Skip to content

Releases: kubescape/operator

Release v0.2.142

08 May 09:37
@github-actions github-actions
v0.2.142
37ad382
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.142 Latest
Latest

Populate GitLab repositories before scanning when the registry is configured to scan all repos, so registryx host discovery can resolve the actual registry host.

Assets 2
Loading

Release v0.2.141

29 Apr 07:45
@github-actions github-actions
v0.2.141
3c5208d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.141

Summary

  • Add GoMemLimitPercentage field to NodeAgentAutoscalerConfig (default 0.8 = 80%)
  • Compute GOMEMLIMIT per node group in TemplateRenderer as a percentage of the memory limit, and inject it as GoMemLimit into the DaemonSet template
  • Validate that goMemLimitPercentage is in the valid range (0, 1.0] at construction time

Motivation

In autoscaler mode the operator creates per-node-group DaemonSets with dynamically sized resource requests/limits. Previously the DaemonSet template had a static GOMEMLIMIT set at Helm install time. This PR makes the operator compute GOMEMLIMIT at reconcile time from the actual computed memory limit, so it always stays at the configured percentage (default 80%) of whatever the operator decided the limit should be for that node group.

Design note: main container vs. sidecar

The operator computes GOMEMLIMIT only for the main node-agent container, whose resources scale per node group. When the SBOM scanner sidecar is enabled, its resources are static (configured via Helm values, uniform across node groups) and its GOMEMLIMIT is computed once by Helm at install time — the operator passes the sidecar definition through unchanged. Sidecar resource limits can still be adjusted via helm upgrade --set nodeAgent.sbomScanner.resources.limits.memory=....

Changes

File Change
config/config.go Add GoMemLimitPercentage float64 to NodeAgentAutoscalerConfig; set viper default to 0.8
nodeagentautoscaler/templaterenderer.go Add goMemLimitPercentage field; compute GoMemLimit in RenderDaemonSet; validate percentage in constructor
nodeagentautoscaler/autoscaler.go Pass cfg.GoMemLimitPercentage to NewTemplateRenderer
nodeagentautoscaler/templaterenderer_test.go Test GOMEMLIMIT computation for multiple memory/percentage combos; test invalid percentage rejection

Test plan

  • Unit tests: TestTemplateRenderer_RenderDaemonSet_GoMemLimit covers 450Mi→360MiB, 1Gi→819MiB, 1800Mi→1440MiB, 900Mi→720MiB at 80%
  • Unit tests: TestTemplateRenderer_NewTemplateRenderer_InvalidPercentage verifies rejection of 0, negative, >1.0 and acceptance of 1.0
  • All existing tests pass (go test ./...)
  • Local kind cluster verification: computed GOMEMLIMIT matched expected 80% of memory limit in both with-sidecar and without-sidecar scenarios

Summary by CodeRabbit

Release Notes

  • New Features

    • Added nodeAgentAutoscaler.goMemLimitPercentage configuration option (defaults to 0.8) with validation for values between 0 and 1.0
    • Autoscaler now populates Go memory limit environment variables on DaemonSets based on memory limits and the configured percentage

  • Tests

    • Added integration test job to CI/CD pipeline for build verification
Loading

Release v0.2.140

17 Apr 12:58
@github-actions github-actions
v0.2.140
3fcf262
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.140 
Merge pull request #369 from kubescape/bump

chore(deps): bump github.com/docker/cli to v29.2.0
Loading

Release v0.2.139

16 Apr 08:04
@github-actions github-actions
v0.2.139
8c10f4f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.139

Bumps github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4.

Release notes

Sourced from github.com/go-jose/go-jose/v4's releases.

v4.1.4

What's Changed

Fixes Panic in JWE decryption. See GHSA-78h2-9frx-2jm8

Full Changelog: go-jose/go-jose@v4.1.3...v4.1.4

Commits

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.
Loading

Release v0.2.136

14 Apr 12:18
@github-actions github-actions
v0.2.136
79134cc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.136

Summary

  • Bumps github.com/armosec/registryx from v0.0.34 to v0.0.35
  • Picks up the GitLab registry host auto-discovery fix : self-hosted GitLab instances where the container registry hostname differs from the web URL now work correctly
  • The fix uses the GitLab API location field to discover the actual registry hostname, avoiding the service=dependency_proxy 403 error

Summary by CodeRabbit

  • Chores
    • Updated an internal dependency to a newer version for enhanced stability.
Loading

Release v0.2.134

01 Apr 13:43
@github-actions github-actions
v0.2.134
edd5b9a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.134

Bumps github.com/cilium/cilium from 1.16.17 to 1.17.14.

Release notes

Sourced from github.com/cilium/cilium's releases.

