Added
- Implement
install-modulesinit job to install custom modules on Trivy0.29.2.
Changed
- Update to upstream version
0.4.16/app version0.29.2.
Security
Added
- Make
intervalandscrapeTimeoutconfigurable in the service monitor viamonitoring.serviceMonitor.intervalandmonitoring.serviceMonitor.scrapeTimeout
- Make
Added
- Add giant swarm monitoring annotations for alerting in workload clusters.
Changed
- Update Dex to v2.33.0
Changed
- Increase maximum sustained and burst Kubernetes client rate limits to 75 and 150 requests/second, respectively.
- Update
policy-reporterto v2.11.1 / app v2.8.0.
Added
- Webhook: Add
PodDisruptionBudgetand pod anti-affinity. - Startup API check: Add
NetworkPolicy.
Changed
- Webhook: Increase replica count to 2.
- Webhook: Add
Changed
- Update Dex to v2.33.0 https://github.com/giantswarm/dex-app/pull/205
Changed
- Update
kyvernoto upstream version 1.7.2 / chart version 2.5.2. - Use pre-install CRD install Job to remove storage version
v1alpha1for several Kyverno CRDs. - Set Kyverno to use the
giantswarm-criticalPriorityClass. - Limit maximum ReportChangeRequests per namespace to 100.
- Split PolicyReports into one report per policy to support the RCR limiting and avoid cases where a report doesn’t fit into etcd.
- Update
Changed
- Adjusted detection of changes in roles and role bindings to prevent unnecessary updates during reconciliation
Added
- Added an example of direct app deployment to README
Fixed
- Fixed rendering helm template with empty users and/or roles
Added
- Add CI job to push to
capa-app-collection.
- Add CI job to push to