Connectivity
Fixed
- Fix Cilium pod being restarted too soon – instead of every 15 minutes – in case of failed regeneration recovery. This was because creation date parsing failed.
Added
- Chart: Sync to upstream. (#687)
- Chart: Explicitly set
runAsGroup.
Changed
- Update kong ingress controller to 3.1.6
- Update kong gateway to 3.6.1.7
- Enable ServiceMonitor by default, with relabelings for
node and app labels. - Update kubectl-apply-job to 0.8.0 for enabling
readOnlyRootFilesystem: true for kubectl CRD install job container.
Added
- Chart: Sync to upstream. (#673)
- Values: Add
controller.disableLeaderElection. - Values: Add
controller.electionTTL.
Changed
- Chart: Sync to upstream. (#673)
- Controller: Update image to
v1.11.1.
Changed
- Make the app visible for all providers.
Changes
- Update kubectl-apply-job to 0.8.0 for enabling
readOnlyRootFilesystem: true for kubectl CRD install job container.
Changed
- Reduce security exceptions #89.
- Enable readOnly FS moving config to emptyDir volume.
- Remove
NET_ADMIN and drop ALL capabilities. - Add
NET_BIND_SERVICE capability. - Add policy exception for
require-non-root-groups/autogen-check-runasgroup. - Remove disallow-capabilities-* policy exceptions.
Changed
- Deployments/DaemonSets: Make pod affinity templatable. (#654)
- ServiceMonitor: Relabel app & node. (#654)
