Workload cluster release azure-29.5.0 for CAPZ

Changes compared to v29.4.0

Components

• cluster-azure from v1.5.0 to v1.6.0
• Flatcar from v3975.2.2 to v4081.2.1
• Kubernetes from v1.29.12 to v1.29.13

cluster-azure v1.5.0…v1.6.0

Changed

• Chart: Reduce default etcd volume size to 50 GB.

Apps

• cilium from v0.25.1 to v0.25.2
• prometheus-blackbox-exporter from v0.4.2 to v0.5.0
• security-bundle from v1.8.2 to v1.9.1
• vertical-pod-autoscaler from v5.3.0 to v5.3.1
• vertical-pod-autoscaler-crd from v3.1.1 to v3.1.2

cilium v0.25.1…v0.25.2

Changed

• Upgrade cilium to v1.15.13.

prometheus-blackbox-exporter v0.4.2…v0.5.0

Changed

• Harden security context to pass PSS compliance.

Removed

• Remove PSP resources.

security-bundle v1.8.2…v1.9.1

Breaking changes

Note: When upgrading to this security-bundle version with Falco enabled, the Falco App will fail to upgrade due to a breaking change in the upstream chart. To finish the upgrade, disable, then re-enable the Falco App by setting apps.falco.enabled=[false|true] in the security-bundle user values Config Map.

Changed

• Update trivy-operator (app) to v0.10.3.
• Update trivy (app) to v0.13.1.
• Update kyverno (app) to v0.18.1.
• Update kyverno-crds (app) to v1.12.0.
• Update kyverno-policies (app) to v0.21.0.
• Update starboard-exporter (app) to v0.8.0.
• Update falco (app) to v0.9.1.

vertical-pod-autoscaler v5.3.0…v5.3.1

Changed

• Chart: Update Helm release vertical-pod-autoscaler to v9.9.1. (#333)

vertical-pod-autoscaler-crd v3.1.1…v3.1.2

Changed

• Chart: Sync to upstream. (#124)