search

appuio / component-appuio-cloud

APPUiO Cloud
https://hub.syn.tools/appuio-cloud/index.html
BSD 3-Clause "New" or "Revised" License
0 stars 1 forks source link

Update module github.com/kyverno/kyverno to v1.9.5 #173

Open renovate[bot] opened 10 months ago

renovate[bot] commented 10 months ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/kyverno/kyverno v1.9.0 -> v1.9.5 age adoption passing confidence

Release Notes

kyverno/kyverno (github.com/kyverno/kyverno) ### [`v1.9.5`](https://togithub.com/kyverno/kyverno/releases/tag/v1.9.5) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.9.4...v1.9.5) #### πŸ› Fixed πŸ› - Removed some insecure 3DES ciphers. ([#​7308](https://togithub.com/kyverno/kyverno/issues/7308) )
Click to expand all PRs [#​7308](https://togithub.com/kyverno/kyverno/issues/7308) fix: tls cipher suites
### [`v1.9.4`](https://togithub.com/kyverno/kyverno/releases/tag/v1.9.4) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.9.3...v1.9.4) #### πŸ› Fixed πŸ› - Fixed an issue with the podSecurity subrule (`validate.podSecurity`) in which using the `latest` version of the PSS caused the Seccomp control to not be evaluated properly. ([#​7263](https://togithub.com/kyverno/kyverno/issues/7263))
Click to expand all PRs [#​7263](https://togithub.com/kyverno/kyverno/issues/7263) fix: PSa latest version check
### [`v1.9.3`](https://togithub.com/kyverno/kyverno/releases/tag/v1.9.3) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.9.2...v1.9.3) #### v1.9.3 #### #✨ Added ✨ - Added support for configuring webhook annotations via the ConfigMap's `webhookAnnotations` stanza. This should fix problems for AKS users with the Admission Enforcer entering a reconciliation war with Kyverno over its webhooks. ([#​6579](https://togithub.com/kyverno/kyverno/issues/6579)) ##### πŸ› Fixed πŸ› - Bumped a Docker dependency ([#​6787](https://togithub.com/kyverno/kyverno/issues/6787)) - Skip applying default exclude groups in the match evaluation ([#​6242](https://togithub.com/kyverno/kyverno/issues/6242))
Click to expand all PRs [#​6787](https://togithub.com/kyverno/kyverno/issues/6787) chore(deps): bump github.com/docker/docker from 23.0.2+incompatible to 23.0.3+incompatible [#​6579](https://togithub.com/kyverno/kyverno/issues/6579) feat: add webhook annotations support in config map [#​6242](https://togithub.com/kyverno/kyverno/issues/6242) fix: do not pass dynamicConfig to matchesResourceDescriptionMatchHelper
### [`v1.9.2`](https://togithub.com/kyverno/kyverno/releases/tag/v1.9.2) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.9.1...v1.9.2) #### ⚠️ Changed ⚠️ - Burst limit (`--clientRateLimitBurst`) has its defaults increased from `50` to `300` and QPS (`--clientRateLimitQPS`) from `20` to `300` which should fix issues in very large clusters with admission reports not getting aggregated quickly enough to the final Policy Report ([#​6540](https://togithub.com/kyverno/kyverno/issues/6540), [#​6532](https://togithub.com/kyverno/kyverno/issues/6532)) - Report controller workers have been increased from 2 to 10 which, along with the burst and QPS increases listed above, should help reconcile reports much faster ([#​6532](https://togithub.com/kyverno/kyverno/issues/6532)) - Included a message on how to bypass Kyverno policy schema validation (`spec.schemaValidation`) when Kyverno is not able to validate if a rule is correct ([#​6604](https://togithub.com/kyverno/kyverno/issues/6604)) #### πŸ› Fixed πŸ› - Policies in `Audit` mode are processed correctly when admission reports are disabled ([#​6545](https://togithub.com/kyverno/kyverno/issues/6545)) - Fixed duplicate messages in a policy report message field when using a podSecurity