Red Hat Advanced Cluster Security for Kubernetes 3.63 includes feature enhancements, bug fixes, scale improvements, and other changes.

Release date: July 26, 2021

Release tag version change

This release and the subsequent releases of Red Hat Advanced Cluster Security for Kubernetes will use the updated version number convention as major-release.minor-release.patch-release.

New features

Installing by using an Operator

You can now install Red Hat Advanced Cluster Security for Kubernetes on OpenShift Container Platform by using an Operator. The Red Hat Advanced Cluster Security for Kubernetes Operator is available on the OperatorHub. See Installing Red Hat Advanced Cluster Security for Kubernetes by using the Operator for details.

Scoped access control

The way that Red Hat Advanced Cluster Security for Kubernetes handles access control has been updated. You can now define scopes for Kubernetes resources, such as namespaces and clusters, and assign those scopes to roles. See Managing RBAC in Red Hat Advanced Cluster Security for Kubernetes 3.63 and newer for more information.

Improved alert functionality for OpenShift Container Platform

You can now set alerts for detections against the OpenShift Container Platform API server for secrets and config maps.

Important system changes

  • Red Hat Advanced Cluster Security for Kubernetes includes new default policies to monitor access to the kubeadmin secret, the Central Admin secret, and impersonated access to secrets.

  • Red Hat Advanced Cluster Security for Kubernetes 3.63 replaced a default policy, which provides alerts on images that have vulnerabilities with a CVSS score of 7 or higher, with a new default policy that searches for critical severity issues. This new policy is enabled by default. This change only impacts new installations of Red Hat Advanced Cluster Security for Kubernetes.

Image versions

Image Description Current version

Main

Includes Central, Sensor, Admission Controller, and Compliance. Also includes roxctl for use in CI (continuous integration) systems.

registry.redhat.io/rh-acs/main:3.63.0

Scanner

Scans images and nodes.

registry.redhat.io/rh-acs/scanner:2.17.4

Scanner DB

Stores image scan results and vulnerability definitions.

registry.redhat.io/rh-acs/scanner-db:2.17.4

Collector

Collects runtime activity in Kubernetes or OpenShift Container Platform clusters.

registry.redhat.io/rh-acs/collector:3.1.30-latest