Security
Changed
- Updating to the
v1.3.2 version.
Changed
- Updated
policy-reporter to upstream version v3.7.2. - Updated
kyverno to upstream version v1.17.2. - Enabled
HorizontalPodAutoscaler feature for the admission-controller deployment. - Add tolerations for CAPI
node.cluster.x-k8s.io/uninitialized taint.
Changed
- Upgrade cert-manager to v1.19.4.
Added
- Add control plane node toleration to CA injector deployment.
Removed
- Remove PodSecurityPolicy (PSP) and related resources.
- Remove Giant Swarm PSP to PSS migration logic.
Added
- Add cluster-wide permissions for Kyverno PolicyExceptions (
policyexceptions.kyverno.io) to the automation service account.
Added
- Add
io.giantswarm.application.audience and io.giantswarm.application.managed annotations to Chart.yaml to make the app visible to customers in Backstage.
Fixed
- Update
dex to v2.43.1-gs3. Fixes redundant group name prefixing on token refresh that caused intermittent permission denied errors for users authenticating via Azure AD and certain other Dex connectors.
Added
- Add
io.giantswarm.application.managed chart annotation for Backstage visibility.
Changed
- Migrate chart metadata annotations to OCI-compatible format.
- Update
athena to v1.15.2. - Update
ingress-nginx-app to version v4.2.4. - Update
rbac-bootstrap-app to v0.2.3.
Added
- Create AWS cluster role identity roles and bindings when the operator runs in capa.
Changed
- Build with up-to-date pipelines.
- Migrate chart annotations to OCI-compatible format (change
application.giantswarm.io/team to io.giantswarm.application.team, remove config.giantswarm.io/version).
Added
- Add
io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility. - Push to the
default catalog.
Added
- Add
io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.
Changed
- Fix kubernetes version label syntax when using Flux deployments.
- Migrate chart metadata annotations to OCI-compatible format.
