- fix: stress cpu attack uses all configured CPUs not all CPUs available for the target container
- chore: update dependecies (CVE-2024-11187 & CVE-2024-12705)
- Rename some network actions to explicitly contain the term "outgoing"
- Use runc binary from the opencontainers/runc project
- fix: improve container id to be unique by adding the execution id
- Respect the container memory limit for stress-ng based actions
- Add option to disallow containers in certain namespaces
- Update dependencies
- Remove host network usage
- Drop all unneeded capabilities
- Make CAP_SYS_RESOURCE optional
- Use uid instead of name for user statement in Dockerfile
- chore: update dependencies
- fix: Network attack cannot be executed, after a previous attack skipped cleanup for missing container
- chore: update dependencies
- chore: use new signal handle mechanism from extension-kit
- chore: update dependencies
- chore: update dependencies
- fix: network actions if runc debug is enabled
- chore: update dependencies
- fix: only create network excludes which are necessary for the given includes
- fix: aggregate excludes to ip ranges if there are too many
- fix: fail early when too many tc rules are generated for a network attack
- chore: update action_kit_sdk dependency
- feat: change default value for "jitter" in "Network Delay" attack to false
- feat: add memfill attack
- fixed ip rule v6 support check
- chore: update dependencies
- chore: update dependencies
- fix: Don't use the priomap defaults for network attacks, this might lead to unexpected behavior when TOS is set in packets
- fix: Race condition in network attacks reporting attack for namespace still active, when it isn't
- feat: remove the restriction on cgroup2 mounts using nsdelegate
- fixed fallback attributes of AWS availability zones to not include Azure region
- fail actions early when cgroup2 nsdelegation is causing problems
- support cidrs filters for the network attacks
- Update dependencies (go 1.22)
- Added noop mode for diskfill attack to avoid errors when the disk is already full enough
- Update dependencies
- Update dependencies
- Update dependencies
- feat: add
host.domainnameattribute containing the host FQDN
- Update dependencies
- Update dependencies
- Pause container: action will stop if container is restarted
- Update dependencies
- Automatically set the
GOMEMLIMIT(90% of cgroup limit) andGOMAXPROCS - Disallow running mutliple tc configs on the same container
- by default ignore labels for buildpack build and lifecycle metadata
- update depencendies
- update depencendies
- update depencendies
- update depencendies
- update depencendies
- update depencendies
- Fix: don't use ipv6 when kernel module was disabled
- Stress CPU attack: cpu load percentage is based on the container limit
- Add disk fill attack
- Add timeout and recovery for container discovery
- Rework stress-io "Disk Usage" parameter to "MBytes written"
- Update dependencies
- don't follow symlinks when checking for namespace existence
- reduce discovery interval and decouple listing containers from http request
- fix: possible failed rollback of attacks for restarted containers
- fix: possible failed rollback of attacks for restarted containers
- performance improvements
- update dependencies
- added tracing for stress and network attacks
- update dependencies
- added tracing for stress and network attacks
- add pprof-endpoints
- added
DiscoveryAttributeExcludes
- fix invalid character 'i' in literal in runc State func. Do not combine stdout and stderr for json parsing
- fix concurrent map writes in action stop
- Use overlayfs for the sidecar containers reducing cpu consumptions drastically by avoiding to extract the sidecar container over and over again
- Add canonical host.hostname attributes
- Fix regression: use separate UTS namespace when setting hostname on sidecars
- Prevent ip/tc commands being executed for the same net ns concurrently
- Add more trace logs for debugging purposes
- Only generate exclude ip/tc rules for network interfaces that are up
- avoid duplicate tc/ip rules
- update dependencies
- fix: reverting network attacks was mistakenly skipped after pid rollover happened
- ignore container with label
steadybit.com.discovery-disabled"="true"during discovery
- update dependencies
- ignore marked containers during discovery
- migration to new unified steadybit actionIds and targetTypes
- Add mode for stress io attack to choose between read/write and/or flush stress
- update dependencies
- Don't spam the log with missing container warnings on containerd
- Exclude not-running containerd container from discovery
- Exclude pause containers from Kubernetes and ECS in discovery
- Fix error for runc inspecting containers using the systemd cgroup manager
- fix rpm dependencies
- add support for unix domain sockets
- build linux packages
- prefix container labels with
container.
- Bugfix: Blackhole and DNS container isn't reverted properly when container failed (and not the pod)
- New: new container.image attributes for registry, repository, and tag
- Improvement: Logging improved when container couldn't stop because it wasn't found
- Improvement: Error message for failures when starting stress-ng attacks
- Bugfix: Fixed unique container ids for sidecar containers in same pod
- Bugfix: Removing trailing / in container.name
- Bugfix: Datatype for stop-container's
gracefulparameter - Bugfix: Blackhole container isn't reverted properly when container failed (and not the pod)
- Bugfixes
- Conflicting ports when using with extension-host
- Initial release