From eddd258a40121d2860de7e8111420ed1274346cb Mon Sep 17 00:00:00 2001 From: ShutingZhao Date: Thu, 7 Oct 2021 16:04:08 -0700 Subject: [PATCH] release v1.5.0-rc1 Signed-off-by: ShutingZhao --- CHANGELOG.md | 68 +++++++++++++++++++++++++- charts/kyverno-policies/Chart.yaml | 2 +- charts/kyverno/Chart.yaml | 2 +- charts/kyverno/templates/crds.yaml | 14 +++--- definitions/install.yaml | 66 ++++++++++++------------- definitions/release/kustomization.yaml | 4 +- definitions/release/labels.yaml | 2 +- 7 files changed, 112 insertions(+), 46 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7d05ebd239..8a9c0edf5c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,75 @@ ## v1.5.0-rc1 ### Note +- The Helm CRDs was switched back to kyverno chart. To upgrade using Helm, please refer to https://github.com/kyverno/website/pull/304. - With the change of dynamic webhooks, the readiness of the policy is reflected by `.status.ready`, When ready, it means the policy is ready to serve the admission requests. ### Deprecation -- To add a consistent style in flag names the following flags have been deprecated `webhooktimeout`, `gen-workers`,`disable-metrics`, `background-scan`, `auto-update-webhooks`, `profile-port`, `metrics-port` these will be removed in 1.6.0. The new flags are `webhookTimeout`, `genWorkers`, `disablMetrics`, `backgroundScan`, `autoUpdateWebhooks`,`profilePort`, `metricsPort`. +- To add a consistent style in flag names the following flags have been deprecated `webhooktimeout`, `gen-workers`,`disable-metrics`, `background-scan`, `auto-update-webhooks`, `profile-port`, `metrics-port` these will be removed in 1.6.0. The new flags are `webhookTimeout`, `genWorkers`, `disableMetrics`, `backgroundScan`, `autoUpdateWebhooks`,`profilePort`, `metricsPort` (#1991). + +### Features +- Feature/foreach validate #2443 +- Feature/foreach mutate #2493 +- Feature/cosign attest #2487 +- Make webhooks configurable #1981 +- FailurePolicy `Ignore` vs `enforcing` policies #893 +- Make failurePolicy configurable per Kyverno policy #1995 +- Add feature gate flag "auto-update-webhooks" #2321 +- Extend the "kyverno test" command to handle mutate policies #1821 + +### Enhancements +- Integrate Github Action #2349 +- Use a custom repository with verifyImages #2294 +- Add pod anti-affinity to Kyverno #1966 +- Rename 'policies.kyverno.io/patches' to reflect actual functionality #1528 +- Add global variables to CLI #1472 +- Allow configuration of test image through chart values #2410 +- Switch Helm CRDs back to kyverno chart and moving Policies to dedicated chart #2355 +- Updating Contribution Markdown #2450 +- Validate GVK in `match`/`exclude` block #2389 +- Add `PodDisruptionBudget` in Kustomize & Helm #1979 +- Upgrade Kyverno managed webhook configurations to v1 #2424 +- Allow background scanning if only request.operation is used in preconditions #1883 +- Add security vulnerability scan for the kyverno images #1557 +- Run vulnerability scan during Kyverno builds #2432 +- Sign Kyverno images and generate SBOM #2175 +- Make flag name styles consistent #1991 +- Improve init container to use DeleteCollection to remove policy reports #2477 +- Leader election for initContianer #1965 +- Sample policies should have related CLI apply/test #1994 + + +### Bug Fixes +- Autogen-controllers does not work with "any" rules #2337 +- Use `patchesJson6902` where path contains a non-zero index number causes validation failure #2100 +- CLI apply command - not filtering the resources from cluster #2417 +- Kyverno ConfigMap name not consistent in Helm/Docs and install.yaml #2347 +- Fixing helm chart documentation inconsistency #2419 +- Create/Update policy failing with custom JMESPath #2409 +- GenerateRequests are not cleaned up #2332 +- NetworkPolicy: from should be an array of objects #2423 +- Kyverno misinterprets pod spec environment variable placeholders as references #2413 +- CLI | skipped policy message is displayed even if variable is passed #2445 +- Update minio to address vulnerabilities #1953 +- No warning about background