Security
Changed
- Bumped DaemonSet
updateStrategy.rollingUpdate.maxUnavailable to 10% so chart upgrades on larger management clusters can finish within the Flux HelmRelease timeout.
Changed
- Values: Tolerate
node.cloudprovider.kubernetes.io/uninitialized. - Values: Ignore taints regardless of value.
- Values: Pass HTTP proxy settings to sub-chart.
Changed
- Updated
trivy to upstream version v0.70.0.
Changed
- Updated
falco to upstream version v0.44.0. - Updated
k8s-metacollector to upstream version v0.1.2.
Added
- Add
io.giantswarm.application.audience and io.giantswarm.application.managed chart annotations for Backstage visibility.
Changed
- Update cloudnative-pg to v1.29.1 (upstream chart v0.28.2).
- Limit the namespaces watched by the operator to those where we currently expect Giant Swarm postgresql clusters.
- Migrate chart metadata annotations to OCI-compatible format.
Added
- Add
io.giantswarm.application.managed chart annotation for Backstage visibility. - Add optional
cluster-reader ClusterRole (off by default, enabled via clusterReader.enabled: true) that aggregates into the built-in view ClusterRole and grants read access (get/list/watch) on cluster-scoped resources.
Changed
- Migrate chart metadata annotations to OCI-compatible format.
Changed
- Updated
teleport-kube-agent to upstream version v18.7.6.
Changed
- Updating to the
v2.4.1 version.
BREAKING CHANGES
Changed
- Updating to the
v1.3.2 version.
Changed
- Updated
policy-reporter to upstream version v3.7.2. - Updated
kyverno to upstream version v1.17.2. - Enabled
HorizontalPodAutoscaler feature for the admission-controller deployment. - Add tolerations for CAPI
node.cluster.x-k8s.io/uninitialized taint.