1.17.14

Summary of Changes

Bugfixes:

CI Changes:

Misc Changes:

Other Changes:

... (truncated)

Changelog

Sourced from github.com/cilium/cilium's changelog.

v1.17.14

Summary of Changes

Bugfixes:

CI Changes:

Misc Changes:

Read more
Loading

Release v0.2.133

27 Mar 08:01
@github-actions github-actions
v0.2.133
22bcb4c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.133

Summary by CodeRabbit

  • Bug Fixes
    • Scanning efficiency improved by preventing unnecessary reprocessing of items already handled within the same request, reducing computational overhead.
    • Resource optimization enhanced through metadata-driven conditional logic that intelligently skips redundant operations when applicable, ensuring better overall system performance.
Loading

Release v0.2.131

17 Mar 15:37
@github-actions github-actions
v0.2.131
db23270
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.131

Summary by CodeRabbit

  • Chores
    • Updated dependencies to latest versions
Loading

Release v0.2.129

03 Mar 22:02
@github-actions github-actions
v0.2.129
1f35536
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.129

Bumps go.opentelemetry.io/otel/sdk from 1.39.0 to 1.40.0.

Changelog

Sourced from go.opentelemetry.io/otel/sdk's changelog.

[1.40.0/0.62.0/0.16.0] 2026-02-02

Added

  • Add AlwaysRecord sampler in go.opentelemetry.io/otel/sdk/trace. (#7724)
  • Add Enabled method to all synchronous instrument interfaces (Float64Counter, Float64UpDownCounter, Float64Histogram, Float64Gauge, Int64Counter, Int64UpDownCounter, Int64Histogram, Int64Gauge,) in go.opentelemetry.io/otel/metric. This stabilizes the synchronous instrument enabled feature, allowing users to check if an instrument will process measurements before performing computationally expensive operations. (#7763)
  • Add go.opentelemetry.io/otel/semconv/v1.39.0 package. The package contains semantic conventions from the v1.39.0 version of the OpenTelemetry Semantic Conventions. See the migration documentation for information on how to upgrade from go.opentelemetry.io/otel/semconv/v1.38.0. (#7783, #7789)

Changed

  • Improve the concurrent performance of HistogramReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar by 4x. (#7443)
  • Improve the concurrent performance of FixedSizeReservoir in go.opentelemetry.io/otel/sdk/metric/exemplar. (#7447)
  • Improve performance of concurrent histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7474)
  • Improve performance of concurrent synchronous gauge measurements in go.opentelemetry.io/otel/sdk/metric. (#7478)
  • Add experimental observability metrics in go.opentelemetry.io/otel/exporters/stdout/stdoutmetric. (#7492)
  • Exporter in go.opentelemetry.io/otel/exporters/prometheus ignores metrics with the scope go.opentelemetry.io/contrib/bridges/prometheus. This prevents scrape failures when the Prometheus exporter is misconfigured to get data from the Prometheus bridge. (#7688)
  • Improve performance of concurrent exponential histogram measurements in go.opentelemetry.io/otel/sdk/metric. (#7702)
  • The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)
  • The rpc.grpc.status_code attribute in the experimental metrics emitted from go.opentelemetry.io/otel/exporters/otlp/otlplog/otlploggrpc is replaced with the rpc.response.status_code attribute to align with the semantic conventions. (#7854)

Fixed

  • Fix bad log message when key-value pairs are dropped because of key duplication in go.opentelemetry.io/otel/sdk/log. (#7662)
  • Fix DroppedAttributes on Record in go.opentelemetry.io/otel/sdk/log to not count the non-attribute key-value pairs dropped because of key duplication. (#7662)
  • Fix SetAttributes on Record in go.opentelemetry.io/otel/sdk/log to not log that attributes are dropped when they are actually not dropped. (#7662)
  • Fix missing request.GetBody in go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp to correctly handle HTTP/2 GOAWAY frame. (#7794)
  • WithHostID detector in go.opentelemetry.io/otel/sdk/resource to use full path for ioreg command on Darwin (macOS). (#7818)

Deprecated

Commits
  • a3a5317 Release v1.40.0 (#7859)
  • 77785da chore(deps): update github/codeql-action action to v4.32.1 (#7858)
  • 56fa1c2 chore(deps): update module github.com/clipperhouse/uax29/v2 to v2.5.0 (#7857)
  • 298cbed Upgrade semconv use to v1.39.0 (#7854)
  • 3264bf1 refactor: modernize code (#7850)
  • fd5d030 chore(deps): update module github.com/grpc-ecosystem/grpc-gateway/v2 to v2.27...
  • 8d3b4cb chore(deps): update actions/cache action to v5.0.3 (#7847)
  • 91f7cad chore(deps): update github.com/timakin/bodyclose digest to 73d1f95 (#7845)
  • fdad1eb chore(deps): update module github.com/grpc-ecosystem/grpc-gateway/v2 to v2.27...
  • c46d3ba chore(deps): update golang.org/x/telemetry digest to fcf36f6 (#7843)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of th...
Read more
Loading

Release v0.2.128

11 Feb 12:57
@github-actions github-actions
v0.2.128
38c1158
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Release v0.2.128

Summary by CodeRabbit

  • New Features

    • Runtime alerts now include Workload UID and Container ID; container resolution defaults to the first container when no name is provided.

  • Tests

    • Test coverage extended to assert Workload UID and Container ID are populated, including cases with empty container name.

  • Dependencies

    • Go toolchain bumped to 1.25.0 and a broad set of Kubernetes, AWS SDK, and container runtime dependencies updated.
Loading