Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(github/crds-kyverno): update v1.10.3 ➼ v1.13.2 #1485

Closed
wants to merge 1 commit into from
Closed

feat(github/crds-kyverno): update v1.10.3 ➼ v1.13.2 #1485

wants to merge 1 commit into from

Conversation

tinfoild[bot]
Copy link
Contributor

@tinfoild tinfoild bot commented Dec 10, 2024
edited
Loading

This PR contains the following updates:

Package Update Change OpenSSF
crds-kyverno minor v1.10.3 -> v1.13.2 OpenSSF Scorecard

Release Notes

kyverno/kyverno (crds-kyverno)

v1.13.2

Compare Source

❗ Important Notice ❗

  • Fixed the breaking change in the Kyverno Helm chart by adding the conversion function regarding the config.webhooks field (#​11651)

✨ Added ✨

  • Added manifestIndex to ImageRegistry context (#​9883)
  • Added a new field patchedResources in the test results to specify patched resources (#​11297, #​11686)
  • Supported label selector context variable in the mutate existing rule (#​11608)
Helm

🐛 Fixed 🐛

  • Fixed webhook reconciliation by the policy type (#​11580)
  • Used generate name for background scan reports (#​11586)
  • Added missing error check for the generate rule(#​11587)
  • Returned nil error when trigger resource of a generate rule is not found for a subresource (#​11594)
  • Opened the mutated resources file in append mode to allow additions to it (#​11619)
  • Fixed the issue to print generate output in CLI (#​11634)
  • Properly verified precondition in old object validation (#​11644, #​11591)
  • Fixed metrics-server Helm installation in Makefile (#​11717)
Helm
  • Fixed global image registry bug in 3.3.3 (#​11604)
  • Fixed the merging of policyExclude customizations to avoid wrong overrides in kyverno-policies chart (#​11653)

🔧 Others 🔧

v1.13.1

Compare Source

✨ Added ✨

  • Added the validation check for webhook configurations using CEL (#​11461)

🐛 Fixed 🐛

  • Skipped Azure keychain-based login for MCR registry (#​11480)
  • Fixed a validate issue to match failure action case-insensitively when validating an old object (#​11486)
  • Fixed the missing emitWarning field in the v2beta1 policy (#​11489)
  • Fixed the CLI to support VAP stable version v1 (#​11501)
  • Fixed the auto-gen rules regarding celPreconditions (#​11503)
  • Fixed a CLI issue by setting the default namespace for namespaced policies (#​11505)
  • Fixed the configurable namespaceSelector list in the webhook (#​11516)
  • Fixed an issue that the image verification rule blocks resource's update (#​11529)
  • Fixed the policy validation message to include keywords "immutable fields" (#​11549)
  • Fixed a panic issue for the admission controller when processing the validate rule (#​11550)
Helm
  • Corrected Helm configuration behavior for global image registry (#​11482)

🔧 Others 🔧

  • Switched to use the digest instead of the tag (#​11492)

v1.13.0

Compare Source

Note
  • Removed deprecated flag reportsChunkSize.
  • Added --tufRootRaw flag to pass tuf root for custom sigstore deployments.

v1.12.6

Compare Source

🐛 Fixed 🐛

  • Change: Disable updaterequest cleanup cronjob (#​10678)
  • Fix(helm): Remove namespace from RoleBinding/roleRef field (#​10685)
  • Fix: Properly use useCache field in image verification policies (#​10709)
  • Fix: Check for the client being nil before applying a mutation (#​10726)
  • Fix: Resource namespace checks for Kyverno CLI (#​10738)
  • Fix: Range through all resources to build webhook (#​10748)
  • Fix: Get namespace labels before creating a policy context (#​10773)
  • Fix: Wrong evaluation of pod security standard version (#​10924)
  • Fix: Frequent API GET/UPDATE requests regarding webhooks reconciliation when no policies (#​11203, #​11225, #​11230, #​11233)

🔧 Others 🔧

v1.12.5

Compare Source

✨ Added ✨

  • Added the circuit breaker for ephemeralreports generated from the admission events which is used to create policy reports (#​10499, #​10596, #​10610, #​10613)
  • Added the circuit breaker for updaterequests which is used to apply generate and mutate existing rules (#​10382)

