Kubernetes - Helm 2.20.1 EA branch: GKE Autopilot Support, priority class enhancements
Type: New Feature
Description:
The following features have been added to the Helm EA branch:
Support GKE Autopilot clusters (version 1.25 and above) via helm flag: --set platform=gke.autopilot
Allow specifying priority class per agent. Set 'cluster-critical' and 'node-critical' priority class for agents by default
Autopilot Supported Blades: Inventory, Compliance, Image Assurance, Admission Controller and Threat Intelligence
Known limitations:
Auto-detection of Autopilot is not supported (i.e., installation may fail if platform is not set explicitly)
Autopilot versions prior to 1.25 are not supported
Helm 2.20.0 Release Content
Image Assurance 2.21.0:
Improvements for slow networks and large images
Runtime Protection | runtime-daemon 1.6.2, runtime-probe 0.30.2-cp-3, runtime-cos-compat 0.0.9
Google COS support for File Reputation engine
Security enhancements
Profiling engine improvements - better detection of startup event
Reduced Memory & CPU footprint
All features
FluentBit removal
2.19.1: IA: Artifactory auto-discovery, CRI v1 etc.; RP: enhancement.
Image Assurance 2.20.1
Support JFrog Artifactory auto-discovery
When onboarding an Artifactory instance to CloudGuard you should provide the FQDN of the Artifactory server. CloudGuard will scan images of all discovered sub-registries
Agents load updated registry credentials and CA bundle without requiring a restart
CRI: support v1 API following v1alpha2 removal
CRI-O/Openshift: support nodes without podman, do not use podman if possible
Runtime Protection - daemon 1.0.0, probe 0.28.0-cp-7
Logging enhancements
Telemetry enhancements
Security enhancements