Kyverno - v1.8.1


✨Added ✨

  • Support the image verification rule in background scan (#5047)
  • Add startup probes support (#4896)
  • Allow users enable JSON logging with a --loggingFormat=json flag (#4661)
  • Add container registry setting on Helm Chart (#4281)
  • Enable adding annotations to configmaps in the helm chart (#4984)
  • Add flag backgroundScanWorkers to configure the number of background scan workers (#5088)
  • Add user info in admission request logs (#4969)
  • Consider generateName when matching resources (#4945)
  • Add the option to disable PolicySkipped events (#4913)
  • Add argocd labs for metrics-server, kube-prometheus-stack, policy-reporter (#4995, #4988, #4884, #4878)
  • Push and sign install manifests to GHCR (#4895)

⚠️Changed ⚠️

  • Don't report Kyverno pod's readiness until certs are valid (#4934)
  • Harden policy validation for generate cloneList (#4881)
  • Replace AbsPath with RequestURI to support query params (#4849)
  • Policy validation for ValidationFailureActionOverride field (#4784)
  • Sign helm releases (#4801)
  • Update docs: separate dev and user docs (#5114), add resource exclusions note in helm docs (#4989)

🐛Fixed 🐛

  • Allow deletion of target resource data with synchronize false (#5081)
  • Correct side effects in validating webhooks (#5080)
  • Account for policy/rule deletion in aggregated reports (#5048)
  • Image verification reports missing in admission mode (#5037)
  • Lower default qps/burst (#5034)
  • Handle resource cleanup when policy is deleted (#5021)
  • Block policy creation when kinds set is empty (#5016)
  • Non-background policies are not processed in background scan (#5008)
  • Update policy status (#5006)
  • Skip admission report in dry run requests (#4994)
  • Fix webhooks registration when using name override (#4992)
  • Fix missing autogen rules in status (#4971)
  • Don't produce empty admission reports (#4966)
  • Fix debug mode (#4785)
  • Fix helm self signed cert to use SAN (#4745)
  • Fix principal and role variables are not substituted (#5000)
  • Fix fail results are not colored red (#4885)

Complete List of PRs

Click to expand - #5127 fix: remove the empty add entry in Helm chart manifest - #5083 fix: use correct logger in webhook controller - #5081 fix: allow delete of target resource data with synchronize false - #5080 fix: use correct side effects in validating webhooks - #5079 fix: make response order predictable - #5062 fix: configure idle timeout in server - #5059 fix: setup max procs with correct logger - #5056 fix: do not update reports when they are identical - #5055 fix: detection of kyverno going down - #5048 fix: account for policy/rule deletion in aggregated reports - #5046 fix: set env correctly in the CI job - #5043 fix: wrong controller logger names - #5037 fix: image verification reports missing in admission mode - #5035 fix: Attempt to fix the CI failure, extract CI job push-sign-install-manifest - #5034 fix: lower default qps/burst - #5030 fix: lease log message - #5027 fix: add more infos in reports printers - #5022 fix: go routines not gracefully shut down in controllers - #5021 fix: handle resource cleanup when policy is deleted - #5016 fix: policy not denied when kinds set is empty - #5008 fix: don't process non background policies in background scan - #5006 fix: update policy status - #4994 fix: skip admission report in dry run requests - #4992 fix: webhooks not registering when using name override - #4973 fix: use default retry with retryfunc for a conflict - #4971 fix: missing autogen rules in status - #4969 fix: add user info in admission request logs - #4967 fix: missing watchers in resource report controller - #4966 fix: don't produce empty admission reports - #4962 fix: global anchor warning - #4953 fix: improve banned types management in reports - #4951 fix: config reloading not working correctly - #4950 fix: admission reports printer - #4945 fix: consider generateName when matching resources - #4940 fix: set operation in context when necessary - #4934 fix: don't report ready until certs are valid - #4928 fix: panic when bad variable substitution - #4926 fix: probes should work in debug mode - #4919 fix: use constants defined in openapi controller - #4912 fix: openapi controller discovery - #4908 fix: clean background scan reports - #4897 fix: reduce webhook controller logs - #4888 fix: non watchable resources in report controller - #4881 fix: hardening policy validation for generate cloneList - #4867 fix: don't specify rules when aggregationRule is set - #4865 fix: background scan labels - #4863 fix: auto gen enabled when using names - #4849 fix: replace AbsPath with RequestURI to support query params - #4834 fix: call depth in logging package and global logger support for call depth - #4784 fix: policy validation for ValidationFailureActionOverride field - #4794 fix: remove error prone debug field - #4791 fix: remove explicit wait for cache sync - #4789 fix: new cert manager controller never returns error - #4785 fix: debug mode - #4779 fix: remove reference to controller runtime log - #4776 fix: add workers to the controller interface - #4775 fix: parse flags error handling - #4773 fix: Typo in x509_decode JMESPath function's note - #4746 fix: use new client in tls package - #4745 fix: helm self signed cert - #4722 fix: use a single leader election - #5000 fix: principal and role variables are not substituted - #4885 fix: fail results are not colored red - #4853 fix: with results[].resources[] test summary table does not show individual line numbers - #4913 fix: disable PolicySkipped events - #4947 fix: background scan with `request.operation` - #5088 feat: add flag to configure the number of background scan workers - #5073 feat: add simple conformance tests - #5063 feat: add webhook server logger - #5047 feat: add image verification support to background scan - #5031 feat: make shutdown more graceful - #5029 feat: add controller logger helper - #4995 feat: add metrics server and kube-prometheus-stack to argocd lab - #4988 feat: add policy-reporter to argocd lab - #4904 feat: make cert renewer private and add server name support - #4896 feat: add startup probes support - #4818 feat: use a dedicated policy metrics controller - #4812 feat: add context funcs to logging package - #4811 feat: add context support to leader election - #4724 feat: add typed client support and metrics wrapper - #4661 feat: allow users enable JSON logging with a --loggingFormat=json flag - #4281 feat: Add container registry setting on Helm Chart - #4984 feat: Enable adding annotations to configmaps in the helm chart - #5075 refactor: simplify variables regex - #4985 refactor: add update status helper - #4910 refactor: openapi controller part 2 - #4901 refactor: openapi controller part 1 - #4846 refactor: manage webhooks with webhook controller - #4838 refactor: add config support to webhook controller - #4832 refactor: leader controllers management - #4831 refactor: non leader controllers management - #4821 refactor: split main into sub funcs - #4820 refactor: make tls cert func not depending on cert controller - #4810 refactor: split main into sub funcs - #4796 refactor: split main func for metrics - #4795 refactor: split main into funcs - #4792 refactor: make cert manager a real controller - #4765 refactor: make server owner of the cleanup chan - #4764 refactor: more context less chans - #4761 refactor: use context in controllers instead of chan - #4760 refactor: use context in openapi controller - #4756 refactor: use context in dynamic client instead of chan - #4754 refactor: split main in a couple of funcs and use local loggers - #4752 refactor: move from io/ioutil to io and os packages - #4749 refactor: introduce webhook controller - #5125 chore: remove old version of golang.org/x/sys to cleanup deps - #5015 chore: remove RBACInfo check - #4954 chore: updates with case insensitivity guarantee - #4943 chore: bump a few deps - #4925 chore: bump a couple of deps - #4842 chore: bump a couple of deps - #4922 chore: add COSIGN_REPOSITORY env to ko-publish-dev step - #4918 chore: update controller-tools to v0.10.0 - #4903 chore: remove unnecessary dependencies from tls package - #4829 chore: upgrade controller-runtime dependency - #4802 chore: bump a couple of deps - #4790 chore: bump a few deps - #4781 update cosign and k8s-manifest-sigstore - #4766 chore: add package logger in files - #4750 chore: add and use package level logger - #4895 chore: Push and sign install manifests to GHCR - #4884 chore: add argocd lab - #4809 chore: filter validation policies using ValidationFailureActionOverride - #4803 chore: use concurrent map v2 (generics) - #4801 chore: signing helm releases - #4747 chore: use constant in cert manager controller - #4742 chore: speed up helm docs gen on mac - #5110 ci: Fix publishing install manifests with Flux - #5091 ci: Use the Docker login action for GHCR auth - #5082 test: add best practices policies in conformance tests - #4712 test: add security context and resource block to test - #5114 docs: separate dev and user docs - #4989 docs: add resource exclusions note in helm docs - #4878 docs: add section in helm docs to install with argocd

Details

date
Oct. 25, 2022, 6:10 a.m.
name
v1.8.1
type
Patch
👇
Register or login to:
  • 🔍View and search all Kyverno releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or