Kyverno - v1.8.0


Features

4840 Update PSa images dsecription

4814 Fix psa validation

4768 chore: change charts registry url

4735 Add PSa policy validations

4713 feat: add match label selector support with multiple clone

4710 Support PSa integration by controlName only

4664 Added x509_decode JMESPath function

4642 feat: introduce RCR interface

4639 feat: add controller utils tools

4638 feat: add feature flag to disable background scan

4628 feat: add explicit key support to controller utils

4608 feat: reports v2 implementation

4588 chore: add messages in makefile kind targets

4583 chore: add a codegen-quick makefile target

4577 chore: add toggle package unit tests

4573 chore: preserve pr title in cherry picks

4563 chore: switch to github.com/IGLOU-EU/go-wildcard

4558 allow PSa validation with no exceptions

4527 add random filter

4522 chore: add protectManagedResources flag to changelog

4516 chore: add unit tests for pkg/utils/json

4514 Support V2beta1 Version

4511 chore: update my affiliation in maintainers

4507 docs: add section for generating helm docs and crds

4503 chore: test for k8s 1.25

4501 docs: add section about switching between docker and ko

4492 feat: support switching build with docker or ko

4482 chore: add kocache

4476 docs: add api docs generation

4475 Add PodSecurity descriptions

4470 chore: enable cherry-pick bot

4467 feat: enable autogen client from makefile

4416 [Feature] Add ability to get additional policies from restricted

4414 feat: add kyverno managed resources protection

4400 [Feature] Add posibility to set validationFailureAction by Policy

4389 feat: remove context api call constraints

4384 feat: allow cloning multiple resource from a namespace

4381 feat: enable autogen internals by default

4366 feat: use ko to build images

4364 Extend Pod Security Admission

4359 Add the metric "kyverno_client_queries_total"

4323 support failurePolicy in kyverno-policies helm chart

4312 Change resource names to plurals

4308 Added kubeconfig flag support

4299 [Helm] Added ability to remove namespaces from default resourceFilters list

4292 Tightened scope on apiGroups for kyverno:events Clusterrole

4290 Context vars substitution in CLI

4283 [Helm Chart] additional init and sidecar container

4277 feat: auto optimize GOMAXPROCS

4269 Reset policy status on termination

4260 Add Techcombank to adopters

4251 feature: added new type of event, PolicySkipped

4236 Limit queued events

4235 Yaml signing and verification

4227 Implementing flag to show all failing tests only through the test command

4219 chore: use new distroless base image provided by distroless org

4214 Add shutdown methods for exporters and controllers

4207 Make method public

4196 add applyRules to control whether one or all rules are applied

3890 feat: gracefull certificates rotation support

3859 chore: remove ca-certificates from our repository

3851 feat: fetch tls certificate dynamically

3820 feat: add raw api call support

Enhancements

4591 enhance jmespath random-filter

4541 chore: add unit test for updating ur status

4512 chore: add unit tests for pkg/utils/yaml

4510 chore: add unit tests for pkg/utils/wildcard

4509 chore: add unit tests for pkg/utils/os

4508 chore: add unit tests for pkg/utils/image

4506 chore: add wildcard unit test

4488 Improve printer column name for validationFailureAction

4486 chore: relax auto update PRs conditions

4477 chore: add makefile help comments

4468 chore: speed up local image builds

4451 Skip validate rules if the conditional anchor does not match

4458 docs: add section for deploying a local build

4452 docs: add pushing images section

4449 docs: add local image build section

4445 docs: add section for local builds

4443 docs: add section for dev tools

4361 Update pr_documentation.md

4355 Update wgpolicyk8s.io CRDs

4344 update apply help message

4341 Added appropriate logging levels to log.Info() calls wherever necessary

4215 Corrected description for UpdateRequest struct

4194 feat: improve flag message for disableMetricsExport

4129 return helpful error message on invalid patched resources.

4011 chore: remove unused ur errors

3989 chore: enable nosprintfhostport linter

3959 chore: enable goimports linter

3958 chore: make kyverno informers and listers import aliases consistent

3957 chore: make kube informers and listers import aliases consistent

3956 chore: make clients import aliases consistent

3952 feat: add controller utils package

3951 chore: make dclient import aliases consistent

3950 chore: make k8s api import aliases consistent

3946 chore: enable paralleltest linter

3945 chore: enable ifshort linter

3941 chore: enable nolintlint linter

3940 chore: enable grouper linter

3939 chore: make kyverno api import aliases consistent

3937 chore: enable makezero linter

3932 chore: enable misspell linter

3931 chore: enable gofmt and gofumpt linters

3930 chore: enable gci linter

3926 chore: enable errname linter

3921 chore: enable dogsled linter

3920 chore: enable decorder linter

3902 chore: remove unused function

3899 chore: enable goprintffuncname linter

3898 chore: enable wastedassign linter

3888 chore: enable noctx linter

3882 chore: enable importas linter

3874 chore: enable gochecknoinits linter

3873 chore: enable containedctx linter

3871 chore: enable asciicheck and bidichk linters

3870 chore: enable durationcheck linter

3869 chore: enable exportloopref linter

3868 chore: enable tenv thelper and tparallel linters

3867 chore: add unconvert linter

3862 chore: enable more linters

3855 chore: increase golangci-lint timeout

Bug Fixes

4836 fix extension checks

4822 fix: validationFailureAction default value

4815 fix: controllers start in loop

4804 Skip succeed rules when building the blocked return message

4793 fix: logger panic

4786 fix: subject and issuer validation when attestations are present

4751 fix: watch error in resource controller

4743 fix: reports not generated

4738 fix: publish yaml manifests in release instead of repo

4727 fix: output make messages to stderr

4718 fix: change key used in test

4703 fix: missing client wrapper

4697 fix: jmespath random error handling

4685 fix: bump net standard lib

4684 fix: handle auth permission for cloneList validation

4681 fix: shutdown controllers workers gracefully

4671 fix: namespaced policy targets validation and scoping them to the policy namespace

