Highlights for the week ending April 20, 2023
Apps
Security Pack –> Bundle
- The App formerly known as
security-pack
has been renamed tosecurity-bundle
to align its naming with our other bundles and keep our terminology consistent. - security-bundle version 0.13.0 is a major update containing multiple breaking changes since the last release of the
security-pack
. Please review the instructions in the README prior to attempting to upgrade. This release includes the following noteworthy changes, as well as the App updates described in this announcement.- The
security-pack
App has been renamed tosecurity-bundle
. security-bundle
must be installed from thegiantswarm
catalog. It will no longer be published toplayground
.- The default installation namespace has been changed from
security-pack
tosecurity-bundle
. Custom installation namespaces are unaffected by this change. - The key
kyverno-policies
has been renamed tokyvernoPolicies
. App value overrides for thekyverno-policies
App must now be made under thekyvernoPolicies
key. starboard-app
has been removed and is no longer installable from thesecurity-bundle
. Trivy Operator is installed by default and is a full replacement of Starboard. (starboard-exporter
is still actively supported).
- The
Security Bundle Apps
- falco-app version v0.5.1 includes a new Kyverno
PolicyException
permitting Falco to run in clusters enforcingrestricted
Pod Security Standards. - kyverno-app version v0.14.3 updates to Kyverno version 1.9.2 and policy-reporter version 2.18.0. This version includes new Vertical Pod Autoscaler options and performance improvements to increase the
AdmissionReport
processing speed and reduce the number of reports stored in the cluster. - kyverno-policies version v0.18.1 updates to upstream policy version v1.7.5.
- starboard-exporter version v0.7.3 includes several minor bug fixes and improvements to the Helm chart.
- trivy-app version 0.8.0 updates to Trivy v0.37.2, supporting newer scanning options and Trivy database formats.
- trivy-operator-app version 0.3.7 updates to Trivy Operator v0.12.0, enables VPA for the deployment, and includes several additional bug fixes and Helm chart improvements.
Documentation
- linkerd-bundle is now generally available from the
giantswarm
catalog. - aws-load-balancer-controller version 1.3.0 automatically sets the annotations needed for AWS authentication with IRSA.
- external-dns-app version 2.35.1 adds the possibility of injecting any type of credential using values. This is particularly important for installations that rely on the AWS specific values as they will be deprecated in the future. Please read our documentation on this topic for more details.