v0.5.1

Changed

• Use Enforce and Audit validationFailureAction.

v0.5.0

Added

• Add policy to block k8s-initiator-app deployment on CAPA.

v0.4.5

Removed

• Removed check-deprecated-apis-1-22/25 policies since the CRDs are not present anymore.

v0.4.4

Removed

• Remove KustomizeController PolicyException.

v0.4.3

Added

• Push to vsphere app collection.
• Don't push to openstack app collection.
• Add policy exception for kustomize-controller in flux-giantswarm Namespace.
• Added the new registry gsoci.azurecr.io/giantswarm/* and gsociprivate.azurecr.io/giantswarm/*to kyverno-policy enforcing registries.

v0.4.2

Changed

• Added back the previous Aliyun registry to avoid false positives on images that have not been migrated to the new one yet.

Added

• Push to capz app collection.

v0.4.1

Changed

• Change Aliyun registry for Enterprise one.

v0.4.0

Added

• Push to gcp and cloud-director app collection.
• Add external-secrets related policies that restrict the usage of *giantswarm* namespaces service account for secret stores using the kubernetes provider.

Changed

• Remove deprecated validate step from CI.

v0.3.0

Added

• Actually added the crossplane checks to the Helm chart

Changed

• Split deprecated CRD usage checks per kubernetes version and added Helm kubernetes version check condition to them because kyverno fails if those CRDs do not exist anymore (e.g. the cluster was upgraded beyond that version)

v0.2.0

Added

• Add ClusterPolicy to allow managing pkg.crossplane.io/v1/Provider only to subject in the giantswarm:giantswarm:giantswarm-admins group or with the cluster-admin cluster role