v1.4.3-rc1

v1.4.3-rc1

Enhancements

• CLI variables should be coming from the resources itself (kyverno#1996)
• Adding ownerRef with namespace for Kyverno managed webhook configurations (kyverno#2263)
• Support new policy report CRD kyverno#1753, (kyverno#2376)
• Clean up formatting in mutate test file (kyverno#2338)
• Add test case for non zero index patches with patchesJson6902 (kyverno#2339)
• Cleanup Kustomization configurations (kyverno#2274)
• Kyverno CLI apply command improvements (kyverno#2342, kyverno#2331, kyverno#2318, kyverno#2310, kyverno#2296, kyverno#2290, kyverno#2122, kyverno#2120, kyverno#2367)
• Validate path element begins with a forward slash in patchesJson6902 (kyverno#2117)
• Support gvk in CLI for policies applied on cluster (kyverno#2363)
• Update cosign (kyverno#2266)
• Allow users to skip policy validation when mutating resources (kyverno#2185)
• Allow NetworkPolicy customization (kyverno#2287)
• Patch labels to Helm templates (kyverno#2262)
• Support for configurable automatic refresh of metrics and selective exposure of metrics at namespace-level (kyverno#2268)
• Support global anchor behavior in validation and mutation rules (kyverno#2201)

Bug Fixes

• Unable to use GreaterThan operator with precondition (kyverno#2211)
• Fix precondition logic for mutating policies (kyverno#2271, kyverno#2228, kyverno#2352)
• Fix Kyverno Deployment updateStrategy (kyverno#1982)
• Helm chart releases are not gated behind something like a tag (kyverno#2264)
• Add validation for generate loops (kyverno#1941)
• Policy doesn't work when match.resources.kinds is set to Policy/ClusterPolicy (kyverno#2149)
• Kyverno CLI panics when context is added to rule, but not actually used (kyverno#2289)
• Generate policies with background:false and synchronize:false are still re-evaluated every 15mins (kyverno#2181)
• Tests applied on excluded resources should succeed (kyverno#2295)
• Kyverno CLI with context variables needs documentation (kyverno#2291)
• Kyverno CLI test requires var resolution for non-applicable resources (kyverno#2331)
• Test command result showing Notfound in result (kyverno#2296)
• any/all in match block fails in the CLI (kyverno#2350)
• JMESPath contains function behavior not consistent in Kyverno vs upstream (kyverno#2345)
• patchStrategicMerge fails to mutate if policy written with initContainers object (kyverno#1916)
• Check Any and All ResourceFilters during policy mutation (kyverno#2373)
• Support variable replacement in the key of annotations (kyverno#2316)
• Background scan doesn't work with any/all (kyverno#2299)

Others

• Kyverno gives error when installed with KEDA (kyverno#2267)
• Using Argo to deploy, baseline policies are constantly out-of-sync (kyverno#2234)
• Policy update, flux2-multi-tenancy fails to update kyverno to v1.4.2-rc3 (kyverno#2241)
• Throws a variable substitution error in spite of no variable present in the policy (kyverno#2374)

v1.3.0-rc8

Changelog

ab5f227 1314 validate rule (kyverno#1368)
c1764a8 1370 clean up stale RCRs (kyverno#1373)
3275326 Merge pull request kyverno#1369 from realshuting/1366_fix_webhook_registration
b7cecd0 Merge pull request kyverno#1375 from kyverno/1292_match_namespace
39421ca Reduce RCR throttling requests (kyverno#1376)
54b0afb clean up old webhooks before registering new ones
d4327ae match/exclude ns resource name
2613a6c pkg/webhooks/server.go (kyverno#1372)
ce19b56 tag v1.3.0-rc8

v1.3.0-rc7

Changelog

624b481 Fix 1351 - policy report (kyverno#1359)
630a9cc Fix Kyverno crash when CRD is not installed (kyverno#1353)
673b3bf Merge pull request kyverno#1347 from chipzoller/main
9cae63e Merge pull request kyverno#1352 from kyverno/1332_wildcards_in_labels
c953398 Merge pull request kyverno#1361 from kyverno/1332_wildcard_keys_in_patterns
a649151 Revert "ignore non-policy files while loading"
59ba4fe add annotation wildcard support
42b101d add drop all policy
50e5e7e add wildcard support for label key and values
8aa0010 add wildcard support for label key and values
733cd06 fixed triggring generate rule (kyverno#1355)
f3b644f handle anchors in keys
6afd2e6 ignore non-policy files in CLI and improve validation messages (kyverno#1362)
c766512 ignore non-policy files while loading
1c2262b merge main
d07058e skipping gr status update (kyverno#1364)
d8d9023 tag v1.3.0-rc7
76b6974 update CRD docs
981bb1c update CRDs
c80ac55 update validation messages
44afdf2 wildcard label and annotation keys validate patterns
13a9a47 wildcard label and annotation keys validate patterns (kyverno#1360)

v1.3.0-rc6

Changelog

2344b2c 1319 fix throttling (kyverno#1341)
2ec5a0f 1319 fix throttling (kyverno#1348)
ecc77da Added log for updated generated resource
dcc7fff Merge branch 'main' into 1298_fix_variable_validation
bfab77a Merge pull request kyverno#1303 from kyverno/1298_fix_variable_validation
d8062eb Merge pull request kyverno#1305 from NoSkillGirl/bug/validation_error_empty_set
9ce20e8 Merge pull request kyverno#1309 from kyverno/bugfix/1306_handle_nil_schema_defaults
ba42585 Merge pull request kyverno#1315 from realshuting/update_github_action
d61e5bf Merge pull request kyverno#1316 from NoSkillGirl/improve_cli_message
1c73dd9 Merge pull request kyverno#1329 from hubwoop/main
a90dcf8 Merge pull request kyverno#1331 from kyverno/1330_validate_condition_operators
756aee3 Merge pull request kyverno#1333 from evalsocket/fix-1291
36615e2 Merge pull request kyverno#1335 from chipzoller/main
c22d97a Merge pull request kyverno#1342 from realshuting/fix_panic
3dfe316 add logger
f6c2283 add nil checks and refactor schema lookups
3a29f3a added log level
27f9516 allow wildcards in condition values
e67779e allow wildcards in condition values
75bd8e2 also trim in context query
c3d204a changes the pod requests and limits example policy, indicating that configuring memory limits is recommended
276e863 combine helm release with gh release
bf01287 fix bug in configmap lookup - wrong return value for invalidType
4c47d40 fix check for background mode
6e1be1c fix kyverno#1324
125faaf fix variable substitution
251129d fix wildcard match
40b40fb fixed attotaions for empty set
52d8977 handle complex types for variable substitution
971a752 migrate to chart-releaser
f5d4872 new samples around image practices (kyverno#1302)
9399ade remove --unshallow
48118de small fix
ff8111b split release steps
921cb67 tag v1.3.0-rc6
54f816c trim variable for context lookups
023f5aa update GitHub Action release process
5f3c0ce update github workflow - disable krew release on rc release
76a74b2 update helm repo link (kyverno#1313)
b017762 update policy issue template
45dd5b7 update short names, scope
ec95724 update webhook registration and monitor (kyverno#1318)
2aeb5aa validate conditiona.operator as enum