Installing Policy Controller 1.18.0 or newer will fail unless you first enable the anthospolicycontroller.googleapis.com API
Share
Services
## Breaking
Installing Policy Controller 1.18.0 or newer will fail unless you first enable the `anthospolicycontroller.googleapis.com` API. For more information on directly installing and managing Policy Controller, see [Install Policy Controller](https://cloud.google.com/anthos-config-management/docs/how-to/installing-policy-controller#gcloud-policy-controller).
## Announcement
Policy Controller now has its own release notes page. For future announcements, visit [Policy Controller release notes](https://cloud.google.com/anthos-config-management/docs/policy-controller/release-notes).
## Announcement
Dynamic namespace selection using the `spec.mode` field in the NamespaceSelector CRD is now generally available (GA). This feature supports deploying namespace-scoped resources in matching Namespaces statically-declared in the source of truth and dynamically present on the cluster. For more information, refer to [NamespaceSelector mode](https://cloud.google.com/anthos-config-management/docs/how-to/namespace-scoped-objects#namespaceselector%5Fmode).
## Feature
Config Sync now supports specifying CA certificates for helm and OCI source types. This is surfaced on the `caCertSecretRef` field on the RootSync and RepoSync APIs. For more information, refer to [RootSync and RepoSync fields](https://cloud.google.com/anthos-config-management/docs/reference/rootsync-reposync-fields).
## Change
Policy Controller bundles have been updated to the following versions: `cis-gke-v1.5.0`: `202403.0`, `nist-sp-800-190`: `202403.0`, `nist-sp-800-53-r5`: `202403.0`, `pci-dss-v3.2.1`: `202403.0`, `pci-dss-v4.0`: `202403.0`, `policy-essentials-v2022`: `202403.0`, `pss-baseline-v2022`: `202403.1`, `pss-restricted-v2022`: `202403.1`. For reference, see [Policy Controller bundles overview](https://cloud.google.com/anthos-config-management/docs/concepts/policy-controller-bundles).
## Change
When syncing from Helm, Config Sync now retries faster on errors with exponential backoff.
## Change
Reduced memory footprint in reconcilers by not loading the OpenAPI when the Config Sync admission webhook is disabled.
## Change
On Autopilot clusters, the `helm-sync` container CPU request is changed from 150m to 250m, and memory request is changed from 256Mi to 384Mi. For information on resource requirements, see [Resource requests](https://cloud.google.com/anthos-config-management/docs/how-to/installing-config-sync#resource%5Frequests).
## Change
Upgraded bundled Helm version from v3.13.3 to [v3.14.3](https://github.com/helm/helm/releases/tag/v3.14.3) to pick up vulnerability fixes. To understand the changes in each release, review the [changelogs](https://github.com/helm/helm/releases).
What else is happening at Google Cloud Platform?
M121 release CUDA 12.2 images are now available. Updated TensorFlow 2.15 images from CUDA 12.1 to CUDA 12.2
about 8 hours ago
Services
Share
Storage Transfer Service now supports transfers from Amazon S3 over a Google-managed private network
about 8 hours ago
Services
Share
M121 release Updated the R CPU container image from R 4.3 to R 4.4
about 8 hours ago
Services
Share
We released an updated version of Apigee (1-12-0-apigee-4-hotfix)
about 9 hours ago
Services
Share