Kyverno - v1.7.2
Note
-
A new flag
maxReportChangeRequests
is added to the Kyverno main container, this flag sets the up-limit of reportchangerequests that a namespace can take, or clusterreportchangerequests if matching kinds are cluster-wide resources. The default limit is set to 1000, and it's recommended to configure it to a small threshold on large clusters. Here the large clusters are considered that a policy report has more than 1k results. -
A new flag
splitPolicyReport
is added to the Kyverno main container, to enable/disable the split-up policy reports feature. Disable by default, once enabled thePolicyReports
will be split-up per policy per namespace bases, andClusterPolicyReports
will be split-up per policy bases. -
A new flag
maxQueuedEvents
is added to the Kyverno main container, this flag sets the up-limit of the events that are queued internally.
Enhancements
4233 Limit queued events
4147 Split policy report per policy bases
Bug Fixes
4243 Fix check depreciated api issue
4237 Fix split policyreport name with background scan
4231 Update cosign to v1.9.0
4224 Fix kyverno cli policy-report typo
4213 Only set up logging context if it will be used
4212 Fix UpdateRequest labeling (from pull #4199)
4210 Fix: use the unstructured list instead of interface type
4204 Use non-blocking channel send for UpdateWebhookChan
4200 Fix: merging patches across image verification and mutate policy rules
4199 Fix UpdateRequest labeling
4174 Delete policy reports on policy deletion
4159 Disable event generation for resources on DELETE requests
4156 Switch to use kyverno namespace pod informer to avoid memory growth
4155 Wait for informer caches to be synced before starting controllers
4148 Clean up RCRs if the count exceeds the threshold
4139 Fix external.metrics.k8s.io/v1beta1 issue
4138 Release event memory
Details
- 🔍View and search all Kyverno releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!