kyverno/kyverno (github.com/kyverno/kyverno)
### [`v1.9.5`](https://togithub.com/kyverno/kyverno/releases/tag/v1.9.5)
[Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.9.4...v1.9.5)
#### π Fixed π
- Removed some insecure 3DES ciphers. ([#7308](https://togithub.com/kyverno/kyverno/issues/7308) )
Click to expand all PRs
[#7308](https://togithub.com/kyverno/kyverno/issues/7308) fix: tls cipher suites
### [`v1.9.4`](https://togithub.com/kyverno/kyverno/releases/tag/v1.9.4)
[Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.9.3...v1.9.4)
#### π Fixed π
- Fixed an issue with the podSecurity subrule (`validate.podSecurity`) in which using the `latest` version of the PSS caused the Seccomp control to not be evaluated properly. ([#7263](https://togithub.com/kyverno/kyverno/issues/7263))
Click to expand all PRs
[#7263](https://togithub.com/kyverno/kyverno/issues/7263) fix: PSa latest version check
### [`v1.9.3`](https://togithub.com/kyverno/kyverno/releases/tag/v1.9.3)
[Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.9.2...v1.9.3)
#### v1.9.3
#### #β¨ Added β¨
- Added support for configuring webhook annotations via the ConfigMap's `webhookAnnotations` stanza. This should fix problems for AKS users with the Admission Enforcer entering a reconciliation war with Kyverno over its webhooks. ([#6579](https://togithub.com/kyverno/kyverno/issues/6579))
##### π Fixed π
- Bumped a Docker dependency ([#6787](https://togithub.com/kyverno/kyverno/issues/6787))
- Skip applying default exclude groups in the match evaluation ([#6242](https://togithub.com/kyverno/kyverno/issues/6242))
Click to expand all PRs
[#6787](https://togithub.com/kyverno/kyverno/issues/6787) chore(deps): bump github.com/docker/docker from 23.0.2+incompatible to 23.0.3+incompatible
[#6579](https://togithub.com/kyverno/kyverno/issues/6579) feat: add webhook annotations support in config map
[#6242](https://togithub.com/kyverno/kyverno/issues/6242) fix: do not pass dynamicConfig to matchesResourceDescriptionMatchHelper
### [`v1.9.2`](https://togithub.com/kyverno/kyverno/releases/tag/v1.9.2)
[Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.9.1...v1.9.2)
#### β οΈ Changed β οΈ
- Burst limit (`--clientRateLimitBurst`) has its defaults increased from `50` to `300` and QPS (`--clientRateLimitQPS`) from `20` to `300` which should fix issues in very large clusters with admission reports not getting aggregated quickly enough to the final Policy Report ([#6540](https://togithub.com/kyverno/kyverno/issues/6540), [#6532](https://togithub.com/kyverno/kyverno/issues/6532))
- Report controller workers have been increased from 2 to 10 which, along with the burst and QPS increases listed above, should help reconcile reports much faster ([#6532](https://togithub.com/kyverno/kyverno/issues/6532))
- Included a message on how to bypass Kyverno policy schema validation (`spec.schemaValidation`) when Kyverno is not able to validate if a rule is correct ([#6604](https://togithub.com/kyverno/kyverno/issues/6604))
#### π Fixed π
- Policies in `Audit` mode are processed correctly when admission reports are disabled ([#6545](https://togithub.com/kyverno/kyverno/issues/6545))
- Fixed duplicate messages in a policy report message field when using a podSecurity subrule ([#6634](https://togithub.com/kyverno/kyverno/issues/6634))
- Fixed a controller duration computation ([#6569](https://togithub.com/kyverno/kyverno/issues/6569))
Click to expand all PRs
[#6545](https://togithub.com/kyverno/kyverno/issues/6545) fix: process audit policies when admission reports are disabled
[#6540](https://togithub.com/kyverno/kyverno/issues/6540) fix: increase burst
[#6532](https://togithub.com/kyverno/kyverno/issues/6532) fix: improve reports controller default values and workers
