Security
Added
- Add the
image_registry label exposing the image registry.
Changed
- Bump
golang, prometheus, and starboard dependency versions. - Update Grafana dashboard to use plugin version 8.3.2 and the new label.
Fixed
- Fix RBAC rule for fix secret job.
- No changes compared to v1.5.0.
Changed
- Updated Ingress resources in helm chart.
- Add workaround for Chart upgrade not working when not using lets encrypt due to changed secret type.
Added
- Increase
trivy scan Job memory limits to 1G.
Added
- Create RBAC for customer-facing Flux to access organization namespaces.
- Add
automation ServiceAccount to organization namespaces with permissions to handle Flux resources in that namespace by default.
Removed
- Disable policy-reporter monitoring (ServiceMonitors) by default.
Fixed
- Add missing
imagePullSecret.
Fixed
- Match
appVersion to the starboard-operator app version.
Added
- Add
clusterCA in dex authenticator configmap from cluster values. - Add
smoke test scenario to check if the chart can be deployed. - Add schema validation for the
dex-app helm chart.