subrule ([#​6634](https://togithub.com/kyverno/kyverno/issues/6634)) - Fixed a controller duration computation ([#​6569](https://togithub.com/kyverno/kyverno/issues/6569))
Click to expand all PRs [#​6545](https://togithub.com/kyverno/kyverno/issues/6545) fix: process audit policies when admission reports are disabled [#​6540](https://togithub.com/kyverno/kyverno/issues/6540) fix: increase burst [#​6532](https://togithub.com/kyverno/kyverno/issues/6532) fix: improve reports controller default values and workers [#​6531](https://togithub.com/kyverno/kyverno/issues/6531) fix: process audit policies when admission reports are disabled [#​6522](https://togithub.com/kyverno/kyverno/issues/6522) fix: improve reports controller default values and workers [#​6332](https://togithub.com/kyverno/kyverno/issues/6332) More kuttl standard generate tests [#​6634](https://togithub.com/kyverno/kyverno/issues/6634) fix: skip duplicate PSa checks for the latest version [#​6604](https://togithub.com/kyverno/kyverno/issues/6604) fix: add message to bypass schema validation when it fails [#​6569](https://togithub.com/kyverno/kyverno/issues/6569) fix: controller duration computation
### [`v1.9.1`](https://togithub.com/kyverno/kyverno/releases/tag/v1.9.1) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.9.0...v1.9.1) #### ⚠️ Changed ⚠️ - Enhance the events created by PolicyExceptions to add kind and Namespace making them more consistent with other events ([#​6459](https://togithub.com/kyverno/kyverno/issues/6459)) - Added Roles and ClusterRoles when dumping out the AdmissionReview contents ([#​6323](https://togithub.com/kyverno/kyverno/issues/6323), [#​6319](https://togithub.com/kyverno/kyverno/issues/6319)) - Kyverno will use client instead of discovery for sanity checks which helps in some cases when finding CRDs ([#​6296](https://togithub.com/kyverno/kyverno/issues/6296)) - Logs added in wait for cache sync helper ([#​6275](https://togithub.com/kyverno/kyverno/issues/6275)) - Leader election is enabled in the background controller (responsible for generate and "mutate existing" rules) which should help or fix situations in which UpdateRequests may see unnecessary churn ([#​6237](https://togithub.com/kyverno/kyverno/issues/6237)) - A DELETE operation will now work as the trigger for a generate or mutate existing rule ([#​6214](https://togithub.com/kyverno/kyverno/issues/6214)) #### πŸ› Fixed πŸ› - Fixed an error log ([#​6429](https://togithub.com/kyverno/kyverno/issues/6429)) - Fixed a panic when fetching GVK ([#​6424](https://togithub.com/kyverno/kyverno/issues/6424)) - Fixed an issue which caused policies to never report a `Ready` status if the `--autoUpdateWebhooks` flag was set to `false` ([#​6374](https://togithub.com/kyverno/kyverno/issues/6374)) - Fixed an issue with the new Secret type in Kyverno 1.9.0. Now, older self-managed Secrets will be deleted and recreated with the new TLS type ([#​6368](https://togithub.com/kyverno/kyverno/issues/6368)) - Fixed a logger call ([#​6365](https://togithub.com/kyverno/kyverno/issues/6365)) - Fixed an issue with missing metric `kyverno_policy_results_total` when policies were in `Audit` mode ([#​6363](https://togithub.com/kyverno/kyverno/issues/6363)) - Fixed an issue with outputting of the full AdmissionReview response ([#​6349](https://togithub.com/kyverno/kyverno/issues/6349)) - Fixed an issue preventing rules with `request.oldObject` being translated properly by auto-gen ([#​6305](https://togithub.com/kyverno/kyverno/issues/6305)) - Fixed how quantities were divided when using the JMESPath `divide()` filter ([#​6229](https://togithub.com/kyverno/kyverno/issues/6229)) - Fixed use of the namespaceSelector