Installing Policy Controller 1.18.0 or newer will fail unless you first enable the anthospolicycontroller.googleapis.com API

## Breaking Installing Policy Controller 1.18.0 or newer will fail unless you first enable the `anthospolicycontroller.googleapis.com` API. For more information on directly installing and managing Policy Controller, see [Install Policy Controller](https://cloud.google.com/anthos-config-management/docs/how-to/installing-policy-controller#gcloud-policy-controller). ## Announcement Policy Controller now has its own release notes page. For future announcements, visit [Policy Controller release notes](https://cloud.google.com/anthos-config-management/docs/policy-controller/release-notes). ## Announcement Dynamic namespace selection using the `spec.mode` field in the NamespaceSelector CRD is now generally available (GA). This feature supports deploying namespace-scoped resources in matching Namespaces statically-declared in the source of truth and dynamically present on the cluster. For more information, refer to [NamespaceSelector mode](https://cloud.google.com/anthos-config-management/docs/how-to/namespace-scoped-objects#namespaceselector%5Fmode). ## Feature Config Sync now supports specifying CA certificates for helm and OCI source types. This is surfaced on the `caCertSecretRef` field on the RootSync and RepoSync APIs. For more information, refer to [RootSync and RepoSync fields](https://cloud.google.com/anthos-config-management/docs/reference/rootsync-reposync-fields). ## Change Policy Controller bundles have been updated to the following versions: `cis-gke-v1.5.0`: `202403.0`, `nist-sp-800-190`: `202403.0`, `nist-sp-800-53-r5`: `202403.0`, `pci-dss-v3.2.1`: `202403.0`, `pci-dss-v4.0`: `202403.0`, `policy-essentials-v2022`: `202403.0`, `pss-baseline-v2022`: `202403.1`, `pss-restricted-v2022`: `202403.1`. For reference, see [Policy Controller bundles overview](https://cloud.google.com/anthos-config-management/docs/concepts/policy-controller-bundles). ## Change When syncing from Helm, Config Sync now retries faster on errors with exponential backoff. ## Change Reduced memory footprint in reconcilers by not loading the OpenAPI when the Config Sync admission webhook is disabled. ## Change On Autopilot clusters, the `helm-sync` container CPU request is changed from 150m to 250m, and memory request is changed from 256Mi to 384Mi. For information on resource requirements, see [Resource requests](https://cloud.google.com/anthos-config-management/docs/how-to/installing-config-sync#resource%5Frequests). ## Change Upgraded bundled Helm version from v3.13.3 to [v3.14.3](https://github.com/helm/helm/releases/tag/v3.14.3) to pick up vulnerability fixes. To understand the changes in each release, review the [changelogs](https://github.com/helm/helm/releases).