[#6531](https://togithub.com/kyverno/kyverno/issues/6531) fix: process audit policies when admission reports are disabled
[#6522](https://togithub.com/kyverno/kyverno/issues/6522) fix: improve reports controller default values and workers
[#6332](https://togithub.com/kyverno/kyverno/issues/6332) More kuttl standard generate tests
[#6634](https://togithub.com/kyverno/kyverno/issues/6634) fix: skip duplicate PSa checks for the latest version
[#6604](https://togithub.com/kyverno/kyverno/issues/6604) fix: add message to bypass schema validation when it fails
[#6569](https://togithub.com/kyverno/kyverno/issues/6569) fix: controller duration computation
### [`v1.9.1`](https://togithub.com/kyverno/kyverno/releases/tag/v1.9.1)
[Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.9.0...v1.9.1)
#### β οΈ Changed β οΈ
- Enhance the events created by PolicyExceptions to add kind and Namespace making them more consistent with other events ([#6459](https://togithub.com/kyverno/kyverno/issues/6459))
- Added Roles and ClusterRoles when dumping out the AdmissionReview contents ([#6323](https://togithub.com/kyverno/kyverno/issues/6323), [#6319](https://togithub.com/kyverno/kyverno/issues/6319))
- Kyverno will use client instead of discovery for sanity checks which helps in some cases when finding CRDs ([#6296](https://togithub.com/kyverno/kyverno/issues/6296))
- Logs added in wait for cache sync helper ([#6275](https://togithub.com/kyverno/kyverno/issues/6275))
- Leader election is enabled in the background controller (responsible for generate and "mutate existing" rules) which should help or fix situations in which UpdateRequests may see unnecessary churn ([#6237](https://togithub.com/kyverno/kyverno/issues/6237))
- A DELETE operation will now work as the trigger for a generate or mutate existing rule ([#6214](https://togithub.com/kyverno/kyverno/issues/6214))
#### π Fixed π
- Fixed an error log ([#6429](https://togithub.com/kyverno/kyverno/issues/6429))
- Fixed a panic when fetching GVK ([#6424](https://togithub.com/kyverno/kyverno/issues/6424))
- Fixed an issue which caused policies to never report a `Ready` status if the `--autoUpdateWebhooks` flag was set to `false` ([#6374](https://togithub.com/kyverno/kyverno/issues/6374))
- Fixed an issue with the new Secret type in Kyverno 1.9.0. Now, older self-managed Secrets will be deleted and recreated with the new TLS type ([#6368](https://togithub.com/kyverno/kyverno/issues/6368))
- Fixed a logger call ([#6365](https://togithub.com/kyverno/kyverno/issues/6365))
- Fixed an issue with missing metric `kyverno_policy_results_total` when policies were in `Audit` mode ([#6363](https://togithub.com/kyverno/kyverno/issues/6363))
- Fixed an issue with outputting of the full AdmissionReview response ([#6349](https://togithub.com/kyverno/kyverno/issues/6349))
- Fixed an issue preventing rules with `request.oldObject` being translated properly by auto-gen ([#6305](https://togithub.com/kyverno/kyverno/issues/6305))
- Fixed how quantities were divided when using the JMESPath `divide()` filter ([#6229](https://togithub.com/kyverno/kyverno/issues/6229))
- Fixed use of the namespaceSelector for policies set to `Audit` mode ([#6216](https://togithub.com/kyverno/kyverno/issues/6216))
- Fixed use of the namespaceSelector in generate and "mutate existing" policies ([#6209](https://togithub.com/kyverno/kyverno/issues/6209))
#### π§ Bumped π§
- Bumped github.com/sigstore/k8s-manifest-sigstore from 0.4.3 to 0.4.4 ([#6359](https://togithub.com/kyverno/kyverno/issues/6359))
- Bumped golang.org/x/net from v0.4.0 to v0.7.0 ([#6344](https://togithub.com/kyverno/kyverno/issues/6344), [#6341](https://togithub.com/kyverno/kyverno/issues/6341))
