Managed Apps
Changed
- Push starboard-app to AWS, Azure, and VMWare collections.
Changed
- Use in-cluster Trivy by default.
- Scan all namespaces by default.
- Add PodSecurityPolicy.
- Add NetworkPolicy (for operator only).
- Add expanded PSP for enabling CIS benchmarks.
Added
- Initial trivy resources.
- Basic NetworkPolicy resources.
Changed
- Add appropriate labels to CRDs.
Changed
- Change dex image to fix refreshing token
Changed
- Make easier the configuration for Workload Clusters.
- Bring the changes needed to run in Kubernetes 1.21.
Changed
- Internal change: Stop publishing nginx-ingress-controller-app to default catalog. (#235)
- Disallow the controller Ingress to parse and add *-snippet annotations created by the user. This can be changed by setting
controller.allowSnippetAnnotations to true.
We recommend enabling this option only if you TRUST users with permission to create Ingress objects, as this may allow a user to add restricted configurations to the final nginx.conf file.
This is a mitigation against CVE-2021-25742.
(#238)
Changed
- Disallow the controller Ingress to parse and add *-snippet annotations/directives created by the user. This can be changed by setting
controller.enableSnippetDirectives to true.
We recommend enabling this option only if you TRUST users with permission to create Ingress objects, as this may allow a user to add restricted configurations to the final nginx.conf file.
This is a mitigation against CVE-2021-25742.
(#237)
