Skip to content

Version 1.2.33 - January 14th 2025

Latest
Latest
Compare
Choose a tag to compare
@ceelias ceelias released this 14 Jan 21:09
1.2.33
26b1767
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Version 1.2.33 (14JAN2025)

  • Logging

    • [SECURITY] Fluent Bit log collecting pods no longer run as root user. In addition, the database used to
      maintain state information for the log collector has moved to a hostPath volume and been renamed. A new initContainer
      has been added to handle migrating any existing state information and make adjustments to file ownership/permissions.
      NOTE: This initContainer runs under as root user but only runs briefly during the initial deployment process.
    • [SECURITY] OpenSearch pods has been reconfigured to allow readOnlyRootFilesystem to be set to 'true'. A
      new initContainer has been added to facilitate this.
    • [SECURITY] Runtime security controls for log monitoring stack (i.e. Fluent Bit, OpenSearch, OpenSearch
      Dashboards and Elasticsearch Exporter) pods have been tightened. Changes include: adding seccompProfile;
      and disallowing privileged containers, privilege escalation and removing all Linux capabilities. As noted
      above, some initContainers require less restrictive security but these only run briefly during the initial
      deployment process.
    • [SECURITY] On OpenShift, all Fluent Bit pods now use custom SCC objects to support changes described above.
    • [CHANGE] Improved handling of long log messages and those from some Crunchy Data pods

  • Metrics

    • [FIX] Rule defintion for :sas_launcher_pod_info: updated to: support multiple SAS Viya deployments
      running in same cluster and address a data problem seen on OpenShift when there is a significant delay (> 1s)
      between when a pod being created and it being assigned an IP address.
Assets 2
Loading