Security
Added
- Add CiliumNetworkPolicy.
- Enable PodMonitor for operator metrics.
- Enable Grafana dashboard.
- Enable ClusterImageCatalog for Giant Swarm retagged images.
Added
- Add cleanup policy to remove old
trivy-operator resources.
Changed
- Enable
cleanup-controller with VericalPodAutoscaler by default. - Add missing ingress to
cleanup-controller CiliumNetworkPolicy. - Add
before-hook-creation delete-policy for upstream hooks.
Added
- Added annotation
helm.sh/resource-policy: keep on CRDs to prevent them from being pruned in an unexpected rollback event.
Changed
- Remove API check for
HorizontalPodautoscaler.
Fixed
- Fixed cilium network policy, added
cluster entity to egress rule.
Changed
- Remove push to app catalog: default, control plane, app collections
- Switched to use recommended
proxy_server over auth_server in tbot config.
Changed
- Switched API version from the
HorizontalPodAutoscaler from autoscaling/v2beta1 to autoscaling/v1.
Changed
- Change app catalog from
giantswarm to operations. - Update to cloudnative-pg v1.23.1 (chart v0.21.2).
- Increase default CPU requests to 250Mi.
Added
- Add Helm labels and annotations for easy CRD adoption in the future.
Changed
- Adapt Kyverno Policy Reporter CiliumNetworkPolicy to allow for DNS resolution of the
kyverno-ui service. - Disable AdmissionReports and ClusterAdmissionReports cleanup jobs.
Changed
- Update Falco CiliumNetworkPolicy to allow communication with Falco Sidekick.
- changed: README.md to include more information.