🐛 Fixed 🐛

  • Fixed an issue for generate policies to correctly validate patterns for old and new objects (#​10310)
  • Fixed a CLI issue to get namespace's labels in the cluster mode (#​10348)
  • Normalized Global Context event's reason to be inline with other policies (#​10395)
  • Fixed the ephemeralreports to use generate name to avoid duplicate names (#​10491)
  • Fixed notary tests (#​10579)
  • Fixed to delete resources for the cleanup policy (#​10582)
  • Fixed a log issue to not append cleanup policy names (#​10583)
  • Fixed CEL policies to be applied to deleted resources (#​10611)
  • Fixed an Json context issue to delete non-exist old values for foreach rules (#​10615)
  • Renamed level 1 logs to INFO from DEBUG (#​10617)
  • Truncated event messages to 1024 chars (#​10636)
  • Fixed mutatingwebhookconfiguraition configured rules (#​10639)

🔧 Others 🔧

v1.12.4

Compare Source

❗Important Notice ❗

If you are running 1.12, please upgrade to this version to pick up the fix for the ephemeralreports piling-up issue. Check this post and understand how to recover from an ETCD outage:

Amazon EKS- managing and fixing ETCD database size

[updated] If you are seeing consistent creation of ephemeralreports, you can:

  1. disable reporting for admission events, please see this comment.
  2. tune --aggregationWorkers to increase the capacity of consuming ephemeralreports, see this comment. It can be configured directly via the container flag, or through Helm extraArgs.
  3. as a user of Argo CD, check whether something is causing continuous reconcile operations.

You can also find the script to delete a large number of reports here, thanks to @​andrew-bulford-form3.

🐛 Fixed 🐛

🔧 Others 🔧

v1.12.3

Compare Source

❗Important Notice ❗

If you are running 1.12, please upgrade to v1.12.4 to pick up the fix for the ephemeralreports piling-up issue. Check this post and
understand how to recover from an ETCD outage:

Amazon EKS- managing and fixing ETCD database size

If you are seeing consistent creation of ephemeralreports, please track this issue to avoid creation of too many ephemeralreports.

✨ Added ✨

  • Added support for background scanning of existing resource in image verification (#​10311)
  • Added a cleanup cronjob to delete updaterequests (#​10326)
  • Added cleanup cronjobs for (cluster)ephemeralreports (#​10334)
  • Add aggregation workers flag to configure (cluster)ephemeralreports consumer (#​10343)

🔧 Others 🔧

v1.12.2

Compare Source

❗Important Notice ❗

If you are running 1.12, please upgrade to v1.12.4 to pick up the fix for the ephemeralreports piling-up issue. Check this post and
understand how to recover from an ETCD outage:

Amazon EKS- managing and fixing ETCD database size

If you are seeing consistent creation of ephemeralreports, please track this issue to avoid creation of too many ephemeralreports.

✨ Added ✨

  • Added an option to allow kyverno apply command to continue on failure (#​10036)
Helm
  • Added an option to configure webhook pod annotations (#​9875)

🐛 Fixed 🐛

  • Fixed missing CONNECT operation in the webhook config for pod/exec subresource (#​9855)
  • Fixed an issue to evaluate multiple policyexceptions regardless of condition failures (#​9994)
  • Fixed the VAPs generation issues for pods/ephemeralcontainers, resourceNames field (#​10162, #​10187, #​10208)
  • Fixed the mutate existing policies to be applied on matched resources only (#​10164)
  • Fixed an issue to skip generating VAPs for policies that match multiple resources with a namespace/object selector (#​10181)
  • Fixed a CLI issue when the level parameter of the apply and test commands does not work (#​10216)
  • Fixed CVEs (#​10225)
  • Fixed an issue when applying multiple validate rules produces the wrong result (#​10236)
  • Fixed context canceled issue when creating reports (#​10245)
  • Fixed an issue in foreach mutate policies with Descending order defined causing unexpected patches (#​10252)
  • Fixed an event generation issue when the size exceeds the limit (#​10255)
  • Fixed operation-based webhook configuration issue when there are multiple policies matching the same kind (#​10262)
  • Fixed flake VAPs tests (#​10263)
  • Fixed a CLI issue when loading policies from the filesystem (#​10270)
  • Fixed webhook configuration update loop (#​10274)
  • Fixed an issue when a rule has both conditional and equality anchors defined (https://github.com/kyverno/kyverno/issues/10117)

