v0.14.0

Version v0.14.0 released!

This release contains updates to our dependencies, changes the default log level from Trace to Info, and adds official support for K8s v1.26.

contrast/agent-operator:0.14.0
contrast/agent-operator@sha256:2da854dcf7bb6d43c1265732ec684280126bbab962df09c653f2f4fb1db31f2c

quay.io/contrast/agent-operator:0.14.0
quay.io/contrast/agent-operator@sha256:2da854dcf7bb6d43c1265732ec684280126bbab962df09c653f2f4fb1db31f2c

v0.13.1

Version v0.13.1 released!

This release contains security related bug fixes against our dependencies.

contrast/agent-operator:0.13.1
contrast/agent-operator@sha256:ec7b4d8f0d6af7c8be1302e3bedc075fec7c72158ec7d0163bd61c1c6d90f9ce

quay.io/contrast/agent-operator:0.13.1
quay.io/contrast/agent-operator@sha256:ec7b4d8f0d6af7c8be1302e3bedc075fec7c72158ec7d0163bd61c1c6d90f9ce

v0.13.0

Version v0.13.0 released!

This release adds QoL improvements when deploying read-only containers, as well as standardizing logging and disk-cache locations across agents types. Internal dependencies were also upgraded.

A new EmptyDir volume is now automatically created and mounted to /contrast/data and agent cache and logs are redirected to this folder. The agent files are now mounted to the read-only directory /contrast/agent (for agents whose files were previously mounted to /contrast). This change will be lazily applied on next workload deployment or workload restart after upgrading the operator.

contrast/agent-operator:0.13.0
contrast/agent-operator@sha256:6310625f9a77d36f9abd4a2e9f07645b44be7b08e71ae40a263cab3bfe248283

quay.io/contrast/agent-operator:0.13.0
quay.io/contrast/agent-operator@sha256:6310625f9a77d36f9abd4a2e9f07645b44be7b08e71ae40a263cab3bfe248283

v0.12.0

Version v0.12.0 released!

This release is the first release supporting the NodeJS V5 (Protect mode only) agent. No other changes are contained.

contrast/agent-operator:0.12.0
contrast/agent-operator@sha256:8db1874900774574a52f8cb4594d33d01bce391c4bfc1a29fb085f877bbaa65b

quay.io/contrast/agent-operator:0.12.0
quay.io/contrast/agent-operator@sha256:8db1874900774574a52f8cb4594d33d01bce391c4bfc1a29fb085f877bbaa65b

v0.11.1

Version v0.11.1 released!

This release is a bug fix release, resolving the "Known Issues" discovered during internal dogfooding. If upgrading was failing upon upgrading to v0.11, this release should allow the upgrade to succeed.

contrast/agent-operator:0.11.1
contrast/agent-operator@sha256:a9f9e4521d198ee1f2dfe99c054790d7a783ec4156472c0176bd5184ba20887b

quay.io/contrast/agent-operator:0.11.1
quay.io/contrast/agent-operator@sha256:a9f9e4521d198ee1f2dfe99c054790d7a783ec4156472c0176bd5184ba20887b

v0.11.0

Version v0.11.0 released!

This release continues to improve performance and memory usage in large K8s clusters (> 5000 pods) as well as providing some quality of life improvements. This release was tested against a large stress testing cluster of 10,000 active pods.

• Updated internal dependencies.
• Improve logging at Info level (Info level will become default in a future release). Monitored injection status is now logged at Info level to aid in tracking pods in-which injection is pending.
• Reduced default operator event queue size, aimed at reducing retained memory during operator lag in huge clusters (> 30,000 tracked entities). In effect, this reduces Gen2 retained allocations, reducing the need for expensive Gen2 GC sweeps.
• Improved internal state indexing of data, reducing desired state calculations from a O(N^3) problem to a O(N) problem. This change also reduces memory complexity significantly, while also reducing cluster lag in large clusters (> 5000 pods). In effect, this increases calculation throughput by a factor of 50+ in large clusters, while also reducing allocation traffic.
• Reduced allocations by improving data structure re-use and reducing closure usage along hot paths. In extreme cases, these changes significantly reduce promotion of objects from Gen0 to Gen2, reducing the need for expensive Gen2 GC sweeps.
• Increased the event stream watcher timeout (not user configurable) from 60 seconds to 10 minutes - reducing full-sync network traffic against the backplane. This may improve the load of the backplane in large clusters.
• Fixed TLS key usage attributes of internally generated certificates to match the TLS 1.3 specification. Operator installations, with incorrect certificates, will automatically generate new certificates upon upgrading. This bug was found during internal testing and is not user facing as the backplane does not appear to validate key usage at this time.
• Speculative fix around the Agent Operator Helm chart to work around a bug found in AWS's K8s implementation, preventing installation in 1.21 clusters.

