Security
Changed
- Update to upstream version
0.4.13/app version 0.28.1.
Added
- Allow selectively enabling/disabling controllers for each report type.
Fixed
- Automatically try to execute
cmctl upgrade migrate-api-version in crd install job to upgrade stored apiversions (#245)
Added
- Replace
|- with | in CA templating.
Added
- Enforce the management cluster name in workload cluster info and automatically fill in the CA.
Fixed
- Fix broken relative link in README
Changed
- Upgrade to upstream image
v1.7.3 which increases some hard-coded timeouts for certain ACME issuers (ZeroSSL and Sectigo) (#243) - Update kubectl container version to
1.24.2 (#243)
Announcements
- Important: the
latest tag alias is being removed. Some users have reported issues using the latest tag on our hosted registries (Docker Hub, Quay, etc.). We advise against using latest tags and don’t use them ourselves, so this tag is not kept up to date. Please switch to using a tagged version. We will be removing the latest tag from our public registries in the near future to avoid confusion.
Added
- Add missing monitoring options in the Helm chart values.yaml.
- Support sharding report metrics across multiple instances of the exporter.
- Set
runAsNonRoot and use RuntimeDefault seccomp profile. - Make replica count configurable in Helm values.
- Add configurable tolerations to Helm values.
- Reconcile and expose metrics for
CISKubeBenchReport custom resources.
Fixed
- Fixed broken relative URLs in the README
Changed
- Upgrade to upstream image
v1.7.2 (#204). This version completely removes cert-manager API versions v1alpha2, v1alpha3, and v1beta1. If you need to upgrade your resources, this document explains the process. - Update pytest-helm-charts to version 0.7.0 and adjust dependencies (#239)
- Update kubectl container version to
1.24.1 (#204)
Fixed
- Update the kyverno CRDS to align with v1.6.2 version.