mode when using `any` / `all` in `match` or `exclude` blocks #2300 +- Flaky unit test #2406 +- Generating a Kyverno Policy throws error "Policy is unstructured" #2155 +- Network policy is not getting generated on creation of a pod #2095 +- Namespace generate policy fails with `request.operation` precondition #2226 +- Fix `any`/`all` matching logic in the background controller #2386 +- Run code-generator for 1.5 schema changes #2465 +- Generate policies with no Namespace field #2333 +- Excluding clusterRoles does not work if nested under any or all #2301 +- Fix auto-gen for `validate.foreach` #2464 +- "Auto-gen rules for pod controllers" fails when matching kind is "v1/Pod" #2415 +- Set Namespace environment variable for initContainer #2499 + + +### Others +- Cannot add label to nodes #2397 +- Purge grafana dashboard json from this project #2399 + + +Thanks to all our contributors! 😊 ## v1.4.3 diff --git a/charts/kyverno-policies/Chart.yaml b/charts/kyverno-policies/Chart.yaml index 260fbfeccd..11e353e159 100644 --- a/charts/kyverno-policies/Chart.yaml +++ b/charts/kyverno-policies/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: kyverno-policies version: v2.1.0 -appVersion: v1.4.3 +appVersion: v1.5.0-rc1 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png description: Kubernetes Native Policy Management Policies keywords: diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml index a5697dbc54..8523d0f05c 100644 --- a/charts/kyverno/Chart.yaml +++ b/charts/kyverno/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: kyverno version: v2.1.0 -appVersion: v1.4.3 +appVersion: v1.5.0-rc1 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png description: Kubernetes Native Policy Management keywords: diff --git a/charts/kyverno/templates/crds.yaml b/charts/kyverno/templates/crds.yaml index c21e5059d1..ac5d990c17 100644 --- a/charts/kyverno/templates/crds.yaml +++ b/charts/kyverno/templates/crds.yaml @@ -11,7 +11,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: clusterpolicies.kyverno.io spec: group: kyverno.io @@ -1306,7 +1306,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: clusterpolicyreports.wgpolicyk8s.io spec: group: wgpolicyk8s.io @@ -1799,7 +1799,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: clusterreportchangerequests.kyverno.io spec: group: kyverno.io @@ -2292,7 +2292,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: generaterequests.kyverno.io spec: group: kyverno.io @@ -2473,7 +2473,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: policies.kyverno.io spec: group: kyverno.io @@ -3768,7 +3768,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: policyreports.wgpolicyk8s.io spec: group: wgpolicyk8s.io @@ -4261,7 +4261,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: reportchangerequests.kyverno.io spec: group: kyverno.io diff --git a/definitions/install.yaml b/definitions/install.yaml index 0961b563b6..f6e4365f4e 100644 --- a/definitions/install.yaml +++ b/definitions/install.yaml @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno --- apiVersion: apiextensions.k8s.io/v1 @@ -23,7 +23,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: clusterpolicies.kyverno.io spec: group: kyverno.io @@ -2058,7 +2058,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: clusterpolicyreports.wgpolicyk8s.io spec: group: wgpolicyk8s.io @@ -2739,7 +2739,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: clusterreportchangerequests.kyverno.io spec: group: kyverno.io @@ -3420,7 +3420,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: generaterequests.kyverno.io spec: group: kyverno.io @@ -3616,7 +3616,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: policies.kyverno.io spec: group: kyverno.io @@ -5653,7 +5653,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: policyreports.wgpolicyk8s.io spec: group: wgpolicyk8s.io @@ -6332,7 +6332,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: reportchangerequests.kyverno.io spec: group: kyverno.io @@ -7011,7 +7011,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno-service-account