Kyverno - v1.10.2
✨ Added ✨
- Added a new
--policyReports
flag to control if the Policy Reports system is enabled or not. When set to a value offalse
, only standard Events and log messages will contain policy violations both in admission mode as well as background scans. - Booleans can now be properly compared in conditional operators without needing to be converted to string. (#7847)
- Added log messages for API call failures. (#7834)
- Events will now be created upon successful resource generation. (#7550)
Helm
- Added an additional check to the ServiceMonitor template to ensure that the cluster supports the
monitoring.coreos.com/v1
API version and if not, it will silently not create the ServiceMonitor instead of failing deployment of the chart. (#7926) - Added chart configurations for cleanup and webhooks. (#7871)
- Add nodeSelector and labels to the cleanup CronJobs. (#7851, #7808)
⚠️ Changed ⚠️
- (kyverno-policies chart) Added a precondition to skip DELETE operations on a couple policies to make them all consistent. (#7883)
- Schema validation for policies matching on CRDs will be skipped. (#7869)
- Performed better validation of policies which use the
cloneList
declaration in generate rules. (#7823) - Removed an extra Event created by Kyverno in some verifyImages rules. (#7810)
- The Event created upon resource mutation has been updated to make more sense. (#7550)
🐛 Fixed 🐛
- Fixed an issue where higher log levels weren't being printed in the logs. (#7877)
- Fixed an issue with an entry in a nil map when validating a policy. (#7874)
- Fixed a type confusion problem. (#7857)
- Fixed an issue with namespaceSelector and matching on Namespaces. (#7837)
- Fixed an issue where category and severity annotations weren't being returned in policy reports from CLI tests. (#7828)
- Fixed an issue where some verifyImages rules may have broken in
Audit
mode. (#7806) - Fixed an issue in target scope validations for generate rules. (#7800)
- Fixed an issue with aggregated admission reports having stale results. (#7798)
- Fixed an issue preventing a rollback when a verifyImages rule was in place. (#7752)
- Removed some obsolete structs from the CLI. (#6802)
Helm
- Fixed a minor chart templating issue in RBAC. (#7774)
Click to expand all PRs
#7926 fix(chart): only create ServiceMonitor if cluster supports it #7888 add flag for policy reports #7883 fix(policy chart): Skip DELETE requests on policies using deny statements #7877 fix log level in `logging` package #7874 policy validation: fix assignment to entry in nil map #7871 feat(chart) Add configurations for cleanup jobs and webhooks #7869 feat: skip schema validation for CRD #7858 fix: add tekton/pipeline to nancy ignore list #7857 fix type confusion in policy validation #7851 Add nodeSelector for cleanupJob CronJob resources #7847 feat: enable operator boolean comparison #7837 fix: namespace label matching for Namespace #7834 Added log message for API call failures #7828 bug: add severity and category in cluster policy report #7823 Feat: cloneList rule validation #7810 fix: skip creating event for an empty resource name #7808 feat: allow pod labels for cleanup jobs #7806 refactor: remove manual keychain refresh from client #7800 fix: target scope validation for the generate rule #7798 fix: aggregated admission report not updated correctly #7774 chart: fix admission controller rbac templating #7752 Modified annotation matching during rollback #7550 feat: add events for successful generation #6802 refactor: remove obsolete structs from CLIDetails
date
July 28, 2023, 8:29 a.m.
name
v1.10.2
type
Patch
official page
👇
Register or login to:
- 🔍View and search all Kyverno releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!