Skip to content

Releases: CheckPointSW/charts

2.15.1: k8s 1.25 adjustments; custom annotations; daemonsets rollout

18 Oct 13:18
927ce15
Compare
Choose a tag to compare
  • inventory agent 1.7.1:
    adjust support for PSP and CronJobs in k8s 1.25
    fix memory footprint issue in large clusters
  • support for custom pod annotations for cloudguard agents
  • improve daemonsets rollout

Full Changelog: 2.15.0...2.15.1

2.15.1 ea: k8s 1.25 adjustments; custom annotations; daemonsets rollout

18 Oct 13:18
8b8b9a1
Compare
Choose a tag to compare
  • inventory agent 1.7.1
    adjust support for PSP and CronJobs in k8s 1.25
  • fix memory footprint issue in large clusters
  • support for custom pod annotations for cloudguard agents
  • improve daemonsets rollout

Full Changelog: 2.15.0-ea...2.15.1-ea

2.15.0: GCR, OpenShift alternative image export, priority class

03 Oct 19:46
17ec534
Compare
Choose a tag to compare
  • Admission Control Enforcer 2.2.0:
    Effective policy indication: log indication once a new policy is updated in the cluster.
  • Image Assurance 2.15.0:
    Release Google Container Registry Scanning support with 2 authentication methods: Service Account Key and GKE internal authentication
    Supporting export of signed images on OpenShift clusters
  • All features:
    Pod Priority Class support - https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/

Full Changelog: 2.14.1...2.15.0

2.15.0 ea: GCR, OpenShift alternative image export, priority class

03 Oct 19:44
2f87491
Compare
Choose a tag to compare
  • Admission Control Enforcer 2.2.0:
    Effective policy indication: log indication once a new policy is updated in the cluster.
  • Image Assurance 2.15.0:
    Release Google Container Registry Scanning support with 2 authentication methods: Service Account Key and GKE internal authentication
    Supporting export of signed images on OpenShift clusters
  • All features:
    Pod Priority Class support - https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/

Full Changelog: 2.14.1-ea...2.15.0-ea

2.14.1: admission enforcer unite containers, large inventory etc

17 Aug 10:17
69795cc
Compare
Choose a tag to compare
  • AC:
    enforcer 2.0.0: fluentbit and gsl containers removed; resources reduced
    policy 1.2.1: update packages
  • Image Assurance 2.14.0:
    exposed new scan status ‘Unsupported OS’ for Windows images
  • Inventory 1.6.1:
    fix: handle big collections
  • All features:
    for helm template use seccompProfile by default instead of annotation

Full Changelog: 2.13.0...2.14.1

2.14.1 ea: admission enforcer unite containers, large inventory etc

17 Aug 10:17
2eeb2d0
Compare
Choose a tag to compare
  • AC:
    enforcer 2.0.0: fluentbit and gsl containers removed; resources reduced
    policy 1.2.1: update packages
  • Image Assurance 2.14.0:
    exposed new scan status ‘Unsupported OS’ for Windows images
  • Inventory 1.6.1:
    fix: handle big collections
  • All features:
    for helm template use seccompProfile by default instead of annotation

Full Changelog: 2.13.0-ea...2.14.1-ea

2.13.0: image admission, registry scan ACR and ECR GA, ECS scan

12 Jul 12:44
1e82c38
Compare
Choose a tag to compare

2.13.0

  • Admission Control policy 1.2.0, enforcer 1.5.0:
    ** Image Admission (new feature) that integrates Admission Control and Image Assurance allowing users to block the deployment of workloads based on the Image Assurance policy.
  • Image Assurance 2.13.0:
    ** Registry Scanning for ACR and ECR GA
    ** Registry listing functionality has been split from engine agent into a separate 'imagescan-list' deployment
    ** Support for scanner scaling
  • All features:
    ** improving telemetry infrastructure
    ** fluentbit container has been removed from all agents except for Admission Control enforcer & gsl, Runtime Protection daemon.
  • Resources reduced for:
    ** Admission Control enforcer and policy
    ** Image Assurance engine
    ** Runtime Protection policy

2.12.0: Bottlerocket support; misc enhancements in Inventory, IA, AC, RP

  • Support AWS BottleRocket OS by using a flag “--set platform=eks.bottlerocket”
  • Inventory 1.5.0: Agent status improvement: discovery of missing permissions for Kubernetes API
  • Image Assurance 2.12.0: remove fluentbit container
  • Admission Control GSL 1.3.3: update packages
  • Runtime Protection daemon 0.0.740:
    ** Added support for AWS BottleRocket OS
    ** Updated procedure for Linux kernel headers installation

2.11.1: cace1, manual platform, ECR, OpenShift 3.x, FL defaults

  • Image Assurance 2.10.0: support ECR, send platform and last update, Shiftleft version update, support max images per repository limitation
  • inventory 1.4.4: fix OpenShift configuration handling, support OpenShift 3.x
  • Admission Control GSL 1.3.2: update packages
  • Flowlogs 0.6.0: update default reporting interval and max report size
  • all agents: telemetry fix
  • helm: fix manual platform value, support cace1 datacenter
  • Runtime Protection: remove signatureGroup CRD

Full Changelog: 2.10.2...2.13.0

2.13.0 ea: image admission, registry scan ACR and ECR GA, ECS scan

12 Jul 12:39
89c6c75
Compare
Choose a tag to compare
  • Admission Control policy 1.2.0, enforcer 1.5.0:
    ** Image Admission (new feature) that integrates Admission Control and Image Assurance allowing users to block the deployment of workloads based on the Image Assurance policy.
  • Image Assurance 2.13.0:
    ** Registry Scanning for ACR and ECR GA
    ** Registry listing functionality has been split from engine agent into a separate 'imagescan-list' deployment
    ** Support for scanner scaling
  • All features:
    ** improving telemetry infrastructure
    ** fluentbit container has been removed from all agents except for Admission Control enforcer & gsl, Runtime Protection daemon.
  • Resources reduced for:
    ** Admission Control enforcer and policy
    ** Image Assurance engine
    ** Runtime Protection policy

Full Changelog: 2.12.0-ea...2.13.0-ea

2.12.0 ea: Bottlerocket support; misc enhancements in Inventory, IA, AC, RP

10 Jul 14:08
1f32b49
Compare
Choose a tag to compare
  • Support AWS BottleRocket OS (auto-detection or via flag '--set platform=eks.bottlerocket')
  • Inventory 1.5.0: agent status improvement: missing permissions for Kubernetes API
  • Image Assurance 2.12.0: remove fluentbit container
  • Admission Control GSL 1.3.3: update packages
  • Runtime Protection daemon 0.0.740: bottlerocket support; kernel headers installation prereq

Full Changelog: 2.11.1-ea...2.12.0-ea

2.11.1: IA 2.10.0 max images per repository

26 Apr 10:14
f4d7a50
Compare
Choose a tag to compare

Image Assurance 2.10.0: support max images per repository limitation

Full Changelog: 2.11.0-ea...2.11.1-ea