Security
Added
- Add write-silences for flux automation account in every org-namespace
Changed
- Changed YAML multiline from
>- to |-
Added
- Support gs admin callback URI and gs cli trusted peer in WC templating.
Fixed
- Remove
app-operator-*-chart ClusterRole and ClusterRoleBinding for old app-operator versions.
Added
- Add new roles and cluster roles to app-operators when a cluster namespace is created and clean them up when the cluster namespace is destroyed
Removed
- Remove
app-operator-* ClusterRole and ClusterRoleBinding for old app-operator versions. - Remove
write-flux-resources-customer-sa ClusterRoleBinding.
Removed
- Remove Job that allowed recreation of certificate secrets when upgrading and disabled lets encrypt.
Changed
- Update Dex to
v2.31.1. - Increase detail in token refresh logs for debugging purposes.
- Support GS specific OIDC group prefixing for password connector types (e.g. LDAP)
Added
- Create
flux-crd-controller and flux-namespace-reconciler RoleBindings in cluster namespace.
Changed
- Update CI (architext-orb)
Added
- Push to OCI registry on build.
Changed
- Remove public kubernetes api port in k8s-authenticator configmap template for MCs since the port is already included in the address.
- Add team annotation
Added
- Spread (jitter) re-queueing of reports by +/- 10% by default to help smooth resource utilization.
Added
- Reconcile and expose metrics for
ConfigAuditReport custom resources. Requires Starboard v0.15.0 or above.
Changed
- Move crds subtree out of upstream chart.
- Use crd-install pre-install job.
- Move specs subtree out of upstream chart.
- Use spec-install post-install job.
