Kyverno - v1.8.0
Features
4840 Update PSa images dsecription
4814 Fix psa validation
4768 chore: change charts registry url
4735 Add PSa policy validations
4713 feat: add match label selector support with multiple clone
4710 Support PSa integration by controlName
only
4664 Added x509_decode
JMESPath function
4642 feat: introduce RCR interface
4639 feat: add controller utils tools
4638 feat: add feature flag to disable background scan
4628 feat: add explicit key support to controller utils
4608 feat: reports v2 implementation
4588 chore: add messages in makefile kind targets
4583 chore: add a codegen-quick makefile target
4577 chore: add toggle package unit tests
4573 chore: preserve pr title in cherry picks
4563 chore: switch to github.com/IGLOU-EU/go-wildcard
4558 allow PSa validation with no exceptions
4527 add random filter
4522 chore: add protectManagedResources flag to changelog
4516 chore: add unit tests for pkg/utils/json
4514 Support V2beta1 Version
4511 chore: update my affiliation in maintainers
4507 docs: add section for generating helm docs and crds
4503 chore: test for k8s 1.25
4501 docs: add section about switching between docker and ko
4492 feat: support switching build with docker or ko
4482 chore: add kocache
4476 docs: add api docs generation
4475 Add PodSecurity descriptions
4470 chore: enable cherry-pick bot
4467 feat: enable autogen client from makefile
4416 [Feature] Add ability to get additional policies from restricted
4414 feat: add kyverno managed resources protection
4400 [Feature] Add posibility to set validationFailureAction by Policy
4389 feat: remove context api call constraints
4384 feat: allow cloning multiple resource from a namespace
4381 feat: enable autogen internals by default
4366 feat: use ko to build images
4364 Extend Pod Security Admission
4359 Add the metric "kyverno_client_queries_total"
4323 support failurePolicy in kyverno-policies helm chart
4312 Change resource names to plurals
4308 Added kubeconfig flag support
4299 [Helm] Added ability to remove namespaces from default resourceFilters list
4292 Tightened scope on apiGroups for kyverno:events Clusterrole
4290 Context vars substitution in CLI
4283 [Helm Chart] additional init and sidecar container
4277 feat: auto optimize GOMAXPROCS
4269 Reset policy status on termination
4260 Add Techcombank to adopters
4251 feature: added new type of event, PolicySkipped
4236 Limit queued events
4235 Yaml signing and verification
4227 Implementing flag to show all failing tests only through the test command
4219 chore: use new distroless base image provided by distroless org
4214 Add shutdown methods for exporters and controllers
4207 Make method public
4196 add applyRules to control whether one or all rules are applied
3890 feat: gracefull certificates rotation support
3859 chore: remove ca-certificates from our repository
3851 feat: fetch tls certificate dynamically
3820 feat: add raw api call support
Enhancements
4591 enhance jmespath random-filter
4541 chore: add unit test for updating ur status
4512 chore: add unit tests for pkg/utils/yaml
4510 chore: add unit tests for pkg/utils/wildcard
4509 chore: add unit tests for pkg/utils/os
4508 chore: add unit tests for pkg/utils/image
4506 chore: add wildcard unit test
4488 Improve printer column name for validationFailureAction
4486 chore: relax auto update PRs conditions
4477 chore: add makefile help comments
4468 chore: speed up local image builds
4451 Skip validate rules if the conditional anchor does not match
4458 docs: add section for deploying a local build
4452 docs: add pushing images section
4449 docs: add local image build section
4445 docs: add section for local builds
4443 docs: add section for dev tools
4361 Update pr_documentation.md
4355 Update wgpolicyk8s.io CRDs
4344 update apply help message
4341 Added appropriate logging levels to log.Info() calls wherever necessary
4215 Corrected description for UpdateRequest struct
4194 feat: improve flag message for disableMetricsExport
4129 return helpful error message on invalid patched resources.
4011 chore: remove unused ur errors
3989 chore: enable nosprintfhostport linter
3959 chore: enable goimports linter
3958 chore: make kyverno informers and listers import aliases consistent
3957 chore: make kube informers and listers import aliases consistent
3956 chore: make clients import aliases consistent
3952 feat: add controller utils package
3951 chore: make dclient import aliases consistent
3950 chore: make k8s api import aliases consistent
3946 chore: enable paralleltest linter
3945 chore: enable ifshort linter
3941 chore: enable nolintlint linter
3940 chore: enable grouper linter
3939 chore: make kyverno api import aliases consistent
3937 chore: enable makezero linter
3932 chore: enable misspell linter
3931 chore: enable gofmt and gofumpt linters
3930 chore: enable gci linter
3926 chore: enable errname linter
3921 chore: enable dogsled linter
3920 chore: enable decorder linter
3902 chore: remove unused function
3899 chore: enable goprintffuncname linter
3898 chore: enable wastedassign linter
3888 chore: enable noctx linter
3882 chore: enable importas linter
3874 chore: enable gochecknoinits linter
3873 chore: enable containedctx linter
3871 chore: enable asciicheck and bidichk linters
3870 chore: enable durationcheck linter
3869 chore: enable exportloopref linter
3868 chore: enable tenv thelper and tparallel linters
3867 chore: add unconvert linter
3862 chore: enable more linters
3855 chore: increase golangci-lint timeout
Bug Fixes
4836 fix extension checks
4822 fix: validationFailureAction default value
4815 fix: controllers start in loop
4804 Skip succeed rules when building the blocked return message
4793 fix: logger panic
4786 fix: subject and issuer validation when attestations are present
4751 fix: watch error in resource controller
