New New container drivers are available: docker-linux, containerd-linux, crio-linux, which spawn attacks with significantly reduced CPU and IO system usage. Attacks against container processes no longer require direct integration with runc. These drivers can be enabled by removing volumeMounts from the Gremlin daemonset for /run/docker/runtime-runc/moby, /run/containerd/runc/k8s.io, and /run/runc respectively.
Fix Rolling back network attacks no longer considers missing network devices as a critical error. This accounts for failure modes where the network device is torn down externally.
Fix Better detection around pre-existing ingress rules which conflict with Gremlin blackhole attacks. This can happen with network integrations such as Cilium and Kata, or any networking integration which applies some level of traffic shapping on ingress network traffic. Gremlin now skips impact when conflicts are detected and prints a warning to the attack log.