Known Issues

During dogfooding against our internal K8s clusters, we've discovered that the TLS certificate fix could prevent newer instances of the operator from coming online during the K8s rolling deployment (due to failing health checks). This will be fixed in the next, soon to be released, release. Two workarounds can be used to continue upgrading:

• Scale down an update deployment to 0 replicas, and scale back to your standard replica count.
• Delete and then recreate the deployment.

Upon starting and gaining a leader lock, the operator will update the TLS certificate and continue running. It is the policy of the Agent Operator to not require human intervention during point releases such as v0.10 to v0.11.

contrast/agent-operator:0.11.0
contrast/agent-operator@sha256:c298eb61975c82060b799c1b96390ab2d7087f60e64f8fc76a0a4a3cb4214bf9

quay.io/contrast/agent-operator:0.11.0
quay.io/contrast/agent-operator@sha256:c298eb61975c82060b799c1b96390ab2d7087f60e64f8fc76a0a4a3cb4214bf9

v0.10.0

Version v0.10.0 released!

This release adds the ability to merge with an existing JAVA_TOOL_OPTIONS environment variable when defined in the K8s workload, which is commonly used for Java apps.

contrast/agent-operator:0.10.0
contrast/agent-operator@sha256:dac7bac7cde56391582b4cf03d6a9462ea594adf5a6bdb9d917736158e6f6337

quay.io/contrast/agent-operator:0.10.0
quay.io/contrast/agent-operator@sha256:dac7bac7cde56391582b4cf03d6a9462ea594adf5a6bdb9d917736158e6f6337

v0.9.1

Version v0.9.1 released!

This release contains security related bug fixes against our dependencies.

contrast/agent-operator:0.9.1
contrast/agent-operator@sha256:36cce4402f7c8f9ed0606fca2f107189cc4dd1c9c45b5991a823dbbb3ec38d36

quay.io/contrast/agent-operator:0.9.1
quay.io/contrast/agent-operator@sha256:36cce4402f7c8f9ed0606fca2f107189cc4dd1c9c45b5991a823dbbb3ec38d36

v0.9.0

Version v0.9.0 released!

This release contains changes aimed at improving the performance and reducing memory usage of the Agent Operator in large K8s clusters.

• The operator will no longer drop events from the K8s event stream upon reaching 10,000 events queued, but rather apply back pressure to watchers. This mode is now configured with CONTRAST_EVENT_QUEUE_FULL_MODE. The queue size is now controlled with CONTRAST_EVENT_QUEUE_SIZE.
• The operator will now compress modification events within a 10 second window. This greatly improves catch up performance after a restart. This window size is now controlled with CONTRAST_EVENT_QUEUE_MERGE_WINDOW_SECONDS.
• Memory allocations has been reduced across the board by a factor of 4.
  • Improved byte-array to string conversions using modern techniques - this can significantly reduce allocations with clusters with large number of secrets.
  • Improved performance of caching cluster state used to reconcile changes after losing connection with the K8s API Server. This significantly reduces allocations in clusters with a large number of entities.
  • Improved caching of the compare plan. This provides a minor improvement to performance with a minor decrease in allocations.
  • Migrated to the new ValueTask for more async operations. This provides a minor reduction in allocations with a large number of injectors.
• The performance of pod status updates with clusters with a large number of pods has been improved.
• The /get-info.sh script is now included by default in images - used for diagnostics in permission constrained environments.
• The log level can now be configured with CONTRAST_LOG_LEVEL (the default continues to be Trace). Large clusters will benefit from reducing this to Info.

contrast/agent-operator:0.9.0
contrast/agent-operator@sha256:8805b634139a9112fa20388bc1ff8776c0b8016f1675cffec055791ba5bf8089

quay.io/contrast/agent-operator:0.9.0
quay.io/contrast/agent-operator@sha256:8805b634139a9112fa20388bc1ff8776c0b8016f1675cffec055791ba5bf8089

v0.8.0

Version v0.8.0 released!

This release contains minor bug fixes, improves error messages, and adds official support for K8s v1.25.

contrast/agent-operator:0.8.0
contrast/agent-operator@sha256:f8a6951852660c13f0a6bb2ccfb7686a70cf28083f4223cb0abf9d805f18a34a

quay.io/contrast/agent-operator:0.8.0
quay.io/contrast/agent-operator@sha256:f8a6951852660c13f0a6bb2ccfb7686a70cf28083f4223cb0abf9d805f18a34a