1. Docs
  2. Changes and releases
  3. Security

Security

  • Security external-secrets v0.6.0

    Added

    • Added node-role.kubernetes.io/control-plane to crd install jobs toleration

    Changed

    • Updated templates to consistently use {{ include "external-secrets.name" . }} instead of {{ include "external-secrets.fullName" . }}
      • The conversion webhook on CRDs use {{ include "external-secrets.name" . }}
      • The ClusterRole previously called {{ include "external-secrets.fullName" . }}-servicebindings was renamed to {{ include "external-secrets.name" . }}-servicebindings
      • The external-secrets service account was renamed from using external-secrets.fullName to external-secrets.name by default

    Changed

    • Update external-secrets to v0.8.3
  • Security rbac-operator v0.33.5

    Fixed

    • Ensured that Automation SA in the default namespace is only updated in case there are actual changes
  • Security cert-manager-app v2.22.0

    Changed

    • Install giantswarm-selfsigned ClusterIssuer regardless of global.giantSwarmClusterIssuer.install value. It is required as a default component for Giant Swarm cluster installations.
  • Security kyverno-app v0.14.6

    Added

    • Add ClusterPolicy restrict-policy-kind-wildcards to prevent running (Cluster)Policies which match all API Kinds.
    • Add PolicyException for Giant Swarm’s chart-operator.
  • Security kyverno-policies v0.19.0

    Changed

    • Enable PSS Restricted policies by default.

    Removed

    • Stop pushing to openstack-app-collection.
  • Security kyverno-app v0.14.5

    Added

    • Add a webhooks cleanup job for ensuring deletion of Kyverno webhooks on chart uninstall.

    Changed

    • Replace deprecated toleration node-role.kubernetes.io/master with node-role.kubernetes.io/control-plane on CRD install job.
  • Security trivy-app v0.8.1

    Added

    • Add Cilium Network Policy to trivy.
    • Added Kyverno PolicyException for trivy-app.

    Changed

    • Modified the VerticalPodAutoscaler to make the Container Policies configurable.
    • Moved the VerticalPodAutoscaler.enabled flag to VerticalPodAutoscaler.trivy.enabled to align with other Apps.
  • Security rbac-operator v0.33.4

    Removed

    • Stop pushing to openstack-app-collection.
  • Security rbac-operator v0.33.3

    Changed

    • Update dependency gin to v1.9.0

    Fixed

    • Fixed read-all clusterRole to append pods/log policy rule once
    • Fixed reconciling subjects in existing organization namespace role bindings
  • Security dex-app v1.34.2

    Changed

    • Changed log level to info

This part of our documentation refers to our vintage product. The content may be not valid anymore for our current product. Please check our new documentation hub for the latest state of our docs.