for SYS_ADMIN capabilities
  3. Ignore hidden and system folders while scanning for profiles

Added

  1. Instructions to test the app in a virtual machine directly running the go app or in microk8s pushing the built container to the local registry

0.0.6 - 2023-01-26

Added

Helm:

  • Added SYS_ADMIN capabilities to the daemonset
  • Mounted needed folders in the Dockerfile and in the daemonset
  • Added POLL_TIME and profiles files as configurable options through configmaps

Go:

  • Added first testing function
  • Moved file operations functions to dedicated module
    • Fixed POLL_TIME value passing from configmap

CI/CD:

  • Explicit changelog to help users understanding the project features
    • Automatic generation of release notes based on changelog file
  • Configurable poll time and profiles directory in the helm values file

0.0.5 - 2023-01-23

Added

Helm:

  • Helm Chart based mainly on a DaemonSet and a configmap. No operator needed.
  • Load all AppArmor profiles in the configmap template

Go:

  • Possibility to load continuously the security profiles from a configmap with a configurable poll time

CI/CD:

  • Helm chart linting and testing before releasing
  • Security vulnerability tests on Go dependencies and container file.
  • Auto generation of GitHub pages
  • Container image tag is set to current commit SHA for every release.

Fixed

  • Being still an alpha release I will add everything in the "Added" section

What's Changed

New Contributors

Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.1.0

Contributors

tuxerrante
Assets 3
Loading

kapparmor-0.0.6

01 Feb 10:39
@github-actions github-actions
kapparmor-0.0.6
82a45a3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
kapparmor-0.0.6 Pre-release
Pre-release

A project to deploy profiles through a kubernetes daemonset and a configmap

What's Changed

New Contributors

Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.0.6

Contributors

tuxerrante
Assets 3
Loading

kapparmor-0.0.5-alpha

18 Jan 19:23
@github-actions github-actions
kapparmor-0.0.5-alpha
e646db8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
kapparmor-0.0.5-alpha Pre-release
Pre-release

A project to deploy profiles through a kubernetes daemonset and a configmap

What's Changed

New Contributors

Full Changelog: https://github.com/tuxerrante/kapparmor/commits/kapparmor-0.0.5-alpha

Contributors

tuxerrante
Assets 3
Loading