Skip to content

Release Notes Update: v1.6.10 #2474

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
sg-doc-holiday wants to merge 9 commits into
base: main
Choose a base branch
from
Open

Release Notes Update: v1.6.10 #2474

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
0a8f2d8
add v1.6.8 release notes placeholder
sg-doc-holiday[bot] Feb 25, 2026
a82e27a
shorten v1.6.8 notes to one sentence
sg-doc-holiday[bot] Feb 25, 2026
f5a03ad
format v1.6.8 release notes sections
sg-doc-holiday[bot] Feb 25, 2026
2d06852
align v1.6.8 notes with style guide
sg-doc-holiday[bot] Feb 25, 2026
b0ce451
enforce thesaurus choices in v1.6.8 notes
sg-doc-holiday[bot] Feb 25, 2026
a0350fb
match v1.6.8 notes to existing layout
sg-doc-holiday[bot] Feb 25, 2026
7c57129
document operator helm resource and runtime settings
sg-doc-holiday[bot] Feb 25, 2026
23804ca
add note on snitch runtime socket detection
sg-doc-holiday[bot] Feb 25, 2026
a1385fa
update operator helm value key docs
sg-doc-holiday[bot] Feb 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
55 changes: 54 additions & 1 deletion getting-started/deployment_guide.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,44 @@ helm upgrade --install kubearmor-operator kubearmor/kubearmor-operator -n kubear
kubectl apply -f https://raw.githubusercontent.com/kubearmor/KubeArmor/main/pkg/KubeArmorOperator/config/samples/sample-config.yml
```

You can find more details about helm related values and configurations [here](https://github.com/kubearmor/KubeArmor/tree/main/deployments/helm/KubeArmorOperator).
### Override the kubearmor-operator image tag (optional)

To override the `kubearmor-operator` image tag during install/upgrade, set the Helm value `kubearmorOperator.image.tag`.

Example:

```bash
helm upgrade --install kubearmor-operator kubearmor/kubearmor-operator \
-n kubearmor --create-namespace \
--set kubearmorOperator.image.tag=latest
```

You can find more details about helm related values and configurations in the upstream chart sources at [deployments/helm/KubeArmorOperator](https://github.com/kubearmor/KubeArmor/tree/main/deployments/helm/KubeArmorOperator).

### Configure operator Pod resources (optional)

The Helm chart supports setting container resources for the `kubearmor-operator` deployment via `kubearmorOperator.resources`.

1. Create a values override file.
2. Set `kubearmorOperator.resources`.
3. Re-run `helm upgrade --install`.

Example:

```yaml
kubearmorOperator:
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 256Mi
```

{% hint style="info" %}
The upstream chart defaults `kubearmorOperator.resources` to `{}`.
{% endhint %}

## Install kArmor CLI (Optional)

Expand All @@ -26,6 +63,22 @@ curl -sfL http://get.kubearmor.io/ | sudo sh -s -- -b /usr/local/bin

## Deploy test nginx app

## Verify node runtime detection (optional)

The KubeArmor operator deploys a `kubearmor-snitch` Job that detects node information. The snitch detects the runtime by checking known runtime socket locations under the configured path prefix (default: `/rootfs`) and then patches the node with labels that include the detected runtime and socket.

To see the detection logs:

```bash
kubectl logs -n kubearmor job/<snitch-job-name>
```

To see labels patched on a node:

```bash
kubectl get node <node-name> --show-labels
```

```
kubectl create deployment nginx --image=nginx
POD=$(kubectl get pod -l app=nginx -o name)
Expand Down
33 changes: 33 additions & 0 deletions getting-started/release-notes/v1.6.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,39 @@ This release reflects major advancements in policy enforcement, system monitorin
### [Watch the KubeArmor v1.6 Release Overview](https://www.youtube.com/watch?v=lNXBwXRH-TQ)
<img src="https://github.com/user-attachments/assets/fbd6545c-2a7a-4ae4-91f5-87242a5b1c37" alt="KubeArmor v1.6 Release" width="600" />

## Patch Releases

### KubeArmor v1.6.8

**Title:** KubeArmor v1.6.8 patch release

**Date:** 2026-02-25

**Version:** v1.6.8

#### 🆕 **New Features**

- Added faster username reporting in host events so operators can understand who triggered an alert without extra lookups.
- Added an option to explicitly choose the container runtime socket so deployments can target the correct CRI endpoint.

#### 🐜 **Bug Fixes**

- Fixed several concurrency issues so endpoint and host security policy handling is more reliable under load.
- Fixed alert throttling race conditions so alerts are not corrupted or mis-throttled during concurrent processing.
- Fixed RHEL9 build gating so the compatibility macro is only enabled when it should be.
- Fixed chart-generated DaemonSets so they always pass a CRI socket argument for consistent runtime connectivity.

#### 🎁 **Misc**

- Updated CI to use the correct Helm values key for the kubearmor-operator image tag so automated workflows set the intended image version.
- Improved test configuration flexibility so runs can match the intended LSM setup.
- Improved host-only runs and USB logging so local operation is easier to diagnose.
- Updated dependencies and release metadata to keep builds current and supported.
- Hardened security-scanner compliance and aligned secret naming for better operational consistency.
- Added default resource sizing so workloads behave more predictably under scheduling pressure.

**Changelog:** https://github.com/kubearmor/KubeArmor/releases/tag/v1.6.8

## Key Features & Enhancements

### 🔐 **Advanced Process Arguments Matching**
Expand Down