RSS

Cluster Shield Release Notes

Here are the most recent release notes for Cluster Shield. Review the entries to learn about the latest features, defect fixes, and known issues.

1.1.2, Jul 18, 2024

Defect Fixes

  • Fixed a defect that could cause the container_vulnerability_management feature to scan images using the x86_64 architecture in arm64 clusters.

1.1.1, July 09, 2024

Defect Fixes

  • Fixed a defect that prevented the container_vulnerability_management feature to properly manage the file size for processed files.

1.1.0, July 03, 2024

Feature Enhancements

  • Ability to run on GKE when the cluster is configured to run with the Autopilot functionality. To enable this feature, add the flag --set global.gke.autopilot=true to the configuration while installation.

  • Added support for Windows worker nodes. Once installed with the kubernetes Metadata feature enabled, it pair with the Windows Agent to include kubernetes information in the events reported by the Sysdig backend.

1.0.1, June 17, 2024

Feature Enhancements

Added the ability to configure ports used by Admission Control and Audit

1.0.0 June 12, 2024

Fixed Vulnerabilities

0.11.0, June 5, 2024

Feature Enhancements

  • Ability to configure external distributed cache
  • Introduced Container Vulnerability Management feature through Admission Control
  • Secure API token is no longer required to configure Cluster Shield for Sysdig SaaS
  • Posture feature now collects information about secrets for Inventory

Fixed Vulnerabilities

Defect Fixes

  • Fixed a defect that was preventing already existing credential secrets to be correctly loaded
  • Fixed a defect causing some components to panics due to a missing message keys in their logs
  • Set exit code correctly when the application ends with an error
  • Fixed a memory leak when the Kubernetes Metadata feature was enabled
  • Fixed a memory leak issue when the Container Vulnerability Management feature was enabled
  • Fixed a defect that was blocking the application while starting Admission Control
  • Fixed a defect preventing to display DEBUG-level logs
  • Fixed a defect which could cause long-running workloads to disappear from the UI for Container Vulnerability Management

0.10.1, May 3, 2024

Fixed an issue preventing Cluster Shield to read access_key and secure_api_token from already existing secrets.

0.10.0, May 2, 2024

Feature Enhancements

  • Improved communication with the Sysdig backend by reducing the network footprint for Container Vulnerability Management feature
  • Improved pull secrets retrieval, reducing the memory footprint by filtering supported secret types and adding support for pagination for Container Vulnerability Management feature
  • Decreased the time required to see preliminary container vulnerability results in the UI
  • Ability to configure sysdig_endpoint using region
  • Introduced liveness and readiness probes in the helm chart

Fixed Vulnerabilities

Defect Fixes

  • Fixed a defect that could cause Container Vulnerability Management feature to ignore the image digest, running the risk of analyzing an incorrrect image
  • Set correct exit code for sub-processes when running in multi-process mode
  • Fixed TLS certificate generation that was causing issues on AKS clusters

0.9.0, April 15, 2024

Enhancements

  • Supports sending the k8s_metadata message. The agent retrieves the tags used for the Cost Advisor feature from k8s_metadata.

0.8.0, April 4, 2024

Enhancements

  • You can now use an already existing secret (managed from outside the cluster-shield helm chart) to deploy informations like Secure API Token and Access Key.
  • Internal comunication use TLS by default.
  • The feature kubernetes_metadata now support monitor events
  • The feature kubernetes_metadata now support short lived resources

0.7.0, March 19, 2024

Enhancements

  • Added the Kubernetes Metadata feature lets you collect cluster metadata replacing the Delegated Agent functionality.
  • The Cluster Shield can now be executed as single process.
  • Added onPremCompatibilityVersion in the helm chart that can be used to specify the on-prem version used.

Breaking changes

  • Configuration for feature container_vulnerability_management:
    • offline_analyzer is not longer avilable, if you set it please remove it from the configuration.
    • platform_services_enabled is now enabled by default
    • registry_verify_certificate is now replaced by registry_ssl

March 07, 2024

Sysdig Cluster Shield Released as Controlled Availability

Sysdig is delighted to announce the controlled availability of Sysdig Cluster Shield. This solution consolidates multiple agent deployments into a single containerized component, marking a significant advancement in simplifying the deployment, management, and configuration of the Sysdig suite of security and compliance tools at the cluster level. By streamlining operations for Kubernetes environments, Cluster Shield makes it easier than ever to maintain your security and compliance posture.

For more information, see Sysdig Cluster Shield.