🔧 Others 🔧

  • Made CLI results count public (#​10177)
  • Added a new linter prealloc to enforce slice declarations best practice (#​10250)

v1.12.1

Compare Source

❗Important Notice ❗

If you are running 1.12, please upgrade to v1.12.4 to pick up the fix for the ephemeralreports piling-up issue. Check this post and
understand how to recover from an ETCD outage:

Amazon EKS- managing and fixing ETCD database size

If you are seeing consistent creation of ephemeralreports, please track this issue to avoid creation of too many ephemeralreports.

🐛 Fixed 🐛

  • Fixed return status when celPreconditions.matchConditions aren't met (#​9940)
  • Fixed the CLI to evaluate namespaceObject for Kyverno policies (#​9977, #​9978)
  • Fixed concurrent policy applications (#​10139)
  • Fixed endless updates of policy status (#​10140)
  • Fixed empty operations in mutating webhook configuration for a policy with a mixed types of rules (#​10146)
  • Fixed endless policy reports reconciliation issue (#​10148)
  • Fixed type conversion in jmespath context variables (#​10152)

🔧 Others 🔧

v1.12.0

Compare Source

1.12 Release Notes

❗ Importance Notice ❗

If you are running 1.12, please upgrade to v1.12.4 to pick up the fix for the ephemeralreports piling-up issue. Check this post and
understand how to recover from an ETCD outage:

Amazon EKS- managing and fixing ETCD database size

If you are seeing consistent creation of ephemeralreports, please track this issue to avoid creation of too many ephemeralreports.

Several critical issues are found in 1.12.0 and are being closely monitored within the 1.12.1 milestone. Please hold your upgrade to this release until 1.12.1 comes out.

❗ Breaking (Potentially) ❗

  • Policies using long-deprecated or invalid operators in conditions (ex., In and NotIn) will be blocked. Please see the current list of available operators here (#​8624)

