Changed
- prometheus remote-writes: filter on URL
Changes and Releases
Updates on Giant Swarm workload cluster releases, apps, UI improvements and documentation changes.
Added
- Controller: Add
controller.enableAnnotationValidations. (#536) - OpenTelemetry: Add
controller.opentelemetry.resources. (#536) - Values: Add
global.podSecurityStandards.enforced. (#544)
Changed
- Image: Update to
v1.9.0. (#536) - Deployment/DaemonSet: Make
controller.topologySpreadConstraintsan array. (#536)
NOTE: This is part of our alignment to upstream. Please convert any overrides ofcontroller.topologySpreadConstraintsto an array, too. - Tests: Upgrade dependencies & remove explicit ATS version. (#538)
- Service: Fix wildcard subdomain. (#539)
- Chart: Tighten
securityContexts and Pod Security Policies. (#540) - OpenTelemetry: Use own registry. (#541)
- Admission Webhooks: Update
kube-webhook-certgenimage tov20231011-8b53cabe0. (#542) - Image: Update to
v1.9.3. (#547)
Removed
- Controller: Drop support for
controller.kind: Both. (#547)
- Controller: Add
Added
- Controller: Add
controller.enableAnnotationValidations. (#536) - OpenTelemetry: Add
controller.opentelemetry.resources. (#536) - Values: Add
global.podSecurityStandards.enforced. (#544)
Changed
- Image: Update to
v1.9.0. (#536) - Deployment/DaemonSet: Make
controller.topologySpreadConstraintsan array. (#536)
NOTE: This is part of our alignment to upstream. Please convert any overrides ofcontroller.topologySpreadConstraintsto an array, too. - Tests: Upgrade dependencies & remove explicit ATS version. (#538)
- Service: Fix wildcard subdomain. (#539)
- Chart: Tighten
securityContexts and Pod Security Policies. (#540) - OpenTelemetry: Use own registry. (#541)
- Admission Webhooks: Update
kube-webhook-certgenimage tov20231011-8b53cabe0. (#542) - Image: Update to
v1.9.3. (#547)
Removed
- Controller: Drop support for
controller.kind: Both. (#547)
- Controller: Add
Added
- cert-manager-giantswarm-clusterissuer: Allow setting
hostedZoneIDforroute53DNS01 challenge. - cert-manager-giantswarm-clusterissuer: Make
accessKeyIDandsecretAccessKeyoptional forroute53DNS01 challenge.
- cert-manager-giantswarm-clusterissuer: Allow setting
Added
- cert-manager-giantswarm-clusterissuer: Allow setting
hostedZoneIDforroute53DNS01 challenge. - cert-manager-giantswarm-clusterissuer: Make
accessKeyIDandsecretAccessKeyoptional forroute53DNS01 challenge.
- cert-manager-giantswarm-clusterissuer: Allow setting
Highlights for the week ending October 10 2023
Apps
security-bundle versions 1.1.0 and 0.18.0 With these two releases we include two new tools supporting migration away from Pod Security Policies,
exception-recommenderandkyverno-policy-operator. Withexception-recommenderanalyzes the current policy reports in a cluster get analyzed and based on the results a Giant SwarmPolicyExceptionDraftsgets generated. Once the drafts have been reviewed and accepted,kyverno-policy-operatortakes the resulting Giant SwarmPolicyExceptionsand generates the necessary Kyverno resources to allow workloads to continue running.Documentation
We have started the migration away from Pod Security Policies! Therefore we have added a cluster administrator migration guide containing all information about the new Policy API and all the assistive tooling available to help you securely migrate workloads off of PSPs. Reach out for any questions regarding the Pod Security Policies to Pod Security Standards migration