Security
Added
- Initial version of the RBAC bootstrapping app
Changed
- Update to upstream version 0.14.0 (chart version 0.9.0).
- Automatically delete
VulnerabilityReports after 7 days to trigger re-scan. - Only scan the current revision of a ReplicaSet.
Removed
- Remove unused
envSecret values from values.yaml.
Added
- Make pod annotations configurable.
- Bump
golang, prometheus, and starboard versions.
Added
- Support all API versions for CAPI resources
Changed
- Default Azure subscription ID by getting value directly from organization credentials secret.
Fixed
- Fixed
block-bulk-certconfigs-delete policy
Added
- Add
block-bulk-certconfigs-delete policy
Changed
- Don’t return an error in case deletion of legacy organization fails.
Added
- Helm, add configurable container securityContext with secure defaults.
Changed
- Bump
starboard, logr, and controller-runtime dependency versions. - Remove unneeded
releaseRevision annotation from deployment.
Fixed
- Helm, fix incomplete metric name in pods with high/critical CVEs panel
Added
- Add
policies-openstack for OpenStack-specific policies. - Add policy for OpenStack which defaults
failureDomain based on MachineDeployment
request’s machine-deployment.giantswarm.io/failure-domain label.
Changed
- Update to upstream charts: Falco 1.16.2/0.30.0, exporter 0.6.3/0.6.0, sidekick 0.4.4/2.24.0.