×

Red Hat Advanced Cluster Security for Kubernetes (RHACS) 3.64 includes feature enhancements, bug fixes, scale improvements, and other changes.

Release date: August 11, 2021

New features

  • ROX-7230: You can now use deployment and namespace annotations to define where Red Hat Advanced Cluster Security for Kubernetes sends violation notifications when configuring your notifiers. Notifications can be sent to Slack, Microsoft Teams, Email, and others.

  • ROX-7534: With the Red Hat Advanced Cluster Security for Kubernetes Operator, you can now configure the enforcement behavior of the admission controller as part of the custom resource setting.

  • ROX-7561: Red Hat Advanced Cluster Security for Kubernetes now supports kernel modules for Ubuntu 16.04 LTS with extended security maintenance (ESM).

Important bug fixes

  • ROX-6326: Previously, users with a large number of namespaces would receive sporadic 504 gateway errors when sending requests to the /v1/namespaces/ endpoint. Red Hat Advanced Cluster Security for Kubernetes includes the updated endpoint, which supports pagination to fix this issue.

Resolved in version 3.64.1

Release date: August 26, 2021

  • ROX-7850: Due to a bug in the previous RHACS Operator image, configuring the proxy support in the Operator Lifecycle Manager would incorrectly send internal traffic through the proxy. The bug caused internal communication failure, and the RHACS services would fail to start. The updated image uses the fully qualified domain names for RHACS services to fix this issue.

  • ROX-7872: The updated Operator image sets the memory limit to 1 GiB and memory requests to 200 MiB to address out-of-memory issues when using the RHACS Operator at scale.

Resolved in version 3.64.2

Release date: September 22, 2021

  • ROX-8008: Previously, you could not use URN-based IdP Issuers while configuring SAML identity providers. This has been fixed.

  • ROX-8033: Due to how Red Hat Advanced Cluster Security for Kubernetes previously addressed its internal service endpoints, OpenShift clusters with enabled proxy failed to download the correct kernel probes.

  • ROX-8034: Previously, if you were using backported 5.11 kernels for Ubuntu 20.04, the Collector sometimes failed on upgrade due to a change in the Ubuntu kernel build.

Important system changes

  • ROX-6258: Red Hat Advanced Cluster Security for Kubernetes now prefixes the optional security context constraint name with stackrox to avoid global naming conflicts.

  • ROX-7318: Previously, violations for port forwards and exec events did not contain information about the user who performed the action that generated the events. The violations now include the user context.

  • ROX-7449: Cluster init bundles contain the secrets required for internal Red Hat Advanced Cluster Security for Kubernetes services to communicate with each other. You can rotate secrets by deleting these, but doing so can cause outages. Red Hat Advanced Cluster Security for Kubernetes now includes an updated deletion workflow that gives a warning about the possible impact of deletion on the environment.

  • ROX-7684: The OpenShift Compliance Operator uses RPM only for querying, and it does not install any packages. Red Hat Advanced Cluster Security for Kubernetes includes a policy exception for this pod by default to reduce the violations count.

Image versions

Image Description Current version

Main

Includes Central, Sensor, Admission Controller, and Compliance. Also includes roxctl for use in continuous integration (CI) systems.

registry.redhat.io/rh-acs/main:3.64.2

Scanner

Scans images and nodes.

registry.redhat.io/rh-acs/scanner:2.18.4

Scanner DB

Stores image scan results and vulnerability definitions.

registry.redhat.io/rh-acs/scanner-db:2.18.4

Collector

Collects runtime activity in Kubernetes or OpenShift Container Platform clusters.

registry.redhat.io/rh-acs/collector:3.3.1-latest