v0.15.0

[gardener/diki]

⚠️ Breaking Changes

• [USER] Removed rule 2006 from the security-hardened-shoot-cluster ruleset for provider garden since Kubernetes version v1.26 is no longer supported in Gardener v1.114.0 and option enableStaticTokenKubeconfig cannot be set to true. by @gardener-ci-robot [#446]

✨ New Features

• [USER] Security Hardened Shoot Cluster rule 2006 is now skipped. Option spec.kubernetes.kubelet.enableStaticTokenKubeconfig cannot be set to true since Gardener v1.114.0. by @gardener-ci-robot [#446]
• [USER] DISA Kubernetes STIG rule 242399 is now skipped for all providers. Option feature-gates.DynamicKubeletConfig removed in Kubernetes v1.26. by @gardener-ci-robot [#446]
• [USER] Multiple rules that check Pod containers from .spec.containers now also check containers from .spec.initContainers. by @AleksandarSavchev [#434]
• [USER] Release version v0.2.0 of Security Hardened Shoot Cluster Guide. by @AleksandarSavchev [#463]
• [USER] Implementation for rule 1001 from the security-hardened-shoot-cluster ruleset for provider garden. by @georgibaltiev [#462]
• [USER] Implementation for rule 1003 from the security-hardened-shoot-cluster ruleset for provider garden. by @AleksandarSavchev [#454]
• [USER] Implementation for rule 1002 from the security-hardened-shoot-cluster ruleset for provider garden. by @AleksandarSavchev [#433]

🐛 Bug Fixes

• [USER] Fixed a bug which was causing DISA STIG rule 242436 to fail when ValidatingAdmissionWebhook is not set in enable-admission-plugins even though it is defaulted. by @AleksandarSavchev [#453]

Docker Images

• diki-ops: europe-docker.pkg.dev/gardener-project/releases/gardener/diki-ops:v0.15.0
• diki: europe-docker.pkg.dev/gardener-project/releases/gardener/diki:v0.15.0