Highlights for the week ending September 30, 2022
User interfaces
The kubectl gs login
command as of v2.23.0 provides a flag --cn-prefix
. This allows to specify the CN of a client certificate issued for workload cluster access, so that the client using the certificate can be mapped to RBAC rules which are bound to a user.
Apps
- dex-app now provides Dex v2.34.0.
- fluent-logshipping-app version v2.0.0: this update supports CRI instead of the docker Format and changes the storage path to not use a tmpfs to not overload the nodes.
- kyverno-app version v0.11.2 updates to upstream version 1.7.3.
- security-pack version 0.8.0 includes new versions of all pack components (listed in this announcement), and finishes the switch to Trivy Operator as the default vulnerability scan manager. It is also the first release to be included in the
giantswarm
catalog. It will be removed from theplayground
catalog in a future release. - security-pack-helper version v0.0.2 initial release supports watching and deleting Kyverno
ReportChangeRequest
resources when they exceed a configured threshold. - starboard-exporter version v0.6.0 disables reconciliation of
CISKubeBenchReports
by default in support of the switch to Trivy Operator. - trivy-app version v0.6.0 updates to Trivy version
0.30.4
. - trivy-operator-app version v0.2.0 updates to Trivy Operator version
0.2.1
, adding support for calling custom webhooks and exposing more configuration options for scan jobs.
Documentation
You’ll now find information about our Cluster API architecture in our docs.