namespace: kyverno --- @@ -7025,7 +7025,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 rbac.authorization.k8s.io/aggregate-to-admin: "true" name: kyverno:admin-policies rules: @@ -7047,7 +7047,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 rbac.authorization.k8s.io/aggregate-to-admin: "true" name: kyverno:admin-policyreport rules: @@ -7069,7 +7069,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 rbac.authorization.k8s.io/aggregate-to-admin: "true" name: kyverno:admin-reportchangerequest rules: @@ -7091,7 +7091,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno:customresources rules: - apiGroups: @@ -7137,7 +7137,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno:generatecontroller rules: - apiGroups: @@ -7172,7 +7172,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno:leaderelection rules: - apiGroups: @@ -7196,7 +7196,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno:policycontroller rules: - apiGroups: @@ -7219,7 +7219,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno:userinfo rules: - apiGroups: @@ -7245,7 +7245,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno:webhook rules: - apiGroups: @@ -7297,7 +7297,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno:customresources roleRef: apiGroup: rbac.authorization.k8s.io @@ -7318,7 +7318,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno:generatecontroller roleRef: apiGroup: rbac.authorization.k8s.io @@ -7339,7 +7339,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno:leaderelection roleRef: apiGroup: rbac.authorization.k8s.io @@ -7360,7 +7360,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno:policycontroller roleRef: apiGroup: rbac.authorization.k8s.io @@ -7381,7 +7381,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno:userinfo roleRef: apiGroup: rbac.authorization.k8s.io @@ -7402,7 +7402,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno:webhook roleRef: apiGroup: rbac.authorization.k8s.io @@ -7427,7 +7427,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno namespace: kyverno --- @@ -7444,7 +7444,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno-metrics namespace: kyverno --- @@ -7458,7 +7458,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno-svc namespace: kyverno spec: @@ -7480,7 +7480,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno-svc-metrics namespace: kyverno spec: @@ -7502,7 +7502,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno namespace: kyverno spec: @@ -7525,7 +7525,7 @@ spec: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 spec: affinity: podAntiAffinity: @@ -7554,7 +7554,7 @@ spec: fieldPath: metadata.namespace - name: KYVERNO_SVC value: kyverno-svc - image: ghcr.io/kyverno/kyverno:v1.4.3 + image: ghcr.io/kyverno/kyverno:v1.5.0-rc1 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 2 @@ -7606,7 +7606,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: ghcr.io/kyverno/kyvernopre:v1.4.3 + image: ghcr.io/kyverno/kyvernopre:v1.5.0-rc1 imagePullPolicy: IfNotPresent name: kyverno-pre resources: @@ -7638,7 +7638,7 @@ metadata: app.kubernetes.io/managed-by: Kustomize app.kubernetes.io/name: kyverno app.kubernetes.io/part-of: kyverno - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 name: kyverno namespace: kyverno spec: diff --git a/definitions/release/kustomization.yaml b/definitions/release/kustomization.yaml index 4206cc4c9a..fb7d9a41cf 100755 --- a/definitions/release/kustomization.yaml +++ b/definitions/release/kustomization.yaml @@ -9,6 +9,6 @@ transformers: images: - name: ghcr.io/kyverno/kyverno - newTag: v1.4.3 + newTag: v1.5.0-rc1 - name: ghcr.io/kyverno/kyvernopre - newTag: v1.4.3 + newTag: v1.5.0-rc1 diff --git a/definitions/release/labels.yaml b/definitions/release/labels.yaml index bc4e08dfeb..70e18291a5 100644 --- a/definitions/release/labels.yaml +++ b/definitions/release/labels.yaml @@ -4,7 +4,7 @@ kind: LabelTransformer metadata: name: labelTransformer labels: - app.kubernetes.io/version: v1.4.3 + app.kubernetes.io/version: v1.5.0-rc1 fieldSpecs: - path: metadata/labels create: true