1. Docs
  2. Changes and releases
  3. Highlights

Highlights

  • Highlights

    Highlights for the week ending July 27 2023

    Nginx Ingress Controller

    We have spent the last months reworking our nginx-ingress-controller-app by aligning it to the upstream ingress-nginx project. This is necessary to be future-proof, feature compliant, and offer the best ingress experience possible. Therefore we want to announce the first public beta release of our new ingress-nginx chart.

    The stable release v3.0.0 will be cut as soon as all possible bugs have been fixed and improvements have been implemented. For our beta release we added all changes mentioned in our alpha1 release.

    To have a flawless experience we wrote a migration guide. This guide contains a step-by-step guide which replaces your old app deployment to upgrade the chart without any major outages.

    All feedback and questions regarding the beta release, its changes and our migration guide are very welcome. Reach us in the support channel if necessary.

    Warning: Do not install the beta release in production environments.

    Apps

    • flux version v0.24.0. We have improved the security by updating the default securityContext values to comply with our Pod Security Standard policies.
    • crossplane version v2.3.0 We updated Crossplane to v1.12.2 Please check the Crossplane Changelog for all changes announced.
    • external-secrets version v0.6.4. In preparation to have cilium CNI running we have split the original and cilium network policies instead of excluding each other by condition.
  • Highlights

    Highlights for the week ending June 29 2023

    General

    Apps

    • kyverno-app version v0.14.9 adds two new parameters in the configuration of the policy-reporter. Now the policy-reporter scrapeTimeout and interval are configurable. This allows more collection time in clusters with many policies.
    • security-bundle version 1.0.1 is the first release intended to be installed by default on Kubernetes 1.25 and later. It disables PSPs in favor of enforced Kyverno PSS restricted policies. New platform releases are shipped with this new version by default. We will inform you in the platform release notes about the change and steps you need to take to upgrade, as it may require removing or modifying Kyverno or Security Bundle apps prior to upgrade More info about the change can be read here.

    Note: For the clusters running Kubernetes v1.24 or earlier you should continue running security-bundle with pre-1.0.0 bundle versions.

  • Highlights

    Highlights for the week ending June 22 2023

    General

    • Nothing to be announced
  • Highlights

    Highlights for the week ending June 15 2023

    Apps

    This week we would like to announce our first stable app release for following apps:

    These three releases are upgraded to Linkerd v2.13.4. For more Information about the Linkerd v2.13.4 changes, please take a look at the official release notes

  • Highlights

    Highlights for the week ending June 08 2023

    General

    Nothing to be announced

  • Highlights

    Highlights for the week ending June 01 2023

    General

    Nothing to be announced

  • Highlights

    Highlights for the week ending May 25 2023

    General

    Nothing to be announced

  • Highlights

    Highlights for the week ending May 18 2023

    General

    • All management-cluster Flux installations (flux-system, flux-giantswarm) have been upgraded to Flux v0.41.2.
    • All management-cluster External Secret installations have been upgraded to External Secrets [0.8.1](https://github.com/external-secretsNew /external-secrets/releases/tag/v0.8.1)
    • Crossplane has been upgraded to version v2.2.0 for management clusters which support it.

    Apps

    • crossplane version v2.2.0 upgrades crossplane to version v1.11.3 This is a scoped patch release to better support composition functions
    • external-secrets version v0.5.0 upgrades External Secrets operator to version v0.8.1 introduces a new generator for Vault dynamic secrets and allows for the inclusion of metadataPolicy Fetch for supported backend providers
    • flux-app version v0.23.1 upgrades to support Flux toolkit v0.41.2 introduces flux events command to display events for flux resources, improves memory consumption for Helm controller with up to 50% observed reduction and now includes an opt-in OOM watcher allowing for more graceful termination within helm controller.
    • kyverno-app version v0.14.5 introduces a new Job for ensuring Kyverno webhooks are properly deleted when uninstalling the App and replaces a deprecated label.
    • security-bundle version 0.14.3 (and 0.14.2) includes the Kyverno release from this announcement as well as an update to the Trivy app which makes its VPA behavior configurable.
  • Highlights

    Highlights for the week ending May 5, 2023

    Apps

    • falco-app version v0.5.2 adds a new Kyverno PolicyException allowing falco to run in clusters enforcing restricted Pod Security Standards, and replaces a deprecated toleration label.
    • kyverno-app version v0.14.4 introduces a new policy limiting the namespaces where Kyverno PolicyExceptions may be created. By default, customer exceptions may be created only in the policy-exceptions namespace.
    • security-bundle version 0.14.1 (and 0.14.0) includes new the versions of Falco, Kyverno, and Trivy Operator mentioned in this announcement. To make App configuration and diffs easier to work with in GitOps workflows, it also changes the way config values are passed to the bundled Apps: rather than passing a single multi-line string containing each App’s configuration, all keys under the App’s top-level key will be copied into the App’s values. This is a breaking configuration change. Users must change all places where they override default values of a security-bundle App. This is typically a one character change, an example of which is available in our PR changing our sample.
    • trivy-operator-app version 0.4.0 updates to upstream Trivy Operator v0.13.2 and introduces Cilium NetworkPolicies to support scanning in Clilium-based clusters.

    Documentation

    • There is a new guide about achieving compliance with Pod Security Standards (PSS). Future releases will require all workloads to be compliant with these new standards, which differ slightly from the now-deprecated Pod Security Policies (PSP). Depending on your organization’s current security policy, this may require some migration effort, so we have provided this guide to encourage early planning and adoption.
  • Highlights

    Highlights for the week ending April 27, 2023

    General

    Apps

    • datadog v2.5.3: the agent has been upgraded to 7.43.0. The App is promoted to the default Giant Swarm catalog. Take into account in version v2.5.1 there is a migration step required.
    • kong-app v3.1.0: kong ingress controller is upgraded to 2.9.3, kong to 3.2.2. The kong upstream chart 2.19.0 brings these changes inside.

    Documentation

    User interfaces

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.