Security
Changed
- Add default audit log config file to
KubeadmControlPlane.
Changed
- Push to
giantswarm app catalog.
Changed
- Push to
giantswarm app catalog.
Added
- Added some chart metadata
Added
- Added
securityContext attribute to all deployments. - Add
application.giantswarm.io/values-schema and application.giantswarm.io/readme annotations to Chart.yaml; use app-build-suite to generate application.giantswarm.io/metadata.
Changed
- Run two replicas of
dex. - Update README for clarity.
- Update some role descriptions.
- Enhance log messages in the bootstrapping part, remove unneeded messages.
Added
- Add
externalresources resource that binds read-default-catalogs and read-releases roles for any subject with org-namespace access. - Add creation of
read-default-catalogs Role. - Add creation of
read-releases ClusterRole. - Improve logging for the
orgpermissions, clusternamespace, and rbac controllers.
- make PDB version conditional based on available API
Added
- Add cluster-namespace controller which ensures that RBAC resources to access resources in cluster namespaces can be granted to those with access to the clusters organization
- Add bootstrapping for the
read-cluster-apps and write-cluster-apps clusterRoles. - Add update option for
orgReadClusterRoleBinding resource.
Changed
- The
write_all_group configuration key is now optional.
Added
- Add the
image_registry label exposing the image registry.
Changed
- Bump
golang, prometheus, and starboard dependency versions. - Update Grafana dashboard to use plugin version 8.3.2 and the new label.