for policies set to `Audit` mode ([#​6216](https://togithub.com/kyverno/kyverno/issues/6216)) - Fixed use of the namespaceSelector in generate and "mutate existing" policies ([#​6209](https://togithub.com/kyverno/kyverno/issues/6209)) #### πŸ”§ Bumped πŸ”§ - Bumped github.com/sigstore/k8s-manifest-sigstore from 0.4.3 to 0.4.4 ([#​6359](https://togithub.com/kyverno/kyverno/issues/6359)) - Bumped golang.org/x/net from v0.4.0 to v0.7.0 ([#​6344](https://togithub.com/kyverno/kyverno/issues/6344), [#​6341](https://togithub.com/kyverno/kyverno/issues/6341)) - Bumped golang.org/x/oauth2 from v0.3.0 to v0.4.0 ([#​6344](https://togithub.com/kyverno/kyverno/issues/6344)) - Bumped golang.org/x/sys from v0.3.0 to v0.5.0 ([#​6344](https://togithub.com/kyverno/kyverno/issues/6344)) - Bumped golang.org/x/term from v0.3.0 to v0.5.0 ([#​6344](https://togithub.com/kyverno/kyverno/issues/6344)) - Bumped golang.org/x/text from v0.5.0 to v0.7.0 ([#​6344](https://togithub.com/kyverno/kyverno/issues/6344))
Click to expand all PRs [#​6502](https://togithub.com/kyverno/kyverno/issues/6502) fix: release [#​6498](https://togithub.com/kyverno/kyverno/issues/6498) fix: release [#​6459](https://togithub.com/kyverno/kyverno/issues/6459) fix: update resource info in polex events [#​6429](https://togithub.com/kyverno/kyverno/issues/6429) fix: error log [#​6424](https://togithub.com/kyverno/kyverno/issues/6424) fix: panic when fails to fetch resource GVK [#​6374](https://togithub.com/kyverno/kyverno/issues/6374) fix: autoUpdateWebhooks=false causes ClusterPolicy to never be ready [#​6368](https://togithub.com/kyverno/kyverno/issues/6368) fix: delete certificate secret if type is not TLS [#​6365](https://togithub.com/kyverno/kyverno/issues/6365) fix: logger key value in wrong order [#​6363](https://togithub.com/kyverno/kyverno/issues/6363) fix: missing metrics for policies in audit mode [#​6359](https://togithub.com/kyverno/kyverno/issues/6359) chore(deps): bump github.com/sigstore/k8s-manifest-sigstore [#​6349](https://togithub.com/kyverno/kyverno/issues/6349) fix: dump admission response [#​6344](https://togithub.com/kyverno/kyverno/issues/6344) chore(deps): bump golang.org/x/net [#​6341](https://togithub.com/kyverno/kyverno/issues/6341) chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 [#​6323](https://togithub.com/kyverno/kyverno/issues/6323) fix: add roles and clusterroles when dumping admission requests [#​6319](https://togithub.com/kyverno/kyverno/issues/6319) fix: add roles and clusterroles when dumping admission requests [#​6305](https://togithub.com/kyverno/kyverno/issues/6305) oldObject translation solved in autogen [#​6296](https://togithub.com/kyverno/kyverno/issues/6296) fix: use client instead of discovery for sanity checks [#​6275](https://togithub.com/kyverno/kyverno/issues/6275) chore: add error logs in wait for cache sync helper [#​6237](https://togithub.com/kyverno/kyverno/issues/6237) feat: enable leader election for the background controller [#​6229](https://togithub.com/kyverno/kyverno/issues/6229) fix: jp divide quantities [#​6216](https://togithub.com/kyverno/kyverno/issues/6216) fix: namespaceSelector for audit rules [#​6200](https://togithub.com/kyverno/kyverno/issues/6200) fix: image tagging strategy [#​6197](https://togithub.com/kyverno/kyverno/issues/6197) fix: admission review variables for DELETE operations [#​6188](https://togithub.com/kyverno/kyverno/issues/6188) fix: namespaceSelector for background policies

Configuration

πŸ“… Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

β™» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about this update again.

This PR was generated by Mend Renovate. View the repository job log.