4670 Fix issue for wildcard versions

4654 fix: missing elements in v2beta1 api

4653 fix: namespaced policy not validated in engine

4650 fix: split webhook handlers per failure policy

4637 fix: incorrect namespace in report controller

4636 fix: remove RCR from mutation webhook

4629 fix: containerd dependency vulnerability

4617 fix: background printer column

4601 fix: lock in policy report mapper

4600 Fix multiple crd slowness issue

4582 fix: typo

4576 fix: split policy report flag

4540 fix: defer ur update until validation passes

4515 fix: load policy and add tests

4493 fix: incorrect kustomize call in makefile

4491 fix: fetch history in pre-checks job

4490 fix: api reference docs

4483 fix: release workflow

4478 fix: auto update pr workflow

4474 Fix logger format

4464 fix: warning in all makefile targets

4462 fix: local image build with docker

4444 fix: update go-wildcard to v1.0.5

4438 chore: fix workflows related to ko recent changes

4419 fix: make ldflags optional in .ko.yaml

4417 fix: Add --bare for ko-build-dev targets

4405 fix: chart docs for generatecontrollerExtraResources

4393 fix: duration metrics precision

4388 chore: fix golangcilint timeout

4387 chore: fix goimports check not working in ci job

4378 fix: missing aggregated role for UR

4370 fix: exclude autogen rules when autogen internals is enabled

4368 fix: prevent installing helm chart in namespace kube-system

4362 fix: fix the verbosity of reconciling logs in the config controller

4349 Fix deprecated api policy issue

4348 fix: image verify logs

4331 Fix PEM delimiter parse

4315 Fix Kyverno Events Missing Error Message

4297 Fix pr image verify blocked

4275 Fix multiple crd slowness issue

4263 fix: use an absolute path in docker entrypoint

4202 Fix merging JSON patches

4198 Fix metrics with invalid validationMode

4171 fix: use official controller-gen

4057 fix: add missing release notes in helm chart

3995 fix: init container gr copy

3948 fix: add helmignore

3944 fix: use admissionrequest subresource to filter webhooks

3943 fix: cache warmup log message

3924 fix: return type changed to bool in jpfCompare fn

3891 fix: write secret

3860 fix: remove code to load CA from kubeconfig

3846 fix: golangci-lint warnings in pkg

3843 fix: golangci-lint warnings in cmd

3804 fix: include ca key in secret

Others

4706 chore: refactor manifests related makefile targets

4691 refactor: replace signal package by signal.NotifyContext

4680 refactor: use pod name as leader id

4646 refactor: update log based on the policy types

4641 refactor: split policyreport api files

4640 refactor: add a couple of constants in api

4598 refactor: info in policyreport package

4578 refactor: simplify RCR creator queue

4570 refactor: move generation handler out of webhooks package

4569 refactor: move image verification handler out of webhooks package

4567 refactor: move mutation handler out of webhooks package

4562 refactor: move validation audit out of webhooks package

4556 refactor: move validation handler out of webhooks package

4554 refactor: make webhook metrics helpers static

4545 refactor: move webhook events utils in utils package

4535 refactor: introduce ur updater

4531 refactor: webhook block and unit tests

4529 refactor: webhook propagate start time along handlers

4528 refactor: webhook exclusion and unit tests

4525 refactor: use generics in client wrappers

4523 refactor: utils for warnings and unit tests

4519 refactor: client wrappers

4518 refactor: add auth interface and unit tests

4498 chore: refactor helm targets in makefile

4494 refactor: verify codegen targets in makefile

4484 refactor: clean webhooks logs

4480 refactor: webhook policy context creation

4456 refactor: make toggles easier to define and use

4454 refactor: clearly separate makefile docker targets for build and publish

4450 refactor: clearly separate makefile ko targets for build and publish

4441 refactor: docker related makefile targets

4418 refactor: makefile build targets

4403 refactor: tools install in makefile

4090 refactor: finish refactoring generate e2e tests

4041 refactor: to remove generate cleanup controller

3975 refactor: make registry client variables private

3974 refactor: ur cleaner controller

3949 refactor: clean updaterequest generator

3925 refactor: separate policy cache and controller

3919 refactor: policy cache

3908 refactor: separate resource mutation/validation handlers from server

3905 refactor: separate policy mutation/validation handlers from server

3904 refactor: webhooks server logger

3886 refactor: remove deployment hash on certs secrets

3854 refactor: cleanup tls package

3853 refactor: init certs with certs renewer directly

3850 refactor: remove the need for self-signed annotation on cert secret

3823 refactor: make config vars private

4692 chore: cleanup go.mod

4677 chore: bump minimum go version

4631 chore: bump cosign 1.12.0 to fix vulnerabilities

4485 chore: bump cache action and improve paths

4413 bump golang 1.18.5 version digest in Dockerfile

4408 bump cosign deps version to 1.11.1

4328 chore(deps): bump github.com/sigstore/cosign from 1.10.0 to 1.10.1

4596 Update helm releases path

4551 Update helm release config

4479 chore: publish helm charts to ghcr.io


Details

date
Oct. 10, 2022, 9:06 a.m.
name
v1.8.0
type
Minor
👇
Register or login to:
  • 🔍View and search all Kyverno releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or