✨ Added ✨

  • Added a global cache via a new Custom Resource called GlobalContextEntry allowing caching of any resource (#​9591, #​9595, #​9601, #​9602, #​9614, #​9615, #​9618, #​9619, #​9620, #​9621, #​9643, #​9652, #​9678, #​9710, #​9813)
  • Added the ability to configure the listening ports of webhooks for admission and cleanup controllers (#​7728)
  • Several new and improved abilities to reduce the scope of webhooks based on policy configurations, including support for the CEL-based matchConditions available in Kubernetes 1.27+ (#​8065, #​8437, #​9483, #​9599)
  • Added a new container flag --protectManagedResources to the cleanup controller (#​8566)
  • Added a new container flag --renewBefore to the admission cleanup controllers to configure the cert renewal time (#​8567)
  • Added a new container flag --loggingtsFormat which can be used to change the time format of logs (#​9276)
  • Policy Exceptions now support conditions (#​8577)
  • Policy Exceptions now support excluding specific controls when using a Pod Security sub-rule validate.podSecurity (#​9343, #​9817)
  • Pod Security sub-rule (validate.podSecurity) has a new ability to exclude based on restricted fields (exclude.restrictedField and associated values (#​8585, #​9770, #​9658)
  • Added a new field to verifyImages rules called skipImageReferences allowing you to exclude certain images (#​8633)
  • Added a new field to generate rules (data-type) called orphanDownstreamOnPolicyDelete which will preserve downstream resources when the policy/rule is deleted (#​9579)
  • Added the ability to deploy specific controllers with CRDs following suit (#​8849, #​9608)
  • Added the ability to apply custom labels to Kyverno's webhooks, helpful especially for Argo CD users (#​9015)
  • Added support for more types of JSON patch operations like "move", "copy", and "test" (#​9476)
  • Policy Reports can now be generated from ValidatingAdmissionPolicies and their bindings (#​9506)
  • Created a new API group reports.kyverno.io for storing new ephemeral report kinds EphemeralReports and ClusterEphemeralReports (#​9521, #​9537)
  • New is_external_url() JMESPath function to determine whether a given URL is an external URL (#​8614)
  • New sha256() JMESPath function to convert a string of any length to a fixed hash value (#​9144)
  • Kyverno CLI: Added a new migrate command which is used to migrate Kyverno resources to the current API version (#​9296)
  • Kyverno CLI: Added a new (experimental) json command which incorporates the Kyverno JSON subproject into the main CLI allowing for testing of any JSON content (#​9639, #​9651)
  • Kyverno CLI: The test command now supports the same assertion trees available in Chainsaw (#​9380)
  • Kyverno CLI: The apply command now supports ValidatingAdmissionPolicyBindings (#​9468, #​9751, #​9759)
  • Kyverno CLI: apply and test commands now support Policy Exceptions (#​9525, #​9624, #​9714, #​9749)
  • Kyverno CLI: Added a --resources flag as an alias for the existing --resource flag (#​9749)
Helm
  • Add chart parameters for setting revisionHistoryLimit (#​8907)
  • Allow excluding resources from config.resourceFilters (#​8946)
  • Allow defining ca-certificates bundle for Kyverno deployments (#​8969)
  • Clean up Helm change logs (#​9057)
  • Added ability to set extra environment variables globally (#​9269)
  • Added the ability to enable performance profiling to the chart (#​9338)
  • Added a global nodeSelector to the chart (#​9339)
  • Allow adding Pod labels to cleanup jobs in the chart (#​9391)
  • Added a CRD migration capability via hooks to the chart (#​9481, #​9657)
  • Added the ability to define additional resources to be excluded via resourceFilters (#​9530)
  • Added a small note for AKS users when the chart is installed (#​9552)
  • Added the ability to configure backoff limits in jobs in the chart (#​9569)
  • Added default exclusions in webhooks (#​9950)

⚠️ Changed ⚠️

  • Allow setting admission controller replica count to 2 (#​8932)
  • The spec.schemaValidation field is formally deprecated. As of 1.11 it has no effect. (#​9189)
  • The --reportsChunkSize flag is deprecated and has no effect since aggregation has changed (#​9697)
  • The --imageSignatureRepository flag is deprecated and has no effect, use the verifyImages.Repository field instead (#​9698)
  • Policy Exceptions will now be evaluated against existing resources when the exception is created (#​8659, #​8713, #​8544)
  • Policy Exceptions API graduated to v2 (#​9208, #​9412)
  • Cleanup Policies API graduated to v2 (#​9261, #​9420)
  • Admission and Background reports APIs graduated to v2 (#​9262)
  • UpdateRequests API graduated to v2 (#​9267)
  • Reduced some logged messages (#​9509, #​9626)
  • Default logging time format is changed to RFC3339 (#​9775)
  • Updated the internal Pod Security Standards up through 1.29 (#​9783)
  • The time_parse() JMESPath filter now supports epoch time (#​9173)
  • Kyverno will validate ValidatingAdmissionPolicies' CEL expressions and show a warning, or block, if invalid (#​9566)
  • Kyverno CLI: The CLI will now perform field defaulting in policies being tested, moving it out of experimental status (#​9220)
Helm
  • Chart will now omit policy applied and skipped events by default (#​9493)
  • Allow configuring the policy kind in kyverno-policies chart (#​8827)
  • Refined permissions by removing wildcards (#​9507, #​9516)
  • Rename the Grafana dashboard file from dashboard.json to kyverno-dashboard.json (#​9041)

Performance

  • Initialize JMESPath interpreter once and reuse it across searches (#​8299)
  • Optimize JSON context processing using in-memory maps (#​8322)
  • Optimize how Events are created and processed (#​9323, #​9324)
  • Optimize validate policy application by adding a worker pool (#​10056)

