Overview All releases

Version History

v10.10.10

v1.12.0 v1.12.0-rc.5 v1.12.0-rc.4 v1.12.0-rc.3 v1.12.0-rc.2 v1.12.0-rc.1 v1.12.0-alpha.5 v1.12.0-alpha.4 v1.12.0-alpha.3 v1.12.0-alpha.2 v1.12.0-alpha.1 v1.12.0-alpha.0 v1.11.4 v1.11.3 v1.11.2 v1.11.2-rc.1 v1.11.1 v1.11.0 v1.11.0-rc.8 v1.11.0-rc.7 v1.11.0-rc.6 v1.11.0-rc.5 v1.11.0-rc.4 v1.11.0-rc.3 v1.11.0-rc.2 v1.11.0-rc.1 v1.11.0-beta.4 v1.11.0-beta.3 v1.11.0-beta.2 v1.11.0-beta.1 v1.10.7 v1.10.6 v1.10.5 v1.10.4 v1.10.3 v1.10.2

v1.10.1

v1.10.1-rc.1 v1.10.0

v1.10.0-rc.1

v1.10.0-beta.1

v1.10.0-alpha.2

v1.10.0-alpha.1

v1.9.5 v1.9.4 v1.9.3 v1.9.2

v1.9.2-rc.1

v1.9.1

v1.9.1-rc.1

v1.9.0

v1.9.0-rc.4

v1.9.0-rc.3

v1.9.0-rc.2

v1.9.0-rc.1

v1.9.0-beta.2

v1.9.0-beta.1

v1.8.5

v1.8.5-rc.1

v1.8.4

v1.8.4-rc.1

v1.8.3

v1.8.3-rc.2

v1.8.3-rc.1

v1.8.2

v1.8.2-rc.2

v1.8.2-rc.1

v1.8.1

v1.8.1-rc.4

v1.8.1-rc.3

v1.8.1-rc.2

v1.8.1-rc1

v1.8.0

v1.8.0-rc6

v1.8.0-rc5

v1.8.0-rc4

v1.8.0-rc3

v1.8.0-rc2

v1.8.0-rc1

v1.7.5 v1.7.4 v1.7.3 v1.7.2

v1.7.2-rc2

v1.7.2-rc1

v1.7.1 v1.7.0

v1.7.0-rc3

v1.7.0-rc2

v1.7.0-rc1

v1.6.3 v1.6.2

v1.6.2-rc3

v1.6.2-rc2

v1.6.2-rc1

v1.6.1

v1.6.1-rc2

v1.6.1-rc1

v1.6.0

v1.6.0-rc4

v1.6.0-rc3

v1.6.0-rc2

v1.6.0-rc1

v1.5.8 v1.5.7 v1.5.6 v1.5.5

v1.5.5-rc1

v1.5.4

v1.5.4-rc2

v1.5.4-rc1

v1.5.3

v1.5.3-rc1

v1.5.2

v1.5.2-rc5

v1.5.2-rc4

v1.5.2-rc3

v1.5.2-rc2

v1.5.2-rc1

v1.5.1

v1.5.0

v1.5.0-rc4

v1.5.0-rc3

v1.5.0-rc2

v1.5.0-rc1

v1.4.3

v1.4.3-rc2

v1.4.3-rc1

v1.4.2

v1.4.2-rc4

v1.4.2-rc3

v1.4.2-rc2

v1.4.2-rc1

v1.4.1

v1.4.0

v1.4.0-rc4

v1.4.0-rc3

v1.4.0-rc2

v1.4.0-rc1

v1.4.0-beta1

v1.3.6

v1.3.6-rc5

v1.3.6-rc4

v1.3.6-rc3

v1.3.6-rc2

v1.3.6-rc1

v1.3.5

v1.3.5-rc5

v1.3.5-rc4

v1.3.5-rc3

v1.3.5-rc2

v1.3.5-rc1

v1.3.4

v1.3.4-rc1

v1.3.3

v1.3.2

v1.3.2-rc3

v1.3.2-rc2

v1.3.2-rc1

v1.3.1

v1.3.0

v1.3.0-rc8

v1.3.0-rc7

v1.3.0-rc6

v1.3.0-rc5

v1.3.0-rc4

v1.3.0-rc3

v1.3.0-rc2

v1.3.0-rc12

v1.3.0-rc11

v1.3.0-rc10

v1.3.0-rc1

v1.2.1

v1.2.0

v1.1.12

v1.1.11

v1.1.10

v1.1.9

v1.1.8

v1.1.7

v1.1.7-rc4

v1.1.7-rc3

v1.1.7-rc2

v1.1.7-rc1

v1.1.6

v1.1.6-rc5

v1.1.6-rc4

v1.1.6-rc3

v1.1.5

v1.1.4

v1.1.4-rc1

v1.1.3

v1.1.3-rc1

v1.1.2

v1.1.1

v1.1.0

v1.0.0

v1.0.0-rc1

v0.11.0

v0.10.0

v0.9.1

v0.9.0

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.0

v0.1.0

Kyverno - v1.10.1

This patch release of 1.10 unblocks users of generate rules using clone-type declarations as mentioned in the 1.10 migration guide.

Please see the complete 1.10.0 release notes if you are installing/upgrading to 1.10.1 without progressing through 1.10.0.

✨ Added ✨

Added the ability to assign custom labels to policy reports (#7416)
All release artifacts are now signed (#7478, #7711)
Added a new environment variable, settable on the background controller, called BACKGROUND_SCAN_INTERVAL which can override the background scan interval from its default of one hour (#7504)
Added a new container flag called --enableDeferredLoading (true by default) which allows disabling of the new deferred/lazy context variable loading system introduced in 1.10.0 (#7694, #7691)

Helm

Added the ability to configure tolerations, resources, and Pod annotations for the admission report cleanup jobs (#7331, #7337, #7366)
Added missing delete verb to the admission reports cleanup job ClusterRole (#7375)
Added the ability to set verbs for the additionalresources ClusterRole used by the background controller to address the inability to generate Roles and ClusterRoles (#7380)
Removal of the Helm chart will now properly remove all Kyverno webhooks (#7633)
Added ability to select cluster on the Grafana dashboard (#7659)
Add relabelings and metricRelabelings config to all ServiceMonitors (#7659)
Make ConfigMap labels for the Grafana dashboard ConfigMap configurable (#7659)
Added ability to use imagePullSecrets for the admission reports cleanup CronJobs (#7730)

⚠️ Changed ⚠️

The new order field available under foreach loops will now be respected when the mutation method is patchStrategicMerge (#7336)
Changed the message returned from a failed permissions check so it's more general in nature (#7362)
Removed the redundant loop protection introduced in 1.10.0 making it possible to match on the same resource kind as Kyverno should generate (#7388)
Performed some internal refactoring of the generate rule type (#7417)
Make it so that setting --webhookTimeout affects all of Kyverno's webhooks and not just the resource webhooks (#7435)
Made it so that the name field for a rule is required (#7464)
Log kind, namespace, and name in processed resources (#7498)
Refactored some reconciliation logic for generate rules (#7531)
Mutation failures, when occurring within a foreach loop, will show the cause (#7563)
Bumped notation-go from 1.0.0-rc.3 to 1.0.0-rc.6 (#7666)
Misc. refactors related to the changes/fixes in deferred/lazy loading (#7675, #7678, #7690)

🐛 Fixed 🐛

Fixed a panic when a user installs a policy with an invalid schema (#6526)
Fixed an issue where the default field in a variable-type context variable was not being used when the result was nil (#7251)
Fixed a panic in the reports controller when it encounters an invalid image (#7332)
Fixed an issue when --protectManagedResources was enabled which prevented generation of bindings (#7363)
Fixed a panic when environment variables weren't passed (#7383)
Fixed an inability to use the target.* variable in a mutate existing rule (#7387)
Fixed a sync issue if an array element was removed from a clone source (#7417)
Fixed an issue preventing background reports from being created if an empty response is received for a given API group (#7428)
Fixed an issue where Policy Exceptions weren't being considered for deletes (#7433)
Fixed an issue preventing one clone source from being used in multiple rules or for multiple targets (#7436)
Fixed an issue with generate rules failing when the trigger resource kind used a forward slash (#7436)
Fixed a generate issue in which removal of a single trigger would remove generated resources it shouldn't have (#7579)
Fixed an issue with how Kyverno reports a failure when it cannot fetch a CRD (#7439)
Fixed an issue with auto-gen not generating the correct matching kinds when overridden with the annotation (#7455)
Fixed another issue with auto-gen in which CronJob translated rules weren't translating variables correctly (#7571)
Fixed an issue with a generate rule using a cloneList declaration so that syncs are observed properly (#7466)
Fixed a panic when the background controller substitutes a variable with nil (#7473)
Fixed the scope validation check for a generate rule so it detects the correct resource kind (#7479)
Fixed an issue preventing generated resources from being removed when preconditions no longer matched (#7496)
Fixed a slightly misleading error message in deny conditions (#7503)
Fixed it (finally) so that no informational logs are produced when logging is set to 0 (#7515)
Fixed removal of ownerReferences when generating via clone a resource across Namespaces (#7517)
Fixed residual issues from 1.10.0 for lazy/deferred loading of context variables (#7552, #7597)
Fixed an issue performing image verification in background mode (#7564)
Make configuring max procs not exit in case of error (#7588)
Fixed some typos in the descriptions of flags applicable to the reports controller (#7617)
Fixed a permissions check when installing a generate policy due to incorrect API group matching (#7628)
Fixed an issue where the service name in a tracer configuration could not be customized (#7644)
Fixed an issue with an image verification rule which would cause updating a Deployment with more than one container to fail (#7692)
Fixed a minor issue in an error message (#7688)
Fixed an issue with locking the schema manager which could result in CRDs not being found (#7704)

