Helm

0.15.0

March 20, 2024

NewAdd a cluster role binding to grant permissions to read labels on Kubernetes nodes

0.14.0

Fix Removed invalid fields from the SecurityContextConstraint installed when deploying to OpenShift
Fix Removed references to the gremlin.process SELinux label, which cannot be used on OpenShift. See the OpenShift installation guide for more information.
Fix Set the Gremlin daemonset's allowPrivilegeEscalation field based on the value set in values.yaml

0.13.0

March 1, 2024

New introduced new options for gremlin.container.driver value: linux, docker-linux, containerd-linux, crio-linux. These values are used to initialize a new container driver that does not need runc to deploy container attacks. These drivers provision attacks faster and with fewer system resources. See Declare Container Driver for more information. The new default value is linux.

0.12.5

February 21, 2024

InfoEnabled DNS collection by default and disabled process collection by default.

‍

0.12.4

February 14, 2024

‍

0.12.3

February 14, 2024

‍

0.12.2

February 7, 2024

NewThe Gremlin agent daemonset deployment now supports enabling DNS dependency collection by setting gremlin.collect.dns. See gremlin/helm#90.

0.12.1

January 24, 2024

NewThe Gremlin agent daemonset and the Chao agent deployment now support priorityClassName by setting either gremlin.priorityClassName, chao.priorityClassName, or both. See gremlin/helm#89.

0.12.0

November 14, 2023

New: AWS SSM Parameter Store or AWS Secrets Manager ARN values can now be supplied for secret inputs such as gremlin.secret.teamSecret. See How to use config values stored in AWS
New: Introduced gremlin.serviceAccount.annotations and chao.serviceAccount.annotations for supplying custom annotations to the service accounts managed by this chart. This is useful for passing annotations such as eks.amazonaws.com/role-arn.
New: Introduced gremlin.extraEnv and chao.extraEnv for supplying custom environment variables to the Gremlin and Chao agents.
Info: Removed deprecated configuration values:
- gremlin.client.secretName: please use gremlin.secret.name
- gremlin.client.certCreateSecret: please use gremlin.secret.managed
- gremlin.installK8sClient: please use: chao.create

0.11.0

October 11, 2023

New: Helm chart now explicitly declares DAC_READ_SEARCH, which is required to discover dependencies and run Certificate Expiry attacks. Most container runtimes already provide a superset of this capability (DAC_OVERRIDE) by default.

0.10.0

August 28, 2023

New: Make gremlin.container.driver=any the new default, when set gremlin.container.driver=any will attempt to mount all possible container driver paths, delegating to gremlin to pick the runtime. This option has served as the easiest way to get Gremlin up and running on containerized systems because you don't need to know or muck with container driver details.

0.9.1

August 22, 2023

New: You can now add labels to the deployed Gremlin Pods using the chao.podLabels and gremlin.podLabels parameters. See the Chart documentation for details.

0.9.0

March 16, 2023

New: You can now specify SELinux options to apply to the Gremlin DaemonSet container securityContext using the gremlin.podSecurity.seLinuxOptions parameter. See the Chart documentation for details.