🐛 Fixed 🐛

  • Fixed handling of escaped variables in an expression with multiple escaped variables (#​8311)
  • Fixed an issue when verifying attestations using multiple keys (#​8880)
  • Fixed an issue causing application of mutation policies to fail even when failurePolicy was set to Ignore (#​8952)
  • Fixed an issue that allowed violating resources when a policy had validationFailureAction set to Enforce and failurePolicy of Ignore (#​8953)
  • Fixed an issue causing premature skipping of resources in validate policies with anchors defined (#​9155)
  • Fixed an issue where the -v container flag for logging was not honored (#​9163)
  • Switched a logged error to info when preconditions didn't pass in a mutate existing rule (#​9232)
  • Reports aggregation fixes and improvements (#​9697)
  • Fixed an issue preventing of generating a ValidatingAdmissionPolicy when exclude was used in the rule (#​9331)
  • Fixed an issue resulting in ValidatingAdmissionPolicies getting generated when there was a Policy Exception in place (#​9386)
  • Fixed an issue where a ValidatingAdmissionPolicy was applied to the wrong resource in background scans (#​9468)
  • Fixed an issue when generating Events associated with ValidatingAdmissionPolicies (#​9392)
  • Fixed an issue with UpdateRequests getting stuck in a perpetual Pending state when using variables from admission (#​9355)
  • Fixed an issue preventing validating image signatures on AWS with a FIPS endpoint from working (#​9416)
  • Fixed an issue preventing variables from being substituted in messages when using anyPattern validate rules (#​9713)
  • Fixed an issue where skipped policies due to preconditions were returned in denial response messages (#​9719)
  • Removed an unnecessary podSecurity check (#​9790)
  • Fixed an issue when verifying images from an insecure registry (#​9838)
  • Fixed an issue with some validate rules and the UPDATE operation (#​9893)
  • Kyverno CLI: Fixed an issue doing a test with an UPDATE operation (#​9191)
  • Kyverno CLI: Fixed applying cloneList generate policies with apply command (#​9036)
  • Kyverno CLI: Fixed a logging error (#​9238)
  • Kyverno CLI: Testing of generate rules which use the useServerSideApply field now work properly (#​9385)
  • Kyverno CLI: Fixed and issue causing the apply command to panic when applying a mutate existing rule (#​9492)
  • Kyverno CLI: Fixed an issue with the apply command where some errors weren't shown (#​9533)
  • Kyverno CLI: Fixed an issue with the apply command where a foreach with zero elements was a skip (#​9534, #​9543)
  • Kyverno CLI: Fixed a regression where the --warn-exit-code stopped working (#​9828)
  • Fixed cosign ctlog unit tests (#​9971)
  • Fixed deferred loader panic when mutate and generate policies are applied (#​9968)
  • Fixed an autogen issue where now Kyverno only generates rule for request kind (#​9997)
  • Fixed the issue where the mutex is not added to mock policy context builder (#​10059)
  • Fixed policy status reconciliation when it fails to set policy to ready (#​10047)
  • Fixed the container flag maxQueuedEvents (#​10031)
  • Fixed an issue where rekor opts are missing in cosign certificate verification and make rekor url optional (#​10025)
Helm
  • Fixed an issue deploying ServiceMonitor CR with ArgoCD via the chart (#​8913)
  • Fixed an issue preventing multiple replicas from being defined in the chart (#​9066)
  • Make role and binding names consistent (#​9482)
  • Fixed some minor issues with the Helm report cleanup jobs (#​9555)
  • Fixed a typo in the Kyverno chart README (#​8911)
Click to expand all PRs

#​10013 chore: bump chainsaw to v0.1.9
#​10025 fix: add rekor opts to cosign certificate verification and make rekor url optional
#​10039 chore: bump cosign to v2.2.4
#​10031 fix: re-use the maxQueuedEvents
#​10047 fix: policy status reconciliation
#​10056 feat(audit): use a worker pool for Audit policies
#​10059 fix: add mutex to mock policy context builder
#​9989 chore: bump kyverno-json to latest
#​9997 fix(autogen): only generate rule for request kind
#​9950 feat: set default exclusions in webhooks
#​9968 fix: deferred loader panic when mutate and generate policies are applied
#​9971 fix: cosign ctlog unit tests
#​9903 fix(globalcontext): panics and validation
#​9893 fix: properly update policy context after preexisting resource in violation check
#​9849 fix: release CRDs manifests
#​9845 fix: add missing unit tests for podSecurity.hostpathVolume check
#​9838 fix: use gcr crane opts while fetching image descriptors
#​9835 fix: remove duplicate chainsaw tests for PSA
#​9828 [Bug] [CLI] Restore warn-exit-code functionality for apply command
#​9817 fix: add podSecurity validation checks for exceptions
#​9813 fix(globalcontext): old WaitGroup not stopping
#​9791 fix: remove unnecessary podSecurity chainsaw test
#​9790 fix: remove unnecessary validation check for podSecurity rule
#​9783 update versions
#​9781 chore: add tests for exceptions in the CLI
#​9775 chore: default logging format to rfc3339
#​9770 fix: add validation check for podSecurity subrule
#​9763 chore: bump chainsaw
#​9759 feat: support bindings in Kyvenro CLI test command
#​9751 feat: apply VAP bindings in CLI apply command in offline mode
#​9749 add plural form aliases for resources and exceptions flags
#​9719 fix: Policies skipped because of preconditions not met should not be included in admission requests denial responses
#​9714 fix: add the support of v2alpha1 exceptions in the CLI
#​9713 Fix :variables are not getting processed in validation message for "anyPattern"
#​9710 feat: enhance global context
#​9709 chore: bump otel deps
#​9698 fix: remove deprecated imageSignatureRepository flag
#​9697 fix: reports aggregation
#​9691 fix: modify the conformance config name
#​9690 chore: rename admission to ephemeral in reports aggregation controller
#​9682 chore(deps): bump kyverno/action-install-chainsaw from 0.1.2 to 0.1.3
#​9680 chore: bump kind and k8s images
#​9679 fix: don't delete garbage collected policy reports
#​9678 feat(validation-webhook): validate global context reference
#​9677 feat: remove admission report controller
#​9672 feat: add chainsaw tests for exceptions
#​9667 feat: add chainsaw tests for pod security in exceptions
#​9661 test(globalcontext): add e2e tests
#​9658 [Bug] Fix message and formatting of podSecurity validation failure with restrictedField
#​9657 fix: add missing migrations
#​9652 chore(globalcontext): remove global context flag
#​9651 feat: add scan command for generic resources
#​9645 feat: add chainsaw test for policy webhook based configuration
#​9643 fix: global context validation
#​9639 feat: add root command to process generic json resources
#​9630 chore: remove renovate config
#​9628 feat: add chainsaw tests for global context crd validation
#​9626 changed the log level in match policy context
#​9624 support -e shorthand letter with --exception flag
#​9621 fix: global context crd improvements
#​9620 feat: consider maxAPICallResponseLength
#​9619 feat: add global context entry validation webhook
#​9618 chore: move global context package out of engine
#​9616 feat: use the check block for checking CLI output in chainsaw tests
#​9615 feat: update refreshInterval in globalcontext CRD to use a duration
#​9614 feat: add global context support in helm chart
#​9609 make exception in cli exportable
#​9608 sanity check in parent chart for crd-controller mismatch
#​9606 chore: enable chainsaw fail fast
#​9602 feat: add globalcontext loader and interface
#​9601 feat: add globalcontext controller
#​9600 chore(deps): bump github.com/sigstore/cosign/v2 from 2.2.2 to 2.2.3
#​9599 feat: apply .matchConditions when generating reports
#​9598 fix: client codegen not deleting old files
#​9597 fix: codecov missing token
#​9596 fix: make ApplyCommandConfig public again
#​9595 feat: add global context crd to codegen
#​9592 fix: codecov args
#​9591 feat: add global context crd
#​9585 fix: update cli docs
#​9583 test: added test for pkg/utils/policy/marshal.go
#​9579 feat (generate): add orphanDownstreamOnPolicyDelete to preserve downstream on policy deletion
#​9574 fix: nancy ignore
#​9573 chore: small nits in cli test command
#​9572 fix: omit events flag
#​9570 chore: remove reports aggregation per namespace
#​9569 configured backoff limit in chart cronjobs
#​9566 feat: Support CEL expression warnings
#​9561 chore: add chainsaw tests for policy based webhook configuration
#​9555 fix: helm chart jobs
#​9554 fix: nancy ignore
#​9553 fix: make alternate reports storage transparent
#​9552 Add Helm note for AKS users
#​9546 feat: add openapi-gen to policyreports
#​9543 fix: follow up for #​9534
#​9542 fix: CRDs codegen
#​9540 chore: bump a couple of deps
#​9539 chore: remove reference to kuttl
#​9538 test: added test for pkg/utils/admission/metadata.go
#​9537 refactor: use single type for ephemeral reports
#​9535 chore: configure gh workflows schemas
#​9534 fix: show skip when foreach with zero elements
#​9533 Fix: not showing error during policy validation error
#​9531 fix: move new reports api to top level folder
#​9530 #​9529 Support adding extra elements to the default resourceFilters list
#​9525 Support PolicyExceptions with CLI
#​9521 feat: add a new API group reports.kyverno.io
#​9520 test: added test for pkg/utils/admission/policy.go
#​9516 Move admission controller hardcoded wildcard permissions to new opt-out value
#​9515 ci: add load testing workflow
#​9509 fix: reduce logs in controllers when an item is not found
#​9507 feat: add more granular rbac rules to remove wildcards
#​9506 feat: support vap bindings in reports
#​9495 test: added test for pkg/utils/admission/exception.go
#​9493 chore(helm): omit normal events by default
#​9492 fix: kyverno apply panic for mutate policies
#​9487 chore: bump a couple of deps
#​9486 test: added test for pkg/utils/admission/cleanup.go
#​9483 feat: configure admission webhooks per policy
#​9482 fix: align clusterroles and bindings names
#​9481 feat: improve crd migration helm hooks
#​9476 feat: support all valid jsonpatches in validation webhook
#​9469 chore(contrib): add Khaled Emara as contributor
#​9468 feat: support validatingadmissionpolicybindings in CLI apply command
#​9467 update README for new features and OSS security index card
#​9465 chore: load cli image when deploying locally
#​9464 Update DEVELOPMENT.md
#​9463 fix: change generic policy to not return any
#​9461 Update CONTRIBUTORS.md
#​9459 added tests for validate foreach with 0 elements
#​9442 chore: bump otel deps
#​9440 chore: bump a couple of deps
#​9433 chore: use upstream cosign on main
#​9428 fix: nancy ignore list
#​9427 chore: bump json-patch
#​9426 chore: bump a couple of deps
#​9420 feat: migrate existing cleanup policies to the new storage version in helm hook
#​9416 feat: use awslabs keychain for AWS and gcr keychain for GCP
#​9412 feat: migrate existing policy exceptions to the new storage version in helm hook
#​9408 chore: bump bitnami/kubectl
[#​9395](https://redirect.github.com/ky

