Tags: mspnp/aks-baseline-regulated
Tags
feat (in-cluster): [ingress-controller] update nginx to v1.11.3 (#102) * upgrade old reference to 1.9.0 to 1.11.3 * snippet annotation no longer allowed in 1.11.3 by default * be explicit about enabling metrics since it is being scraped * ensure the image is the expected one * nginx no longer requires escalation priviledges * nginx requires being able to read the root filesystem * ensure nginx is not runnning as root * add seccomp profile type * inlcude the admission validation service port * Service account for admission now includes the token automount in true * update certgen image version * update sec context to be aligned with new nginx job * update certgen image version for patch container * update sec context to be aligned with new nginx job patch and resinstate fsgroup for create * update deployment docs * bug fix: remove sha256 from acr image imports * bug fix: indent nginx manifest file properly and remove sha256 image names * bug fix: allow-snippet-annotations set to true otherwise workload webui fails * bug fix: add location to rg from e2e validation
feat (infra): [cluster-stamp] migrate arm json to bicep and upgrade k… …8s version (#65) Co-authored-by: Chad Kittel <[email protected]>
AKS Baseline regulated - Bicep migration - Networking files (#63) Co-authored-by: Chad Kittel <[email protected]> Co-authored-by: Fernando Antivero <[email protected]>
AKS Baseline regulated - New Azure Defender for containers feature in… …troduced. (#57) * Policy changes at subscription level and property added to cluster deployment file * More docs updated * Fixed subscription policy set * Changing text in deployment steps according to new defender feature rename * Falco and defender coexisting text * Adding new policy assignment to the list in the subscription step * Runtime scanning of images sentence added * Update docs/deploy/11-gitops.md Co-authored-by: Chad Kittel <[email protected]> * Update docs/deploy/10-pre-bootstrap.md Co-authored-by: Chad Kittel <[email protected]> * Update docs/deploy/11-gitops.md Co-authored-by: Chad Kittel <[email protected]> * Update docs/deploy/13-validation-logs.md Co-authored-by: Chad Kittel <[email protected]> * Update docs/deploy/13-validation-logs.md Co-authored-by: Chad Kittel <[email protected]> * Update docs/deploy/04-subscription.md Co-authored-by: Chad Kittel <[email protected]> * Addressing comments, feature register is no longer needed as it's GA now, updated defender links to new location * Changed defender in cluster policy name and moved to the right place in the list * Update docs/deploy/01-prerequisites.md * Update docs/deploy/04-subscription.md * Update docs/deploy/04-subscription.md Co-authored-by: Chad Kittel <[email protected]> * Update docs/deploy/04-subscription.md Co-authored-by: Chad Kittel <[email protected]>
PreviousNext