v0.4.0

Commits

• a38bfcc: 🚩 Expand the scope of the policy toggle (feature flag) so that it encompasses 100% of network policies (ndebuhr)
• ddeee9b: 📌 Pin specific versions, where there are residual "latest" docker images being used - transition to bitnami/kubectl:1.20 (ndebuhr)
• 81038b3: 🧹 Clean up and condense the keycloak initialization system (ndebuhr)
• db592c6: 🔧 Add resource limits for the keycloak initialization verification container (ndebuhr)
• aa1a1ef: 📦 Group network policies, within each template, for improved maintainability (ndebuhr)
• 9280264: 🧪 Enable all features during the GitHub Actions test deployment (ndebuhr)
• c07b35b: 🔍️ Add preconfigured monitoring via Prometheus and Grafana (ndebuhr)
• 8216690: 🔖 Cut a v0.4.0 release (ndebuhr)

v0.3.2

Commits

• 6b6acc8: 📌 Pin the certbot kubectl container to version 1.20 and bump the certbot role binding api version (ndebuhr)
• 2444284: 🔧 Parameterize the workspace installation namespace (ndebuhr)
• baddd12: 🔗 Add hyperlinks to the technology logos in the README.md (ndebuhr)

v0.3.1

Commits

• ac84746: 🚚 Rename the default deny network policy file, to align with naming conventions of the other cluster policies (ndebuhr)
• aafc5a3: 🔒️ Hardening - use a distinct default service account for workstation components, and disable the associated service account token automounting (ndebuhr)
• 955ee62: 🔒️ GKE node hardening - enable shielding, restrict metadata access, and use a leaner, more secure image (ndebuhr)
• af589ec: 🚩 Use a Helm value for enabling/disabling policies (network and OPA) (ndebuhr)
• 98b278b: 🖼️ Update the architecture diagram styling (ndebuhr)
• fe95014: 🔖 Cut a v0.3.1 release (ndebuhr)

v0.3.0

Commits

• c37c506: 🔒️ Hardening - require resource limits to prevent DOS via resource exhaustion (ndebuhr)
• d6b745c: 👁️ Expand the constraint template tracking during OPA setup (ndebuhr)
• fffd832: 💿 Transition to semantic versioning of Docker images (ndebuhr)
• aa6d5a0: 🏷️ Prohibit the use of the "latest" tag across component Docker images (ndebuhr)
• bdf56ac: 🔖 Cut a v0.3.0 release (ndebuhr)

v0.2.2

Commits

• 4df5346: 📝 Update documentation to use a more focused kubectl command, when acquiring the workstation Load Balancer IP (ndebuhr)
• 3dfab4d: 🔒️ Hardening - apply additional security context: read-only root file system and run as non-root (ndebuhr)
• eecdcdb: 🖼️ Add images to the README, for quicker and easier identification of the general workstation architecture/components (ndebuhr)
• 45359cc: 🧩 Install an OPA extension during the code server build (ndebuhr)
• c43d1a3: 🖼️ Shift README image styling to a container attribute approach (ndebuhr)
• 9cdbd9d: 🖼️ Optimize README images - cubic interpolation down to a more suitable 136x136 resolution (ndebuhr)
• c861a15: 🖼️ Further README image optimizations - 100x100 resolution and markdown-based specifications (as opposed to original embedded HTML) (ndebuhr)
• b45bb87: 🎨 Update Open Policy Agent and Keycloak branding (ndebuhr)
• b21b4bc: 🧱 Add an architectural diagram to the README (ndebuhr)
• ad6ca5f: 🔖 Cut a v0.2.2 release (ndebuhr)

v0.2.1

Commits

• 930cfef: 🕒 Increase the wait after cluster prerequisite installations, for more CRD registration breathing room (ndebuhr)
• ee798bd: 🔨 Wrap OPA prerequisite resources creation in a bash script, resulting in cleaner synchronous installs (for both users and CI) (ndebuhr)
• b8c30e2: 👷 Fix the deploy workflow by enabling the execute bit on the OPA install script (ndebuhr)
• 6c3ec06: 👁️ Reduce the complexity and overhead of the vm.max-map-count update utility (ndebuhr)
• a973ce1: 🔖 Cut a v0.2.1 release (ndebuhr)

v0.2.0

Commits

• 4d64997: ⬆️ Bump the SonarQube install to v9.6.4 (ndebuhr)
• 079a078: ⬆️ Bump the Code Server install to v3.10.2 (ndebuhr)
• 097d2ef: 🔒️ Hardening - use network policies for tighter control over cluster traffic (ndebuhr)
• 73b02af: 🩹 Fix a regression caused by novnc/noVNC#1449 (ndebuhr)
• 145ec2a: 🎛️ Be more prescriptive around namespacing, in resource definitions and the README (ndebuhr)
• f839d72: 🏭 Standardize application labeling for cleaner and more consistent resource definitions (ndebuhr)
• e9e27f7: 🚚 Move constraint templates to the Helm crds directory, for more reliable installs and uninstalls (ndebuhr)
• 2b30e53: 🚚 Move the constraint templates to the kubernetes directory - manage these as cluster-level workstation prerequisites (ndebuhr)
• 91a49df: 🕒 Add a wait after the cluster prerequisite installations, to ensure prerequisite services and CRDs settle/stabilize before the Helm install (ndebuhr)
• b17b0f6: 🔖 Cut a v0.2.0 release (ndebuhr)

v0.1.0

🔖 Cut a v0.1.0 release