Security

• Apr 22, 2025 Security teleport-kube-agent-app v0.10.5
  • Set Home URL in chart metadata.
• Apr 16, 2025 Security cert-manager-app v3.9.1

  Added

  • Added Vertical Pod Autoscaler support for controller pods.
  • Added renovate configutarion

  Removed

  • Removed dependabot configuration
• Apr 1, 2025 Security starboard-exporter v0.8.1

  Changed

  • Address new code linter findings for golangci-lint v2.
  • Update Go version and various dependencies.
• Mar 20, 2025 Security cloudnative-pg-app v0.0.7

  Added

  • Push to CAPI app collections.

  Changed

  • grafana dashboard: load it to Shared Org (public) organization
• Mar 18, 2025 Security teleport-kube-agent-app v0.10.4

  Added

  • Add headless service on diag port 3000.

  Changed

  • Migrated to ABS
• Mar 17, 2025 Security trivy-app v0.13.4

  Changed

  • Add API capabilities check for Kyverno PolicyExceptions before switching to v2.
• Mar 17, 2025 Security trivy-app v0.13.3

  Changed

  • Make livenessProbe.initialDelaySeconds configurable.
• Mar 17, 2025 Security rbac-operator v0.42.0

  Added

  • Added support for read-all-customer-groups bindings.

  Changed

  • Change ownership to Team Shield
• Feb 25, 2025 Security kyverno-policies v0.23.0

  Added

  • Add supplemental security and best practices policies:
    • check-resources-request-and-limits-ratio
    • check-serviceaccount-secrets
    • disallow-gitrepo-volume
    • disallow-latest-tag
    • prevent-bare-pods
    • require-container-requests-and-limits
    • require-emptydir-requests-and-limits
    • require-pod-probes
    • restrict-binding-clusteradmin
    • restrict-binding-system-groups
    • restrict-sa-automount-sa-token
• Feb 25, 2025 Security trivy-app v0.13.2

  Changed

  • Narrow down CiliumNetworkPolicy egress rule to match DNS service only.
  • Narrow down CiliumNetworkPolicy ingress rule to allow traffic from namespace.

• Older entries