4743 fix: reports not generated
4738 fix: publish yaml manifests in release instead of repo
4727 fix: output make messages to stderr
4718 fix: change key used in test
4703 fix: missing client wrapper
4697 fix: jmespath random error handling
4685 fix: bump net standard lib
4684 fix: handle auth permission for cloneList validation
4681 fix: shutdown controllers workers gracefully
4671 fix: namespaced policy targets validation and scoping them to the policy namespace
4670 Fix issue for wildcard versions
4654 fix: missing elements in v2beta1 api
4653 fix: namespaced policy not validated in engine
4650 fix: split webhook handlers per failure policy
4637 fix: incorrect namespace in report controller
4636 fix: remove RCR from mutation webhook
4629 fix: containerd dependency vulnerability
4617 fix: background printer column
4601 fix: lock in policy report mapper
4600 Fix multiple crd slowness issue
4582 fix: typo
4576 fix: split policy report flag
4540 fix: defer ur update until validation passes
4515 fix: load policy and add tests
4493 fix: incorrect kustomize call in makefile
4491 fix: fetch history in pre-checks job
4490 fix: api reference docs
4483 fix: release workflow
4478 fix: auto update pr workflow
4474 Fix logger format
4464 fix: warning in all makefile targets
4462 fix: local image build with docker
4444 fix: update go-wildcard to v1.0.5
4438 chore: fix workflows related to ko recent changes
4419 fix: make ldflags optional in .ko.yaml
4417 fix: Add --bare for ko-build-dev targets
4405 fix: chart docs for generatecontrollerExtraResources
4393 fix: duration metrics precision
4388 chore: fix golangcilint timeout
4387 chore: fix goimports check not working in ci job
4378 fix: missing aggregated role for UR
4370 fix: exclude autogen rules when autogen internals is enabled
4368 fix: prevent installing helm chart in namespace kube-system
4362 fix: fix the verbosity of reconciling logs in the config controller
4349 Fix deprecated api policy issue
4348 fix: image verify logs
4331 Fix PEM delimiter parse
4315 Fix Kyverno Events Missing Error Message
4297 Fix pr image verify blocked
4275 Fix multiple crd slowness issue
4263 fix: use an absolute path in docker entrypoint
4202 Fix merging JSON patches
4198 Fix metrics with invalid validationMode
4171 fix: use official controller-gen
4057 fix: add missing release notes in helm chart
3995 fix: init container gr copy
3948 fix: add helmignore
3944 fix: use admissionrequest subresource to filter webhooks
3943 fix: cache warmup log message
3924 fix: return type changed to bool in jpfCompare fn
3891 fix: write secret
3860 fix: remove code to load CA from kubeconfig
3846 fix: golangci-lint warnings in pkg
3843 fix: golangci-lint warnings in cmd
3804 fix: include ca key in secret
Others
4706 chore: refactor manifests related makefile targets
4691 refactor: replace signal package by signal.NotifyContext
4680 refactor: use pod name as leader id
4646 refactor: update log based on the policy types
4641 refactor: split policyreport api files
4640 refactor: add a couple of constants in api
4598 refactor: info in policyreport package
4578 refactor: simplify RCR creator queue
4570 refactor: move generation handler out of webhooks package
4569 refactor: move image verification handler out of webhooks package
4567 refactor: move mutation handler out of webhooks package
4562 refactor: move validation audit out of webhooks package
4556 refactor: move validation handler out of webhooks package
4554 refactor: make webhook metrics helpers static
4545 refactor: move webhook events utils in utils package
4535 refactor: introduce ur updater
4531 refactor: webhook block and unit tests
4529 refactor: webhook propagate start time along handlers
4528 refactor: webhook exclusion and unit tests
4525 refactor: use generics in client wrappers
4523 refactor: utils for warnings and unit tests
4519 refactor: client wrappers
4518 refactor: add auth interface and unit tests
4498 chore: refactor helm targets in makefile
4494 refactor: verify codegen targets in makefile
4484 refactor: clean webhooks logs
4480 refactor: webhook policy context creation
4456 refactor: make toggles easier to define and use
4454 refactor: clearly separate makefile docker targets for build and publish
4450 refactor: clearly separate makefile ko targets for build and publish
4441 refactor: docker related makefile targets
4418 refactor: makefile build targets
4403 refactor: tools install in makefile
4090 refactor: finish refactoring generate e2e tests
4041 refactor: to remove generate cleanup controller
3975 refactor: make registry client variables private
3974 refactor: ur cleaner controller
3949 refactor: clean updaterequest generator
3925 refactor: separate policy cache and controller
3919 refactor: policy cache
3908 refactor: separate resource mutation/validation handlers from server
3905 refactor: separate policy mutation/validation handlers from server
3904 refactor: webhooks server logger
3886 refactor: remove deployment hash on certs secrets
3854 refactor: cleanup tls package
3853 refactor: init certs with certs renewer directly
3850 refactor: remove the need for self-signed annotation on cert secret
3823 refactor: make config vars private
4692 chore: cleanup go.mod
4677 chore: bump minimum go version
4631 chore: bump cosign 1.12.0 to fix vulnerabilities
4485 chore: bump cache action and improve paths
4413 bump golang 1.18.5 version digest in Dockerfile
4408 bump cosign deps version to 1.11.1
4328 chore(deps): bump github.com/sigstore/cosign from 1.10.0 to 1.10.1
4596 Update helm releases path
4551 Update helm release config
4479 chore: publish helm charts to ghcr.io
Details
date
Oct. 10, 2022, 9:06 a.m.
name
v1.8.0
type
Minor
official page
👇
Register or login to:
- 🔍View and search all Kyverno releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!