search

kyverno / reports-server

Alternate reports storage in Kubernetes outside etcd
Apache License 2.0
17 stars 9 forks source link

chore(deps): Bump github.com/kyverno/kyverno from 1.12.0-alpha.1 to 1.12.0 #113

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 4 months ago

Bumps github.com/kyverno/kyverno from 1.12.0-alpha.1 to 1.12.0.

Release notes

Sourced from github.com/kyverno/kyverno's releases.

v1.12.0

1.12 Release Notes

❗ Breaking (Potentially) ❗

  • Policies using long-deprecated or invalid operators in conditions (ex., In and NotIn) will be blocked. Please see the current list of available operators here (#8624)

✨ Added ✨

  • Added a global cache via a new Custom Resource called GlobalContextEntry allowing caching of any resource (#9591, #9595, #9601, #9602, #9614, #9615, #9618, #9619, #9620, #9621, #9643, #9652, #9678, #9710, #9813)
  • Added the ability to configure the listening ports of webhooks for admission and cleanup controllers (#7728)
  • Several new and improved abilities to reduce the scope of webhooks based on policy configurations, including support for the CEL-based matchConditions available in Kubernetes 1.27+ (#8065, #8437, #9483, #9599)
  • Added a new container flag --protectManagedResources to the cleanup controller (#8566)
  • Added a new container flag --renewBefore to the admission cleanup controllers to configure the cert renewal time (#8567)
  • Added a new container flag --loggingtsFormat which can be used to change the time format of logs (#9276)
  • Policy Exceptions now support conditions (#8577)
  • Policy Exceptions now support excluding specific controls when using a Pod Security sub-rule validate.podSecurity (#9343, #9817)
  • Pod Security sub-rule (validate.podSecurity) has a new ability to exclude based on restricted fields (exclude.restrictedField and associated values (#8585, #9770, #9658)
  • Added a new field to verifyImages rules called skipImageReferences allowing you to exclude certain images (#8633)
  • Added a new field to generate rules (data-type) called orphanDownstreamOnPolicyDelete which will preserve downstream resources when the policy/rule is deleted (#9579)
  • Added the ability to deploy specific controllers with CRDs following suit (#8849, #9608)
  • Added the ability to apply custom labels to Kyverno's webhooks, helpful especially for Argo CD users (#9015)
  • Added support for more types of JSON patch operations like "move", "copy", and "test" (#9476)
  • Policy Reports can now be generated from ValidatingAdmissionPolicies and their bindings (#9506)
  • Created a new API group reports.kyverno.io for storing new ephemeral report kinds EphemeralReports and ClusterEphemeralReports (#9521, #9537)
  • New is_external_url() JMESPath function to determine whether a given URL is an external URL (#8614)
  • New sha256() JMESPath function to convert a string of any length to a fixed hash value (#9144)
  • Kyverno CLI: Added a new migrate command which is used to migrate Kyverno resources to the current API version (#9296)
  • Kyverno CLI: Added a new (experimental) json command which incorporates the Kyverno JSON subproject into the main CLI allowing for testing of any JSON content (#9639, #9651)
  • Kyverno CLI: The test command now supports the same assertion trees available in Chainsaw (#9380)
  • Kyverno CLI: The apply command now supports ValidatingAdmissionPolicyBindings (#9468, #9751, #9759)
  • Kyverno CLI: apply and test commands now support Policy Exceptions (#9525, #9624, #9714, #9749)
  • Kyverno CLI: Added a --resources flag as an alias for the existing --resource flag (#9749)

Helm

  • Add chart parameters for setting revisionHistoryLimit (#8907)
  • Allow excluding resources from config.resourceFilters (#8946)
  • Allow defining ca-certificates bundle for Kyverno deployments (#8969)
  • Clean up Helm change logs (#9057)
  • Added ability to set extra environment variables globally (#9269)
  • Added the ability to enable performance profiling to the chart (#9338)
  • Added a global nodeSelector to the chart (#9339)
  • Allow adding Pod labels to cleanup jobs in the chart (#9391)
  • Added a CRD migration capability via hooks to the chart (#9481, #9657)
  • Added the ability to define additional resources to be excluded via resourceFilters (#9530)
  • Added a small note for AKS users when the chart is installed (#9552)
  • Added the ability to configure backoff limits in jobs in the chart (#9569)
  • Added default exclusions in webhooks (#9950)

... (truncated)

Commits


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 4 months ago

Superseded by #116.