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@cloudflare-workers-and-pages Cloudflare Workers and Pages
Copy link

Deploying jjgadgets-biohazard with  Cloudflare Pages  Cloudflare Pages

Latest commit: b7a7606
Status: ✅  Deploy successful!
Preview URL: https://5fc6465d.jjgadgets-biohazard.pages.dev
Branch Preview URL: https://renovate-crds-kyverno-1-x.jjgadgets-biohazard.pages.dev

View logs

@tinfoild
Copy link
Contributor Author

tinfoild bot commented Dec 10, 2024 

--- kube/clusters/biohazard/flux Kustomization: flux-system/0-biohazard-config GitRepository: flux-system/crds-kyverno

+++ kube/clusters/biohazard/flux Kustomization: flux-system/0-biohazard-config GitRepository: flux-system/crds-kyverno

@@ -12,9 +12,9 @@

     # exclude all
     /*
     # include crd directory
     !/config/crds
   interval: 1h
   ref:
-    tag: v1.10.3
+    tag: v1.13.2
   url: https://github.com/kyverno/kyverno.git

@JJGadgets JJGadgets closed this Dec 10, 2024
@tinfoild tinfoild bot deleted the renovate/crds-kyverno-1.x branch December 11, 2024 00:20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
kube/deploy/core renovate/datasource/github-release renovate/type/minor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@JJGadgets