Felix Wolf 33c52be1c5 feat(pss): drop 5 namespaces from PSS privileged to restricted ... argocd, cert-manager, cloudnative-pg already compliant — label flip only. ocis: add overlay injecting seccompProfile=RuntimeDefault, drop ALL caps, allowPrivilegeEscalation=false across all chart Deployments/CronJobs; patch idm initContainer; harden custom precheck Job; refactor s3-backup to rclone/rclone image (avoids apk-add-as-root). victoria-metrics-single: overlay sets full restricted SC on the StatefulSet that ships with empty securityContext: {}. forgejo, traefik, kube-system stay privileged (hostPort / CSI driver). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>		2026-05-03 01:24:59 +02:00
..
argocd	feat(pss): drop 5 namespaces from PSS privileged to restricted	2026-05-03 01:24:59 +02:00
cert-manager	feat(pss): drop 5 namespaces from PSS privileged to restricted	2026-05-03 01:24:59 +02:00
cloudnative-pg	feat(pss): drop 5 namespaces from PSS privileged to restricted	2026-05-03 01:24:59 +02:00
forgejo	fix(forgejo): force-replace argocd-deploy-key-init Job	2026-05-03 00:05:45 +02:00
grafana	fix(grafana): Use existing secret for admin credentials	2026-04-04 16:59:58 +02:00
hcloud-csi	feat: Migrate Forgejo to CNPG PostgreSQL + Hetzner CSI volumes	2026-04-03 16:37:13 +02:00
kube-state-metrics	feat: Add VictoriaMetrics monitoring stack	2026-03-31 00:20:23 +02:00
kubernetes-secret-generator	feat: replace secret-init Jobs with mittwald operator + cert-manager	2026-05-03 00:00:07 +02:00
metrics-server	feat: Add metrics-server for pod/node resource metrics	2026-04-04 14:34:32 +02:00
node-exporter	feat: Add VictoriaMetrics monitoring stack	2026-03-31 00:20:23 +02:00
ocis	feat(pss): drop 5 namespaces from PSS privileged to restricted	2026-05-03 01:24:59 +02:00
traefik	fix(ocis): resolve large file upload timeouts and enable stale upload cleanup	2026-04-24 20:12:24 +02:00
victoria-metrics-single	feat(pss): drop 5 namespaces from PSS privileged to restricted	2026-05-03 01:24:59 +02:00