An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
Big news: We are switching programming languages from Python to Golang! 🎉💯 See #1513
with.mode
option that can be set to mutate
or insecureValidateOnly
, allowing the mutation of the image reference to be toggled on and off (the default is mutate
, meaning references will be mutated; the alternative is considered insecure since it implies that while a trusted image is available, its use is not guaranteed 🤷).resourceValidationMode
, with supported values all
and podsOnly
. all
is the default, causing Connaisseur to block all resources if they fail validation and mutate them if they pass. podsOnly
will still validate all resources but only block and mutate Pod resources, while others are passed through with a warning (similar to PSA). This enhances compatibility with GitOps solutions like ArgoCD by preventing diffs on each reconciliation.with.trustRoot
to *
for a policy is now supported across all validators, allowing AND conjunctions for all defined trust roots within a validator.Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.3.3...v3.3.4
Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.3.2...v3.3.3
Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.3.1...v3.3.2
Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.3.0...v3.3.1
Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.2.0...v3.3.0
note
blocks to mkdocs admonitions https://github.com/sse-secure-systems/connaisseur/pull/1321
Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.1.1...v3.2.0
Fixed some automation problem, which hampered release v3.1.0
Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.1.0...v3.1.1
⚠️ This release has been fixed by release v3.1.1
thanks to @FalacerSelene @hsudbrock @jacobkoren1 and @b3n3d17
Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v3.0.0...v3.1.0
More details on the changes are in our documentation
Full Changelog: https://github.com/sse-secure-systems/connaisseur/compare/v2.8.1...v3.0.0