- Bumped golang.org/x/oauth2 from v0.3.0 to v0.4.0 ([#6344](https://togithub.com/kyverno/kyverno/issues/6344))
- Bumped golang.org/x/sys from v0.3.0 to v0.5.0 ([#6344](https://togithub.com/kyverno/kyverno/issues/6344))
- Bumped golang.org/x/term from v0.3.0 to v0.5.0 ([#6344](https://togithub.com/kyverno/kyverno/issues/6344))
- Bumped golang.org/x/text from v0.5.0 to v0.7.0 ([#6344](https://togithub.com/kyverno/kyverno/issues/6344))
Click to expand all PRs
[#6502](https://togithub.com/kyverno/kyverno/issues/6502) fix: release
[#6498](https://togithub.com/kyverno/kyverno/issues/6498) fix: release
[#6459](https://togithub.com/kyverno/kyverno/issues/6459) fix: update resource info in polex events
[#6429](https://togithub.com/kyverno/kyverno/issues/6429) fix: error log
[#6424](https://togithub.com/kyverno/kyverno/issues/6424) fix: panic when fails to fetch resource GVK
[#6374](https://togithub.com/kyverno/kyverno/issues/6374) fix: autoUpdateWebhooks=false causes ClusterPolicy to never be ready
[#6368](https://togithub.com/kyverno/kyverno/issues/6368) fix: delete certificate secret if type is not TLS
[#6365](https://togithub.com/kyverno/kyverno/issues/6365) fix: logger key value in wrong order
[#6363](https://togithub.com/kyverno/kyverno/issues/6363) fix: missing metrics for policies in audit mode
[#6359](https://togithub.com/kyverno/kyverno/issues/6359) chore(deps): bump github.com/sigstore/k8s-manifest-sigstore
[#6349](https://togithub.com/kyverno/kyverno/issues/6349) fix: dump admission response
[#6344](https://togithub.com/kyverno/kyverno/issues/6344) chore(deps): bump golang.org/x/net
[#6341](https://togithub.com/kyverno/kyverno/issues/6341) chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0
[#6323](https://togithub.com/kyverno/kyverno/issues/6323) fix: add roles and clusterroles when dumping admission requests
[#6319](https://togithub.com/kyverno/kyverno/issues/6319) fix: add roles and clusterroles when dumping admission requests
[#6305](https://togithub.com/kyverno/kyverno/issues/6305) oldObject translation solved in autogen
[#6296](https://togithub.com/kyverno/kyverno/issues/6296) fix: use client instead of discovery for sanity checks
[#6275](https://togithub.com/kyverno/kyverno/issues/6275) chore: add error logs in wait for cache sync helper
[#6237](https://togithub.com/kyverno/kyverno/issues/6237) feat: enable leader election for the background controller
[#6229](https://togithub.com/kyverno/kyverno/issues/6229) fix: jp divide quantities
[#6216](https://togithub.com/kyverno/kyverno/issues/6216) fix: namespaceSelector for audit rules
[#6200](https://togithub.com/kyverno/kyverno/issues/6200) fix: image tagging strategy
[#6197](https://togithub.com/kyverno/kyverno/issues/6197) fix: admission review variables for DELETE operations
[#6188](https://togithub.com/kyverno/kyverno/issues/6188) fix: namespaceSelector for background policies
Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
[ ] If you want to rebase/retry this PR, check this box
This PR contains the following updates:
v1.9.0
->v1.9.5
Release Notes
kyverno/kyverno (github.com/kyverno/kyverno)
### [`v1.9.5`](https://togithub.com/kyverno/kyverno/releases/tag/v1.9.5) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.9.4...v1.9.5) #### π Fixed π - Removed some insecure 3DES ciphers. ([#7308](https://togithub.com/kyverno/kyverno/issues/7308) )Click to expand all PRs
[#7308](https://togithub.com/kyverno/kyverno/issues/7308) fix: tls cipher suitesClick to expand all PRs
[#7263](https://togithub.com/kyverno/kyverno/issues/7263) fix: PSa latest version checkClick to expand all PRs
