Changed
- Fix template issue with DNS rules on the
admission-controllerCiliumNetworkPolicy.
Security
Added
- Add CiliumNetworkPolicy.
- Enable PodMonitor for operator metrics.
- Enable Grafana dashboard.
- Enable ClusterImageCatalog for Giant Swarm retagged images.
Added
- Add cleanup policy to remove old
trivy-operatorresources.
Changed
- Enable
cleanup-controllerwith VericalPodAutoscaler by default. - Add missing ingress to
cleanup-controllerCiliumNetworkPolicy. - Add
before-hook-creationdelete-policy for upstream hooks.
- Add cleanup policy to remove old
Added
- Added annotation
helm.sh/resource-policy: keepon CRDs to prevent them from being pruned in an unexpected rollback event.
- Added annotation
Changed
- Remove API check for
HorizontalPodautoscaler.
- Remove API check for
Fixed
- Fixed cilium network policy, added
clusterentity to egress rule.
Changed
- Remove push to app catalog: default, control plane, app collections
- Switched to use recommended
proxy_serveroverauth_serverin tbot config.
- Fixed cilium network policy, added
Changed
- Switched API version from the
HorizontalPodAutoscalerfromautoscaling/v2beta1toautoscaling/v1.
- Switched API version from the
Changed
- Change app catalog from
giantswarmtooperations. - Update to cloudnative-pg v1.23.1 (chart v0.21.2).
- Increase default CPU requests to 250Mi.
- Change app catalog from
Added
- Add Helm labels and annotations for easy CRD adoption in the future.
Changed
- Adapt Kyverno Policy Reporter CiliumNetworkPolicy to allow for DNS resolution of the
kyverno-uiservice. - Disable AdmissionReports and ClusterAdmissionReports cleanup jobs.
Changed
- Update Falco CiliumNetworkPolicy to allow communication with Falco Sidekick.