Security
Added
- Implement
install-modules init job to install custom modules on Trivy 0.29.2.
Changed
- Update to upstream version
0.4.16/app version 0.29.2.
Added
- Make
interval and scrapeTimeout configurable in the service monitor via monitoring.serviceMonitor.interval and monitoring.serviceMonitor.scrapeTimeout
Added
- Add giant swarm monitoring annotations for alerting in workload clusters.
Changed
Changed
- Increase maximum sustained and burst Kubernetes client rate limits to 75 and 150 requests/second, respectively.
- Update
policy-reporter to v2.11.1 / app v2.8.0.
Added
- Webhook: Add
PodDisruptionBudget and pod anti-affinity. - Startup API check: Add
NetworkPolicy.
Changed
- Webhook: Increase replica count to 2.
Changed
- Update
kyverno to upstream version 1.7.2 / chart version 2.5.2. - Use pre-install CRD install Job to remove storage version
v1alpha1 for several Kyverno CRDs. - Set Kyverno to use the
giantswarm-critical PriorityClass. - Limit maximum ReportChangeRequests per namespace to 100.
- Split PolicyReports into one report per policy to support the RCR limiting and avoid cases where a report doesn’t fit into etcd.
Changed
- Adjusted detection of changes in roles and role bindings to prevent unnecessary updates during reconciliation
Added
- Added an example of direct app deployment to README
Fixed
- Fixed rendering helm template with empty users and/or roles
Added
- Add CI job to push to
capa-app-collection.