[#6787](https://togithub.com/kyverno/kyverno/issues/6787) chore(deps): bump github.com/docker/docker from 23.0.2+incompatible to 23.0.3+incompatible [#6579](https://togithub.com/kyverno/kyverno/issues/6579) feat: add webhook annotations support in config map [#6242](https://togithub.com/kyverno/kyverno/issues/6242) fix: do not pass dynamicConfig to matchesResourceDescriptionMatchHelperClick to expand all PRs
[#6545](https://togithub.com/kyverno/kyverno/issues/6545) fix: process audit policies when admission reports are disabled [#6540](https://togithub.com/kyverno/kyverno/issues/6540) fix: increase burst [#6532](https://togithub.com/kyverno/kyverno/issues/6532) fix: improve reports controller default values and workers [#6531](https://togithub.com/kyverno/kyverno/issues/6531) fix: process audit policies when admission reports are disabled [#6522](https://togithub.com/kyverno/kyverno/issues/6522) fix: improve reports controller default values and workers [#6332](https://togithub.com/kyverno/kyverno/issues/6332) More kuttl standard generate tests [#6634](https://togithub.com/kyverno/kyverno/issues/6634) fix: skip duplicate PSa checks for the latest version [#6604](https://togithub.com/kyverno/kyverno/issues/6604) fix: add message to bypass schema validation when it fails [#6569](https://togithub.com/kyverno/kyverno/issues/6569) fix: controller duration computationClick to expand all PRs
[#6502](https://togithub.com/kyverno/kyverno/issues/6502) fix: release [#6498](https://togithub.com/kyverno/kyverno/issues/6498) fix: release [#6459](https://togithub.com/kyverno/kyverno/issues/6459) fix: update resource info in polex events [#6429](https://togithub.com/kyverno/kyverno/issues/6429) fix: error log [#6424](https://togithub.com/kyverno/kyverno/issues/6424) fix: panic when fails to fetch resource GVK [#6374](https://togithub.com/kyverno/kyverno/issues/6374) fix: autoUpdateWebhooks=false causes ClusterPolicy to never be ready [#6368](https://togithub.com/kyverno/kyverno/issues/6368) fix: delete certificate secret if type is not TLS [#6365](https://togithub.com/kyverno/kyverno/issues/6365) fix: logger key value in wrong order [#6363](https://togithub.com/kyverno/kyverno/issues/6363) fix: missing metrics for policies in audit mode [#6359](https://togithub.com/kyverno/kyverno/issues/6359) chore(deps): bump github.com/sigstore/k8s-manifest-sigstore [#6349](https://togithub.com/kyverno/kyverno/issues/6349) fix: dump admission response [#6344](https://togithub.com/kyverno/kyverno/issues/6344) chore(deps): bump golang.org/x/net [#6341](https://togithub.com/kyverno/kyverno/issues/6341) chore(deps): bump golang.org/x/net from 0.6.0 to 0.7.0 [#6323](https://togithub.com/kyverno/kyverno/issues/6323) fix: add roles and clusterroles when dumping admission requests [#6319](https://togithub.com/kyverno/kyverno/issues/6319) fix: add roles and clusterroles when dumping admission requests [#6305](https://togithub.com/kyverno/kyverno/issues/6305) oldObject translation solved in autogen [#6296](https://togithub.com/kyverno/kyverno/issues/6296) fix: use client instead of discovery for sanity checks [#6275](https://togithub.com/kyverno/kyverno/issues/6275) chore: add error logs in wait for cache sync helper [#6237](https://togithub.com/kyverno/kyverno/issues/6237) feat: enable leader election for the background controller [#6229](https://togithub.com/kyverno/kyverno/issues/6229) fix: jp divide quantities [#6216](https://togithub.com/kyverno/kyverno/issues/6216) fix: namespaceSelector for audit rules [#6200](https://togithub.com/kyverno/kyverno/issues/6200) fix: image tagging strategy [#6197](https://togithub.com/kyverno/kyverno/issues/6197) fix: admission review variables for DELETE operations [#6188](https://togithub.com/kyverno/kyverno/issues/6188) fix: namespaceSelector for background policiesConfiguration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Enabled.
β» Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.