Highlights for the week ending September 30, 2022

User interfaces

The kubectl gs login command as of v2.23.0 provides a flag --cn-prefix. This allows to specify the CN of a client certificate issued for workload cluster access, so that the client using the certificate can be mapped to RBAC rules which are bound to a user.

Apps

  • dex-app now provides Dex v2.34.0.
  • fluent-logshipping-app version v2.0.0: this update supports CRI instead of the docker Format and changes the storage path to not use a tmpfs to not overload the nodes.
  • kyverno-app version v0.11.2 updates to upstream version 1.7.3.
  • security-pack version 0.8.0 includes new versions of all pack components (listed in this announcement), and finishes the switch to Trivy Operator as the default vulnerability scan manager. It is also the first release to be included in the giantswarm catalog. It will be removed from the playground catalog in a future release.
  • security-pack-helper version v0.0.2 initial release supports watching and deleting Kyverno ReportChangeRequest resources when they exceed a configured threshold.
  • starboard-exporter version v0.6.0 disables reconciliation of CISKubeBenchReports by default in support of the switch to Trivy Operator.
  • trivy-app version v0.6.0 updates to Trivy version 0.30.4.
  • trivy-operator-app version v0.2.0 updates to Trivy Operator version 0.2.1, adding support for calling custom webhooks and exposing more configuration options for scan jobs.

Documentation

You’ll now find information about our Cluster API architecture in our docs.

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.