release v0.7.0

What's Changed

Added

• Added an AllowViolations field to the VarmorPolicy and VarmorClusterPolicy CRD.
• Supported the observation mode for AppArmor, BPF and Seccomp enforcers.
• Logged the violation events that are not blocked into the violations.log file at debug level.
• Added a StorageType field to the ArmorProfileModel CRD.
• Added a STORAGE-TYPE field to the additional printer columns of the ArmorProfileModel resources to provide more detailed information when viewing the resources via the kubectl command-line tool.
• Mounted an emptyDir data volume to the agent and the manager when the behavior modeling feature is enabled.
• Manager saves the behavior data and profiles into a local file within the data volume when the ArmorProfileModel object exceeds the limit.
• Agent caches the audit data in the data volume during modeling.
• Supported exporting the complete ArmorProfileModel object from the interface of the manager.
• All interfaces of the manager are exposed at the /apis path.
• Added a --logFormat command-line option and allowed outputting logs in JSON format.
• Modified the AppArmorRawRules structure of the VarmorPolicy and VarmorClusterPolicy CRD to support setting custom rules for specific executable files.
• Forced agents to update profiles whose status did not meet the expected criteria periodically.
• Loaded the profiles from the local file if the StorageType field of ArmorProfileModel object is LocalDisk when the policy is running in DefenseInDepth mode.
• Added a --set jsonLogFormat.enabled=true option for switching log format to JSON.

Fixed

• Agent exposed the readinessProbe on port 6080 by default if it was not in a container.
• Accessed the classifier through the varmor-classifier-svc service when the agent was running in a container.
• Increased the wait time for timeout retry.
• Switched log level from 3 to 2 for tracing.

Full Changelog: v0.6.3...v0.7.0