Helm

Fixed missing environment variables in the admission controller (#7383)
Fixed missing extraEnvVars on all controllers (#7403)
Fixed an issue templating the new reports cleanup job image (#7430)
Fixed a typo when enabling anti-affinity (#7440)
Fixed missing imagePullSecrets (#7474)
Fixed missing delete verb for Secrets in the admission controller and cleanup controller (#7527, #7679)

Click to expand all PRs

7730 feat: Add option to add imagePullSecrets to cleanup CronJobs 7712 fix: remove show goreleaser version step 7711 fix: release signing 7704 fix: lock schema manager when updating it 7694 Fix deferred loading (cherry-pick #7597) 7692 fix: image verification (cherry-pick #7652) 7691 feat: add lazy loading feature flag (cherry-pick #7680) 7690 refactor: migrate context loaders (part 2) from #7597 (cherry-pick #7677) 7688 fix: Swap any/all in the error message. 7680 feat: add lazy loading feature flag 7679 fix: cleanup controller rbac (cherry-pick #7669) 7678 refactor: migrate context loaders (part 1) from #7597 (cherry-pick #7676) 7677 refactor: migrate context loaders (part 2) from #7597 7676 refactor: migrate context loaders (part 1) from #7597 7675 refactor: add specific loaders from #7597 (cherry-pick #7671) 7671 refactor: add specific loaders from #7597 7669 fix: cleanup controller rbac 7666 [Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 7659 feat: add cluster select and relabling config for ServiceMonitors 7652 fix: image verification with 2+ containers 7644 fix: customizable tracer configuration 7633 feat: enable Helm webhook cleanup hook by default 7628 fix: auth checks with the APIVersion and the subresource 7617 fix: update the flag descriptions of the reports-controller 7597 Fix deferred loading 7596 fix: CLI tests 7590 Add nancy-ignore to make it pass with current dependencies 7589 chore: reduce sleep duration for generate kuttl tests 7588 fix: make configuring max procs not exit in case of error 7579 fix: deletion mismatch for the generate policy 7571 fix: autogen not working correctly with cronjob conditions 7564 fix: background image verification not working 7563 Fix: Mutate: Foreach: Error cause is missing 7552 fix: recursive lazy loading 7531 refactor: generate reconciliation on policy updates 7527 fix: update kyverno admission-controller role to have delete verb for… 7517 fix: Remove ownerReferences when cloning across Namespaces 7515 fix: log level initialisation 7504 feat: add debug env BACKGROUND_SCAN_INTERVAL 7503 fix: misleading error message in deny conditions 7498 fix: log kind/namespace/name in scan errors 7496 fix: Delete downstream objects on precondition fail 7479 fix: target scope validation for the generate rule 7478 feat: sign released artifacts 7474 fix: image pull secrets in admission controller 7473 fix: background controller panics during variables substitution 7466 fix: cloneList sync behavior 7464 fix: rule name not required in the crd schema 7460 fix: flaky generate test 7455 fix: autogen not generating the correct kind 7440 fixed typo in admission controller chart template 7439 fix: error reported when sanity check fails 7436 fix: the same source cannot be used for multiple targets with a generate clone rule 7435 fix: add missing webhook timeouts 7433 fix: exceptions not considered on delete 7430 fix: helm template for cleanup jobs image 7428 fix: reports discovery error 7417 fix: array element removal should be synced to the downstream resource with a generate data sync rule 7416 feat: hold custom labels 7403 fix: missing extraEnvVars in helm chart 7388 Remove policy validation prevent loop for generate 7387 fix mutate targets validation 7383 fix: missing/incorrect env variables 7380 Allow setting verbs for clusterrole extraresources on backgroundController 7375 Add missing delete verb to admission cleanup clusterrole 7366 feat(cronjobs): Enable podAnnotations on CronJobs 7363 fix: protect managed resource not considering other components 7362 fix: permission validation message 7338 fix: flaky kuttl test add-external-secret-prefix 7337 feat: cleanup jobs resources 7336 feat: obey the order field in patchStrategicMerge method 7332 fix: panic in background reports 7331 feat: cleanup job tolerations 7251 Fix: [Bug] The default field in a context variable does not replace nil results 6526 fix: add type conversion error judgment to avoid program panic

Details

date

July 6, 2023, 8:29 a.m.

name

v1.10.1

type

Patch

official page

https://github.com/kyverno/kyverno/releases/tag/v1.10.1

👇

🔍View and search all Kyverno releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity