From 27af5066d2a30a4c5d1789b6c5603b14beb1a2f3 Mon Sep 17 00:00:00 2001
From: Jim Bugwadia <jim@nirmata.com>
Date: Fri, 7 May 2021 19:26:57 -0700
Subject: [PATCH 1/3] update star link

Signed-off-by: Jim Bugwadia <jim@nirmata.com>
---
 README.md | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/README.md b/README.md
index 68ef46b5da..1bbb58cc67 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
 # Kyverno [![Tweet](https://img.shields.io/twitter/url/http/shields.io.svg?style=social)](https://twitter.com/intent/tweet?text=Kubernetes%20Native%20Policy%20Management.%20No%20new%20language%20required%21&url=https://github.com/kyverno/kyverno/&hashtags=kubernetes,devops)
 
-**Kubernetes Native Policy Management**
+**Kubernetes Native Policy Management 🎉**
 
 ![build](https://github.com/kyverno/kyverno/workflows/build/badge.svg) 
 ![prereleaser](https://github.com/kyverno/kyverno/workflows/prereleaser/badge.svg) 
@@ -11,30 +11,27 @@
 
 <a href="https://kyverno.io" rel="kyverno.io">![logo](img/Kyverno_Horizontal.png)</a>
 
-<p class="callout info" style="font-size: 2000%;">
+<p class="callout info" style="font-size: 100%;">
 Kyverno is a policy engine designed for Kubernetes. It can validate, mutate, and generate configurations using admission controls and background scans. Kyverno policies are Kubernetes resources and do not require learning a new language. Kyverno is designed to work nicely with tools you already use like kubectl, kustomize, and Git.
 </p>
 
-## Documentation
+## 📙 Documentation 
 
 Kyverno guides and reference documents are available at: <a href="https://kyverno.io/">kyverno.io</a>. 
 
 Try the [quick start guide](https://kyverno.io/docs/introduction/#quick-start) to install Kyverno and create your first policy.
 
-## Contributing
+## ➕ Contributing
 
 Checkout out the Kyverno <a href="https://kyverno.io/community">Community</a> page for ways to get involved and details on joining our next community meeting.
 
-## Getting Help
+## 🙋‍♂️ Getting Help
+
+* For feature requests and bugs, file an [issue](https://github.com/kyverno/kyverno/issues).
+* For discussions or questions, join the **#kyverno** channel on the [Kubernetes Slack](https://kubernetes.slack.com/)
+* For community meeting access join the [mailing list](https://groups.google.com/g/kyverno).
+* To get updates ⭐️ [star this repository](https://github.com/kyverno/kyverno/stargazers).
 
-- For feature requests and bugs, file an [issue](https://github.com/kyverno/kyverno/issues).
-- For discussions or questions, join the **#kyverno** channel on the [Kubernetes Slack](https://kubernetes.slack.com/) or the [mailing list](https://groups.google.com/g/kyverno).
-
-## Spread The Love
-
-We built Kyverno to make it easy to secure and manage Kubernetes configurations. If you like the project, [let us know](https://github.com/kyverno/kyverno/stargazers)!
-
-[![Stargazers over time](https://starchart.cc/kyverno/kyverno.svg)](https://starchart.cc/kyverno/kyverno)
 
 
 

From a65a85e55cebc40fdc58fb0acadbd261e1c9de66 Mon Sep 17 00:00:00 2001
From: Simon Metzger <smnmtzgr@gmail.com>
Date: Mon, 10 May 2021 19:14:08 +0200
Subject: [PATCH 2/3] allow only supplementalGroups greater 0 (#1901)

Signed-off-by: Metzger, Simon <smnmtzgr@gmail.com>
---
 .../templates/policies/restricted/require-non-root-groups.yaml  | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/kyverno/templates/policies/restricted/require-non-root-groups.yaml b/charts/kyverno/templates/policies/restricted/require-non-root-groups.yaml
index 4b950c3a4b..843a49370b 100644
--- a/charts/kyverno/templates/policies/restricted/require-non-root-groups.yaml
+++ b/charts/kyverno/templates/policies/restricted/require-non-root-groups.yaml
@@ -48,7 +48,7 @@ spec:
         pattern:
           spec:
             =(securityContext):
-              =(supplementalGroups): ["null"]
+              =(supplementalGroups): ">0"
     - name: check-fsGroup
       match:
         resources:

From edd33a6d0961c7688c8bf8aeefc6c23a179bb42a Mon Sep 17 00:00:00 2001
From: Shuting Zhao <shutting06@gmail.com>
Date: Mon, 10 May 2021 10:18:38 -0700
Subject: [PATCH 3/3] tag v1.3.6-rc4

Signed-off-by: Shuting Zhao <shutting06@gmail.com>
---
 charts/kyverno/Chart.yaml        | 4 ++--
 definitions/install.yaml         | 4 ++--
 definitions/kustomization.yaml   | 4 ++--
 definitions/release/install.yaml | 4 ++--
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml
index 63d7ca7cbe..12c9fd9b8b 100644
--- a/charts/kyverno/Chart.yaml
+++ b/charts/kyverno/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: kyverno
-version: v1.3.6-rc3
-appVersion: v1.3.6-rc3
+version: v1.3.6-rc4
+appVersion: v1.3.6-rc4
 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
 description: Kubernetes Native Policy Management
 keywords:
diff --git a/definitions/install.yaml b/definitions/install.yaml
index 648b1256df..dd91e0fa00 100644
--- a/definitions/install.yaml
+++ b/definitions/install.yaml
@@ -2441,7 +2441,7 @@ spec:
               fieldPath: metadata.namespace
         - name: KYVERNO_SVC
           value: kyverno-svc
-        image: ghcr.io/kyverno/kyverno:v1.3.6-rc3
+        image: ghcr.io/kyverno/kyverno:v1.3.6-rc4
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 2
@@ -2483,7 +2483,7 @@ spec:
           readOnlyRootFilesystem: true
           runAsNonRoot: true
       initContainers:
-      - image: ghcr.io/kyverno/kyvernopre:v1.3.6-rc3
+      - image: ghcr.io/kyverno/kyvernopre:v1.3.6-rc4
         imagePullPolicy: IfNotPresent
         name: kyverno-pre
         resources:
diff --git a/definitions/kustomization.yaml b/definitions/kustomization.yaml
index 153186d943..2957fc1743 100755
--- a/definitions/kustomization.yaml
+++ b/definitions/kustomization.yaml
@@ -8,7 +8,7 @@ resources:
 images:
 - name: ghcr.io/kyverno/kyverno
   newName: ghcr.io/kyverno/kyverno
-  newTag: v1.3.6-rc3
+  newTag: v1.3.6-rc4
 - name: ghcr.io/kyverno/kyvernopre
   newName: ghcr.io/kyverno/kyvernopre
-  newTag: v1.3.6-rc3
+  newTag: v1.3.6-rc4
diff --git a/definitions/release/install.yaml b/definitions/release/install.yaml
index 648b1256df..dd91e0fa00 100755
--- a/definitions/release/install.yaml
+++ b/definitions/release/install.yaml
@@ -2441,7 +2441,7 @@ spec:
               fieldPath: metadata.namespace
         - name: KYVERNO_SVC
           value: kyverno-svc
-        image: ghcr.io/kyverno/kyverno:v1.3.6-rc3
+        image: ghcr.io/kyverno/kyverno:v1.3.6-rc4
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 2
@@ -2483,7 +2483,7 @@ spec:
           readOnlyRootFilesystem: true
           runAsNonRoot: true
       initContainers:
-      - image: ghcr.io/kyverno/kyvernopre:v1.3.6-rc3
+      - image: ghcr.io/kyverno/kyvernopre:v1.3.6-rc4
         imagePullPolicy: IfNotPresent
         name: kyverno-pre
         resources: