Security

• Jul 25, 2024 Security dex-app v1.42.12

  Fixed

  • Bump dex to v2.37.1-gs1 to fix critical CVEs.
• Jul 18, 2024 Security kyverno-app v0.17.15

  Changed

  • Set VPA max 6 CPU / 24Gi memory and adjust default requests/limits for reports-controller.
  • Set VPA max 4 CPU / 8Gi memory and adjust default requests/limits for background-controller.
  • Set starting CPU limit of request+25% for cleanup-controller.

  Removed

  • Disable Kyverno CRDs install Job in favor of kyverno-crds App.
• Jul 18, 2024 Security dex-app v1.42.11

  Changed

  • Default ingress.tls.clusterIssuer values to letsencrypt-giantswarm
  • Update cert-manager.io/cluster-issuer annotation to use default.
• Jul 16, 2024 Security teleport-kube-agent-app v0.9.2

  Changed

  • Introduced podAntiAffinity so teleport-kube-agent pods run on different control-plane nodes also increased the number of replicas to 3 to maintain better high availability.
• Jul 10, 2024 Security cert-manager-app v3.8.0

  Fix

  • Improves cainjector’s Vertical Pod Autoscaler
• Jul 9, 2024 Security auth-bundle v0.2.0
  • added support for simplified configuration of the auth bundle apps, which minimizes the number pf properties the user needs to provide manually.
• Jul 8, 2024 Security cert-manager-app v3.7.9

  Fix

  • Remove quotes from acme-http01-solver-image argument. The quotes are used when looking up the image which causes an error.
• Jul 3, 2024 Security cert-manager-app v3.7.8

  Added

  • Improves container security by setting runAsGroup and runAsUser greater than zero for all deployments.
• Jun 19, 2024 Security teleport-kube-agent-app v0.9.1

  Changed

  • Changed the way registry is being parsed in helm templates
• Jun 18, 2024 Security cert-manager-app v3.7.7

  Changed

  • Changed the way registry is being parsed in helm templates
  • Enable VPA by default

• Newer entries
• Older entries