Polycrate CLI 0.29.10 released: Security Hardening

Polycrate CLI version 0.29.10 focuses on security, bringing comprehensive Kubernetes hardening for the Operator according to NIST SP 800-190 and CIS Benchmark.

Kubernetes Security Hardening

The Operator image has been hardened according to common security standards and is now available as a rootless image by default:

Security Features:

• Non-root User (UID 1000)
• Read-only Root Filesystem
• Dropped Capabilities (ALL)
• Seccomp RuntimeDefault
• NetworkPolicy for Namespace Isolation

# New Security Configuration
blocks:
  - name: polycrate-operator
    config:
      security:
        enabled: true
        run_as_non_root: true
        read_only_root_filesystem: true
        network_policy:
          enabled: true

Compliance:

• NIST SP 800-190 (Container Security)
• NSA/CISA Kubernetes Hardening Guidance
• CIS Kubernetes Benchmark

DNS Validation for Endpoints

The Operator now validates hostnames via DNS lookup before reporting them as endpoints to the API:

• Wildcard hostnames (*.example.com) are automatically skipped
• Non-resolvable hostnames are ignored
• TTL-based caching (5 minutes)

polycrate init Alias

New shortcut command for workspace initialization:

# Instead of polycrate workspace init
polycrate init --with-name my-project

Certificate & Backup Name Fix

Certificates and backups are no longer displayed as “Unnamed” - the Operator now correctly reports the name to the API.

→ Full Release Notes

polycrate-operator Block 0.3.17

The polycrate-operator block has been updated to version 0.3.17:

polycrate pull cargo.ayedo.cloud/ayedo/k8s/polycrate-operator
polycrate run polycrate-operator install

Update Now

polycrate update 0.29.10

Or download the binaries directly from PolyHub.

Polycrate is ayedo’s Infrastructure-as-Code tool for declarative multi-cluster management. Learn more →