Skip to content

feat: CIS benchmark improvements #1137

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Jun 3, 2025
Merged

feat: CIS benchmark improvements #1137

merged 2 commits into from
Jun 3, 2025

Conversation

jimmidyson
Copy link
Member

Pulling in most of the changes from #1132.

This commit does not include Kubelet CSR Approver because that requires
more invasive changes (e.g. deploying the kubelet-csr-approver service
and reconfiguring kubelet after initial startup.

@jimmidyson jimmidyson mentioned this pull request May 29, 2025
Closed
@jimmidyson jimmidyson force-pushed the jimmi/cis-hardening branch from 0b4b86a to 2fd3565 Compare May 29, 2025 14:13
dkoshkin
dkoshkin approved these changes May 29, 2025
View reviewed changes
Copy link
Contributor

@dkoshkin dkoshkin left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for taking this on, please follow up on my comment for a new handler version.

@jimmidyson
feat: CIS benchmark improvements
f402616 
Pulling in most of the changes from #1132.

This commit does not include Kubelet CSR Approver because that requires
more invasive changes (e.g. deploying the `kubelet-csr-approver` service
and reconfiguring kubelet after initial startup.
@jimmidyson jimmidyson force-pushed the jimmi/cis-hardening branch from 2fd3565 to f402616 Compare June 2, 2025 11:23
winsonsou-nutanix
winsonsou-nutanix approved these changes Jun 2, 2025
View reviewed changes
Copy link

@winsonsou-nutanix winsonsou-nutanix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jimmidyson jimmidyson merged commit 48836ab into main Jun 3, 2025
22 checks passed
@jimmidyson jimmidyson deleted the jimmi/cis-hardening branch June 3, 2025 10:55
@github-actions github-actions bot mentioned this pull request Jun 3, 2025
Merged
dkoshkin added a commit that referenced this pull request Jun 3, 2025
@dkoshkin @github-actions
release(main): v0.29.0 (#1145)
05fbd72 
🤖 I have created a release *beep* *boop*
---


## 0.29.0 (2025-06-03)

<!-- Release notes generated using configuration in .github/release.yaml
at main -->

## What's Changed
### Exciting New Features 🎉
* feat: Explicitly disable profiling for CP components by @jimmidyson in
#1109
* feat: add registry addon by @dkoshkin in
#1116
* feat: use registryMirror addon as Containerd mirror by @dkoshkin in
#1117
* feat: Add k8s version logic for external cloud-provider flag by
@jimmidyson in
#1134
* feat: Update all addon versions by @jimmidyson in
#1139
* feat: generate a self-signed cert for registry addon by @dkoshkin in
#1127
* feat: CIS benchmark improvements by @jimmidyson in
#1137
* feat: update handler version by @dkoshkin in
#1144
### Fixes 🔧
* fix: uses consistent spelling by @faiq in
#1115
* fix: Ensure metallb speaker runs on tainted nodepools by @jimmidyson
in
#1138
* fix: Avoid rollout due to updated auditpolicy handler by @jimmidyson
in
#1147
### Other Changes
* ci: include correct kube-vip version when listing images by @dkoshkin
in
#1113
* build: Update all tools and fix up for golangci-lint v2 by @jimmidyson
in
#1108
* test(e2e): Disable Calico tests by @jimmidyson in
#1120
* test(e2e): Update Nutanix images by @jimmidyson in
#1121
* refactor: Register types with scheme using pattern from Cluster API by
@dlipovetsky in
#1124
* ci: use templating for capx tests by @faiq in
#1123
* test: Return root module root dir when using go.work by @dlipovetsky
in
#1125
* build: Update Docker k8s versions by @jimmidyson in
#1133
* refactor: Remove unnecessary loop vars by @jimmidyson in
#1146


**Full Changelog**:
v0.28.2...v0.29.0

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

---------

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dkoshkin dkoshkin dkoshkin approved these changes

@thunderboltsid thunderboltsid thunderboltsid approved these changes

@dlipovetsky dlipovetsky Awaiting requested review from dlipovetsky

@supershal supershal Awaiting requested review from supershal

+2 more reviewers

@WinsonSou WinsonSou WinsonSou left review comments

@winsonsou-nutanix winsonsou-nutanix winsonsou-nutanix approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@jimmidyson @dkoshkin @thunderboltsid @WinsonSou @winsonsou-nutanix