🚀 Release v13.2.0 (#1539)

github-actions[bot] · web-flow · commit 7007e717fd99 · 2026-06-24T19:53:53.000+02:00
Co-authored-by: github-actions[bot] &lt;github-actions[bot]@users.noreply.github.com&gt;
diff --git a/charts/mondoo-operator/Chart.yaml b/charts/mondoo-operator/Chart.yaml
@@ -16,10 +16,10 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 13.1.1
+version: 13.2.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "13.1.1"
+appVersion: "13.2.0"
 icon: https://raw.githubusercontent.com/mondoohq/mondoo-operator/main/charts/mondoo-operator/icon.svg
diff --git a/charts/mondoo-operator/files/crds/k8s.mondoo.com_mondooauditconfigs.yaml b/charts/mondoo-operator/files/crds/k8s.mondoo.com_mondooauditconfigs.yaml
@@ -95,6 +95,13 @@ spec:
                 type: object
               containers:
                 properties:
+                  activeDeadline:
+                    description: |-
+                      ActiveDeadline sets a time limit for the scan Job. If the scan does not complete within
+                      this duration, the Job is terminated. Useful for bounding runaway scans that enter GC
+                      thrashing before OOM. Specified as a Go duration string (e.g. "30m", "1h").
+                      No default — if unset, the Job runs until completion or OOM.
+                    type: string
                   enable:
                     type: boolean
                   env:
@@ -341,6 +348,13 @@ spec:
                           clusterName:
                             description: ClusterName is the AKS cluster name.
                             type: string
+                          endpoint:
+                            description: |-
+                              Endpoint optionally overrides the Kubernetes API server endpoint URL.
+                              When set, the init container uses this URL instead of the auto-discovered endpoint.
+                              Must start with "https://".
+                            pattern: ^https://
+                            type: string
                           loginServer:
                             description: |-
                               LoginServer is the ACR login server URL (e.g., "myregistry.azurecr.io").
@@ -370,6 +384,13 @@ spec:
                           clusterName:
                             description: ClusterName is the EKS cluster name.
                             type: string
+                          endpoint:
+                            description: |-
+                              Endpoint optionally overrides the Kubernetes API server endpoint URL.
+                              When set, the init container uses this URL instead of the auto-discovered endpoint.
+                              Must start with "https://".
+                            pattern: ^https://
+                            type: string
                           region:
                             description: Region is the AWS region.
                             type: string
@@ -395,6 +416,13 @@ spec:
                           clusterName:
                             description: ClusterName is the GKE cluster name.
                             type: string
+                          endpoint:
+                            description: |-
+                              Endpoint optionally overrides the Kubernetes API server endpoint URL.
+                              When set, the init container uses this URL instead of the auto-discovered endpoint.
+                              Must start with "https://".
+                            pattern: ^https://
+                            type: string
                           googleServiceAccount:
                             description: |-
                               GoogleServiceAccount is the Google service account to impersonate.
@@ -443,6 +471,12 @@ spec:
                 type: object
               kubernetesResources:
                 properties:
+                  activeDeadline:
+                    description: |-
+                      ActiveDeadline sets a time limit for the scan Job. If the scan does not complete within
+                      this duration, the Job is terminated. Specified as a Go duration string (e.g. "30m", "1h").
+                      No default — if unset, the Job runs until completion or failure.
+                    type: string
                   containerImageScanning:
                     description: |-
                       DEPRECATED: ContainerImageScanning determines whether container images are being scanned. The current implementation
@@ -465,7 +499,8 @@ spec:
                         filtering:
                           description: |-
                             Filtering allows namespace filtering specific to this external cluster.
-                            If not specified, uses the global filtering from MondooAuditConfigSpec.Filtering.
+                            If omitted, the external cluster inherits the global filtering from MondooAuditConfigSpec.Filtering.
+                            Set an empty filtering object to scan all namespaces for this external cluster even when global filtering is configured.
                           properties:
                             namespaces:
                               properties:
@@ -708,6 +743,13 @@ spec:
                                 clusterName:
                                   description: ClusterName is the AKS cluster name.
                                   type: string
+                                endpoint:
+                                  description: |-
+                                    Endpoint optionally overrides the Kubernetes API server endpoint URL.
+                                    When set, the init container uses this URL instead of the auto-discovered endpoint.
+                                    Must start with "https://".
+                                  pattern: ^https://
+                                  type: string
                                 loginServer:
                                   description: |-
                                     LoginServer is the ACR login server URL (e.g., "myregistry.azurecr.io").
@@ -737,6 +779,13 @@ spec:
                                 clusterName:
                                   description: ClusterName is the EKS cluster name.
                                   type: string
+                                endpoint:
+                                  description: |-
+                                    Endpoint optionally overrides the Kubernetes API server endpoint URL.
+                                    When set, the init container uses this URL instead of the auto-discovered endpoint.
+                                    Must start with "https://".
+                                  pattern: ^https://
+                                  type: string
                                 region:
                                   description: Region is the AWS region.
                                   type: string
@@ -762,6 +811,13 @@ spec:
                                 clusterName:
                                   description: ClusterName is the GKE cluster name.
                                   type: string
+                                endpoint:
+                                  description: |-
+                                    Endpoint optionally overrides the Kubernetes API server endpoint URL.
+                                    When set, the init container uses this URL instead of the auto-discovered endpoint.
+                                    Must start with "https://".
+                                  pattern: ^https://
+                                  type: string
                                 googleServiceAccount:
                                   description: |-
                                     GoogleServiceAccount is the Google service account to impersonate.
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
@@ -15,4 +15,4 @@ kind: Kustomization
 images:
   - name: controller
     newName: ghcr.io/mondoohq/mondoo-operator
-    newTag: v13.1.1
+    newTag: v13.2.0
