diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml index b297190a41..621a008c60 100644 --- a/charts/kyverno/Chart.yaml +++ b/charts/kyverno/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: kyverno -version: v1.4.2 -appVersion: v1.4.1 +version: v1.4.3-rc1 +appVersion: v1.4.2-rc1 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png description: Kubernetes Native Policy Management keywords: diff --git a/definitions/install.yaml b/definitions/install.yaml index 1604384098..00cbdcbee2 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno --- apiVersion: apiextensions.k8s.io/v1 @@ -23,7 +23,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: clusterpolicies.kyverno.io spec: group: kyverno.io @@ -540,7 +540,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: clusterpolicyreports.wgpolicyk8s.io spec: group: wgpolicyk8s.io @@ -793,7 +793,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: clusterreportchangerequests.kyverno.io spec: group: kyverno.io @@ -1046,7 +1046,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: generaterequests.kyverno.io spec: group: kyverno.io @@ -1218,7 +1218,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: policies.kyverno.io spec: group: kyverno.io @@ -1735,7 +1735,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: policyreports.wgpolicyk8s.io spec: group: wgpolicyk8s.io @@ -1988,7 +1988,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: reportchangerequests.kyverno.io spec: group: kyverno.io @@ -2239,7 +2239,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno-service-account namespace: kyverno --- @@ -2253,7 +2253,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 rbac.authorization.k8s.io/aggregate-to-admin: "true" name: kyverno:admin-policies rules: @@ -2275,7 +2275,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 rbac.authorization.k8s.io/aggregate-to-admin: "true" name: kyverno:admin-policyreport rules: @@ -2297,7 +2297,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 rbac.authorization.k8s.io/aggregate-to-admin: "true" name: kyverno:admin-reportchangerequest rules: @@ -2319,7 +2319,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:customresources rules: - apiGroups: @@ -2365,7 +2365,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:generatecontroller rules: - apiGroups: @@ -2400,7 +2400,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:leaderelection rules: - apiGroups: @@ -2424,7 +2424,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:policycontroller rules: - apiGroups: @@ -2447,7 +2447,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:userinfo rules: - apiGroups: @@ -2473,7 +2473,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:webhook rules: - apiGroups: @@ -2525,7 +2525,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:customresources roleRef: apiGroup: rbac.authorization.k8s.io @@ -2546,7 +2546,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:generatecontroller roleRef: apiGroup: rbac.authorization.k8s.io @@ -2567,7 +2567,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:leaderelection roleRef: apiGroup: rbac.authorization.k8s.io @@ -2588,7 +2588,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:policycontroller roleRef: apiGroup: rbac.authorization.k8s.io @@ -2609,7 +2609,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:userinfo roleRef: apiGroup: rbac.authorization.k8s.io @@ -2630,7 +2630,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:webhook roleRef: apiGroup: rbac.authorization.k8s.io @@ -2655,7 +2655,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: init-config namespace: kyverno --- @@ -2669,7 +2669,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno-svc namespace: kyverno spec: @@ -2691,7 +2691,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno-svc-metrics namespace: kyverno spec: @@ -2713,7 +2713,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno namespace: kyverno spec: @@ -2731,7 +2731,7 @@ spec: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 spec: containers: - args: @@ -2746,7 +2746,7 @@ spec: fieldPath: metadata.namespace - name: KYVERNO_SVC value: kyverno-svc - image: ghcr.io/kyverno/kyverno:v1.4.1 + image: ghcr.io/kyverno/kyverno:v1.4.2-rc1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 2 @@ -2791,7 +2791,7 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: true initContainers: - - image: ghcr.io/kyverno/kyvernopre:v1.4.1 + - image: ghcr.io/kyverno/kyvernopre:v1.4.2-rc1 imagePullPolicy: IfNotPresent name: kyverno-pre resources: diff --git a/definitions/kustomization.yaml b/definitions/kustomization.yaml index 4a3270728c..62b2e4afd7 100755 --- a/definitions/kustomization.yaml +++ b/definitions/kustomization.yaml @@ -12,7 +12,7 @@ resources: images: - name: ghcr.io/kyverno/kyverno newName: ghcr.io/kyverno/kyverno - newTag: v1.4.1 + newTag: v1.4.2-rc1 - name: ghcr.io/kyverno/kyvernopre newName: ghcr.io/kyverno/kyvernopre - newTag: v1.4.1 + newTag: v1.4.2-rc1 diff --git a/definitions/labels.yaml b/definitions/labels.yaml index 58640196db..ba4826a988 100644 --- a/definitions/labels.yaml +++ b/definitions/labels.yaml @@ -9,7 +9,7 @@ labels: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 fieldSpecs: - path: metadata/labels create: true diff --git a/definitions/release/install.yaml b/definitions/release/install.yaml index 956df12082..00cbdcbee2 100755 --- a/definitions/release/install.yaml +++ b/definitions/release/install.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno --- apiVersion: apiextensions.k8s.io/v1 @@ -23,7 +23,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: clusterpolicies.kyverno.io spec: group: kyverno.io @@ -125,6 +125,11 @@ spec: name: description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). type: string + names: + description: 'Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".' + items: + type: string + type: array namespaceSelector: description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' properties: @@ -275,6 +280,11 @@ spec: name: description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). type: string + names: + description: 'Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".' + items: + type: string + type: array namespaceSelector: description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' properties: @@ -405,7 +415,7 @@ spec: maxLength: 63 type: string preconditions: - description: AnyAllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. This too can be made to happen in a logical-manner where in some situation all the conditions need to pass and in some other situation, atleast one condition is enough to pass. For the sake of backwards compatibility, it can be populated with []kyverno.Condition. + description: 'Preconditions are used to determine if a policy rule should be applied by evaluating a set of conditions. The declaration can contain nested `any` or `all` statements. A direct list of conditions (without `any` or `all` statements is supported for backwards compatibility but will be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/' x-kubernetes-preserve-unknown-fields: true validate: description: Validation is used to validate matching resources. @@ -414,10 +424,10 @@ spec: description: AnyPattern specifies list of validation patterns. At least one of the patterns must be satisfied for the validation rule to succeed. x-kubernetes-preserve-unknown-fields: true deny: - description: Deny defines conditions to fail the validation rule. + description: Deny defines conditions used to pass or fail a validation rule. properties: conditions: - description: specifies the set of conditions to deny in a logical manner For the sake of backwards compatibility, it can be populated with []kyverno.Condition. + description: 'Multiple conditions can be declared under an `any` or `all` statement. A direct list of conditions (without `any` or `all` statements) is also supported for backwards compatibility but will be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/validate/#deny-rules' x-kubernetes-preserve-unknown-fields: true type: object message: @@ -427,6 +437,19 @@ spec: description: Pattern specifies an overlay-style pattern used to check resources. x-kubernetes-preserve-unknown-fields: true type: object + verifyImages: + description: VerifyImages is used to verify image signatures and mutate them to add a digest + items: + description: ImageVerification validates that images that match the specified pattern are signed with the supplied public key. Once the image is verified it is mutated to include the SHA digest retrieved during the registration. + properties: + image: + description: 'Image is the image name consisting of the registry address, repository, image, and tag. Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.' + type: string + key: + description: Key is the PEM encoded public key that the image is signed with. + type: string + type: object + type: array type: object type: array validationFailureAction: @@ -517,7 +540,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: clusterpolicyreports.wgpolicyk8s.io spec: group: wgpolicyk8s.io @@ -770,7 +793,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: clusterreportchangerequests.kyverno.io spec: group: kyverno.io @@ -1023,7 +1046,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: generaterequests.kyverno.io spec: group: kyverno.io @@ -1195,7 +1218,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: policies.kyverno.io spec: group: kyverno.io @@ -1297,6 +1320,11 @@ spec: name: description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). type: string + names: + description: 'Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".' + items: + type: string + type: array namespaceSelector: description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' properties: @@ -1447,6 +1475,11 @@ spec: name: description: Name is the name of the resource. The name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). type: string + names: + description: 'Names are the names of the resources. Each name supports wildcard characters "*" (matches zero or many characters) and "?" (at least one character). NOTE: "Name" is being deprecated in favor of "Names".' + items: + type: string + type: array namespaceSelector: description: 'NamespaceSelector is a label selector for the resource namespace. Label keys and values in `matchLabels` support the wildcard characters `*` (matches zero or many characters) and `?` (matches one character).Wildcards allows writing label selectors like ["storage.k8s.io/*": "*"]. Note that using ["*" : "*"] matches any key and value but does not match an empty label set.' properties: @@ -1577,7 +1610,7 @@ spec: maxLength: 63 type: string preconditions: - description: AnyAllConditions enable variable-based conditional rule execution. This is useful for finer control of when an rule is applied. A condition can reference object data using JMESPath notation. This too can be made to happen in a logical-manner where in some situation all the conditions need to pass and in some other situation, atleast one condition is enough to pass. For the sake of backwards compatibility, it can be populated with []kyverno.Condition. + description: 'Preconditions are used to determine if a policy rule should be applied by evaluating a set of conditions. The declaration can contain nested `any` or `all` statements. A direct list of conditions (without `any` or `all` statements is supported for backwards compatibility but will be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/preconditions/' x-kubernetes-preserve-unknown-fields: true validate: description: Validation is used to validate matching resources. @@ -1586,10 +1619,10 @@ spec: description: AnyPattern specifies list of validation patterns. At least one of the patterns must be satisfied for the validation rule to succeed. x-kubernetes-preserve-unknown-fields: true deny: - description: Deny defines conditions to fail the validation rule. + description: Deny defines conditions used to pass or fail a validation rule. properties: conditions: - description: specifies the set of conditions to deny in a logical manner For the sake of backwards compatibility, it can be populated with []kyverno.Condition. + description: 'Multiple conditions can be declared under an `any` or `all` statement. A direct list of conditions (without `any` or `all` statements) is also supported for backwards compatibility but will be deprecated in the next major release. See: https://kyverno.io/docs/writing-policies/validate/#deny-rules' x-kubernetes-preserve-unknown-fields: true type: object message: @@ -1599,6 +1632,19 @@ spec: description: Pattern specifies an overlay-style pattern used to check resources. x-kubernetes-preserve-unknown-fields: true type: object + verifyImages: + description: VerifyImages is used to verify image signatures and mutate them to add a digest + items: + description: ImageVerification validates that images that match the specified pattern are signed with the supplied public key. Once the image is verified it is mutated to include the SHA digest retrieved during the registration. + properties: + image: + description: 'Image is the image name consisting of the registry address, repository, image, and tag. Wildcards (''*'' and ''?'') are allowed. See: https://kubernetes.io/docs/concepts/containers/images.' + type: string + key: + description: Key is the PEM encoded public key that the image is signed with. + type: string + type: object + type: array type: object type: array validationFailureAction: @@ -1689,7 +1735,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: policyreports.wgpolicyk8s.io spec: group: wgpolicyk8s.io @@ -1942,7 +1988,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: reportchangerequests.kyverno.io spec: group: kyverno.io @@ -2193,7 +2239,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno-service-account namespace: kyverno --- @@ -2207,7 +2253,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 rbac.authorization.k8s.io/aggregate-to-admin: "true" name: kyverno:admin-policies rules: @@ -2229,7 +2275,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 rbac.authorization.k8s.io/aggregate-to-admin: "true" name: kyverno:admin-policyreport rules: @@ -2251,7 +2297,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 rbac.authorization.k8s.io/aggregate-to-admin: "true" name: kyverno:admin-reportchangerequest rules: @@ -2273,7 +2319,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:customresources rules: - apiGroups: @@ -2301,6 +2347,7 @@ rules: - patch - update - watch + - deletecollection - apiGroups: - apiextensions.k8s.io resources: @@ -2318,7 +2365,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:generatecontroller rules: - apiGroups: @@ -2353,7 +2400,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:leaderelection rules: - apiGroups: @@ -2377,7 +2424,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:policycontroller rules: - apiGroups: @@ -2400,7 +2447,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:userinfo rules: - apiGroups: @@ -2426,7 +2473,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:webhook rules: - apiGroups: @@ -2478,7 +2525,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:customresources roleRef: apiGroup: rbac.authorization.k8s.io @@ -2499,7 +2546,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:generatecontroller roleRef: apiGroup: rbac.authorization.k8s.io @@ -2520,7 +2567,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:leaderelection roleRef: apiGroup: rbac.authorization.k8s.io @@ -2541,7 +2588,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:policycontroller roleRef: apiGroup: rbac.authorization.k8s.io @@ -2562,7 +2609,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:userinfo roleRef: apiGroup: rbac.authorization.k8s.io @@ -2583,7 +2630,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno:webhook roleRef: apiGroup: rbac.authorization.k8s.io @@ -2597,6 +2644,7 @@ subjects: apiVersion: v1 data: excludeGroupRole: system:serviceaccounts:kube-system,system:nodes,system:kube-scheduler + generateSuccessEvents: "false" resourceFilters: '[Event,*,*][*,kube-system,*][*,kube-public,*][*,kube-node-lease,*][Node,*,*][APIService,*,*][TokenReview,*,*][SubjectAccessReview,*,*][SelfSubjectAccessReview,*,*][*,kyverno,*][Binding,*,*][ReplicaSet,*,*][ReportChangeRequest,*,*][ClusterReportChangeRequest,*,*][PolicyReport,*,*][ClusterPolicyReport,*,*]' kind: ConfigMap metadata: @@ -2607,7 +2655,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: init-config namespace: kyverno --- @@ -2621,7 +2669,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno-svc namespace: kyverno spec: @@ -2643,7 +2691,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno-svc-metrics namespace: kyverno spec: @@ -2665,7 +2713,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 name: kyverno namespace: kyverno spec: @@ -2683,7 +2731,7 @@ spec: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.1 + app.kubernetes.io/version: v1.4.2-rc1 spec: containers: - args: @@ -2698,7 +2746,7 @@ spec: fieldPath: metadata.namespace - name: KYVERNO_SVC value: kyverno-svc - image: ghcr.io/kyverno/kyverno:v1.4.1 + image: ghcr.io/kyverno/kyverno:v1.4.2-rc1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 2 @@ -2743,7 +2791,7 @@ spec: readOnlyRootFilesystem: true runAsNonRoot: true initContainers: - - image: ghcr.io/kyverno/kyvernopre:v1.4.1 + - image: ghcr.io/kyverno/kyvernopre:v1.4.2-rc1 imagePullPolicy: IfNotPresent name: kyverno-pre resources: