Security
Changed
- Update to upstream version 0.14.0 (chart version 0.9.0).
- Automatically delete
VulnerabilityReports after 7 days to trigger re-scan. - Only scan the current revision of a ReplicaSet.
Removed
- Remove unused
envSecret values from values.yaml.
Added
- Make pod annotations configurable.
- Bump
golang, prometheus, and starboard versions.
Added
- Support all API versions for CAPI resources
Changed
- Default Azure subscription ID by getting value directly from organization credentials secret.
Fixed
- Fixed
block-bulk-certconfigs-delete policy
Added
- Add
block-bulk-certconfigs-delete policy
Changed
- Don’t return an error in case deletion of legacy organization fails.
Added
- Helm, add configurable container securityContext with secure defaults.
Changed
- Bump
starboard, logr, and controller-runtime dependency versions. - Remove unneeded
releaseRevision annotation from deployment.
Fixed
- Helm, fix incomplete metric name in pods with high/critical CVEs panel
Added
- Add
policies-openstack for OpenStack-specific policies. - Add policy for OpenStack which defaults
failureDomain based on MachineDeployment
request’s machine-deployment.giantswarm.io/failure-domain label.
Changed
- Update to upstream charts: Falco 1.16.2/0.30.0, exporter 0.6.3/0.6.0, sidekick 0.4.4/2.24.0.
Added
- Add user-friendly descriptions to created
ClusterRole resources, via annotations using the giantswarm.io/notes key.
Changed
- Change the CI build process to use architect-orb.
- Adapt code to mitigate warnings occurring for common code checks.
- Modify log messages for updating ClusterRoles.
- Require Go v1.16.
