Highlights for the week ending April 20, 2023

Apps

Security Pack –> Bundle

  • The App formerly known as security-pack has been renamed to security-bundle to align its naming with our other bundles and keep our terminology consistent.
  • security-bundle version 0.13.0 is a major update containing multiple breaking changes since the last release of the security-pack. Please review the instructions in the README prior to attempting to upgrade. This release includes the following noteworthy changes, as well as the App updates described in this announcement.
    • The security-pack App has been renamed to security-bundle.
    • security-bundle must be installed from the giantswarm catalog. It will no longer be published to playground.
    • The default installation namespace has been changed from security-pack to security-bundle. Custom installation namespaces are unaffected by this change.
    • The key kyverno-policies has been renamed to kyvernoPolicies. App value overrides for the kyverno-policies App must now be made under the kyvernoPolicies key.
    • starboard-app has been removed and is no longer installable from the security-bundle. Trivy Operator is installed by default and is a full replacement of Starboard. (starboard-exporter is still actively supported).

Security Bundle Apps

  • falco-app version v0.5.1 includes a new Kyverno PolicyException permitting Falco to run in clusters enforcing restricted Pod Security Standards.
  • kyverno-app version v0.14.3 updates to Kyverno version 1.9.2 and policy-reporter version 2.18.0. This version includes new Vertical Pod Autoscaler options and performance improvements to increase the AdmissionReport processing speed and reduce the number of reports stored in the cluster.
  • kyverno-policies version v0.18.1 updates to upstream policy version v1.7.5.
  • starboard-exporter version v0.7.3 includes several minor bug fixes and improvements to the Helm chart.
  • trivy-app version 0.8.0 updates to Trivy v0.37.2, supporting newer scanning options and Trivy database formats.
  • trivy-operator-app version 0.3.7 updates to Trivy Operator v0.12.0, enables VPA for the deployment, and includes several additional bug fixes and Helm chart improvements.

Documentation

  • linkerd-bundle is now generally available from the giantswarm catalog.
  • aws-load-balancer-controller version 1.3.0 automatically sets the annotations needed for AWS authentication with IRSA.
  • external-dns-app version 2.35.1 adds the possibility of injecting any type of credential using values. This is particularly important for installations that rely on the AWS specific values as they will be deprecated in the future. Please read our documentation on this topic for more details.

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.