fix: return err in load data #7982
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com>
realshuting
approved these changes
Aug 8, 2023
|
Do we need the fix in 1.10? |
Yes we do #7834. |
It causes an issue where policy does not stop at apiCall error Got this When error should be |
|
/cherry-pick release-1.10 |
9 tasks
Codecov Report
@@ Coverage Diff @@
## main #7982 +/- ##
==========================================
- Coverage 33.15% 33.15% -0.01%
==========================================
Files 244 244
Lines 22972 22973 +1
==========================================
Hits 7617 7617
- Misses 14562 14563 +1
Partials 793 793
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
gcp-cherry-pick-bot bot
pushed a commit
that referenced
this pull request
Aug 8, 2023
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
realshuting
added a commit
that referenced
this pull request
Aug 8, 2023
vishal-chdhry
added a commit
to vishal-chdhry/kyverno
that referenced
this pull request
Aug 20, 2023
Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com>
realshuting
added a commit
that referenced
this pull request
Sep 7, 2023
* feat:add usage of flux auth package for creating keychain for every oci provider, we will create a client from flux and use its login() method Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add registry checking Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: update azure keychain to return anonymous kc Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: remove google keychain Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: kubeconfig redefined Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: fix kubeconfig flag being double defined Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * updated comments (#7902) Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 (#7918) Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.56.2 to 1.57.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.56.2...v1.57.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump github.com/go-git/go-git/v5 from 5.8.0 to 5.8.1 (#7919) Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git) from 5.8.0 to 5.8.1. - [Release notes](https://github.com/go-git/go-git/releases) - [Commits](go-git/go-git@v5.8.0...v5.8.1) --- updated-dependencies: - dependency-name: github.com/go-git/go-git/v5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * refactor validating admission policies (#7835) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * feat: update default keychain in registry to be empty (#7906) * feat: update default keychain to be empty Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update registryCredentialHelpers description Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: rename vap to its full name (#7929) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * fix(chart): only create ServiceMonitor if cluster supports it (#7926) * fix: only create ServiceMonitor if cluster supports it Adds an additional check to the ServiceMonitor template to ensure that the cluster supports the `monitoring.coreos.com/v1` API version. Signed-off-by: Alexej Disterhoft <alexej@disterhoft.de> * add IITS Consulting as adopter from Google Form (#7932) Signed-off-by: Chip Zoller <chipzoller@gmail.com> * Adding other folder's subfolders to workflows/conformance.yaml's tests array (#7927) Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com> Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Chip Zoller <chipzoller@gmail.com> * feat: add create metrics-config cli command (#7782) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump svenstaro/upload-release-action from 2.6.1 to 2.7.0 (#7940) Bumps [svenstaro/upload-release-action](https://github.com/svenstaro/upload-release-action) from 2.6.1 to 2.7.0. - [Release notes](https://github.com/svenstaro/upload-release-action/releases) - [Changelog](https://github.com/svenstaro/upload-release-action/blob/master/CHANGELOG.md) - [Commits](svenstaro/upload-release-action@2b9d284...1beeb57) --- updated-dependencies: - dependency-name: svenstaro/upload-release-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: shuting <shuting@nirmata.com> * test: add tests for ghcr private repository (#7791) * chore: organize constants better (#7941) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: move cert.kyverno.io/managed-by label in constants (#7942) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: rename --compact to --detailed-results in CLI (#7937) * fix: rename --compact to --detailed-results in CLI Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * rename compact arg Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: move more constants (#7944) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add `create values` cli command (#7779) * feat: add cli command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add create values cli command Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Removed usage of `replacements` from goreleaser.yml file (#7833) * Changed goreleaser.yml file Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com> * Changed syntax Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com> * Small indent fix Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com> --------- Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com> Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * add 1.10.2 (#7947) Signed-off-by: Chip Zoller <chipzoller@gmail.com> * chore: move cache enabled label (#7949) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 (#7952) Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.24.0 to 1.25.0. - [Release notes](https://github.com/uber-go/zap/releases) - [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md) - [Commits](uber-go/zap@v1.24.0...v1.25.0) --- updated-dependencies: - dependency-name: go.uber.org/zap dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * doc: add feature flag guidelines (#7951) Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> * chore: move kyverno.io/verify-images constant (#7955) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: add ttl controller (#7821) * added the ttl controller Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fixed label and vars Signed-off-by: Ved Ratan <vedratan8@gmail.com> * added logger Signed-off-by: Ved Ratan <vedratan8@gmail.com> * applied fixes Signed-off-by: Ved Ratan <vedratan8@gmail.com> * removed comments Signed-off-by: Ved Ratan <vedratan8@gmail.com> * lint Signed-off-by: Ved Ratan <vedratan8@gmail.com> * lint Signed-off-by: Ved Ratan <vedratan8@gmail.com> * lint Signed-off-by: Ved Ratan <vedratan8@gmail.com> * more lint fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * applied changes Signed-off-by: Ved Ratan <vedratan8@gmail.com> * minor fixes Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix logger, separate parse logic Signed-off-by: Ved Ratan <vedratan8@gmail.com> * added tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * added kuttl tests, validation utilities Signed-off-by: Ved Ratan <vedratan8@gmail.com> * commented code Signed-off-by: Ved Ratan <vedratan8@gmail.com> * renamed tests Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix test Signed-off-by: Ved Ratan <vedratan8@gmail.com> * created log.go Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix log.go Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * added README.md refactor code Signed-off-by: Ved Ratan <vedratan8@gmail.com> * lint fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * lint Signed-off-by: Ved Ratan <vedratan8@gmail.com> * lint fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * added validation webhook Signed-off-by: Ved Ratan <vedratan8@gmail.com> * label-validation fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * added flag, updated verbs Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * updated verbs Signed-off-by: Ved Ratan <vedratan8@gmail.com> * updated helm chart Signed-off-by: Ved Ratan <vedratan8@gmail.com> * test fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * lint Signed-off-by: Ved Ratan <vedratan8@gmail.com> * linter Signed-off-by: Ved Ratan <vedratan8@gmail.com> * imporoved webhook validation Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * linter fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * lint Signed-off-by: Ved Ratan <vedratan8@gmail.com> * lint fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix codegen Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * webhook names and path constants Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * constant label Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix label selector Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl test fix Signed-off-by: Ved Ratan <vedratan8@gmail.com> * helm docs Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix controller logger Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: manager logger Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix failure policy Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl tests Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * move kuttl tests in separate job Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove rbac steps Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * remove configmaps from core cluster role Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix logger Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * rename flag Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * kuttl Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix error Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix linter Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: rename ttl controller package (#7957) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore: move ttl formats to constants (#7958) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * feat: Add support for server-side-apply in generate rules (#7705) * feat: Add support for server-side-apply in generate rules Signed-off-by: Mike Bryant <mike@mikebryant.me.uk> * chore: run make codegen-all Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> * chore: Remove unnecessary file I got from copy/paste Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> --------- Signed-off-by: Mike Bryant <mike@mikebryant.me.uk> Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * refactor: ttl label validation (#7960) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump github.com/google/go-containerregistry (#7961) Bumps [github.com/google/go-containerregistry](https://github.com/google/go-containerregistry) from 0.14.1-0.20230425172351-b7c6e9dc3944 to 0.16.1. - [Release notes](https://github.com/google/go-containerregistry/releases) - [Changelog](https://github.com/google/go-containerregistry/blob/main/.goreleaser.yml) - [Commits](https://github.com/google/go-containerregistry/commits/v0.16.1) --- updated-dependencies: - dependency-name: github.com/google/go-containerregistry dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore: fix cleanup controller debug in vscode (#7963) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: ttl cleanup controller events processing (#7964) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * test: add test to cleanup the same resource twice (#7965) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: ttl manager stop informer on error (#7966) Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * chore(deps): bump slsa-framework/slsa-github-generator (#7968) Bumps [slsa-framework/slsa-github-generator](https://github.com/slsa-framework/slsa-github-generator) from 1.7.0 to 1.8.0. - [Release notes](https://github.com/slsa-framework/slsa-github-generator/releases) - [Changelog](https://github.com/slsa-framework/slsa-github-generator/blob/main/CHANGELOG.md) - [Commits](slsa-framework/slsa-github-generator@v1.7.0...v1.8.0) --- updated-dependencies: - dependency-name: slsa-framework/slsa-github-generator dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * feat: add basic structure for image verify cache (#7890) * feat: add interface for image verify cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add basic client for cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add ttl to client Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add flags and flag setup Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: added a default image verify cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add propogation of cache to image verifier Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add useCache to image verification types Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: add ivcache to image verifier Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: add logger to cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * typo: DisabledImageVerfiyCache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * typo: DisabledImageVerfiyCache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * Update cmd/internal/flag.go Signed-off-by: shuting <shutting06@gmail.com> * feat: add use cache to v2beta1 crd Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * bug: change public attribute TTL to private Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: replace nil in test with disabled cache Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * fix: convert ttl time to time.Duration Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update opts to use time.Duration Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat:add policy version and remove delete functions by adding policy version, old entries will automatically become outdated and we will not have to remove them manually Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: remove clear and update get and set to take interface as input Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * style: fix lint issue Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * Fixes kyverno cli container reorder (#7943) * added combine rule response Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added kyverno test cli tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added kyverno test cli tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * small nits Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * added ; in between the err messages Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * removed fixed rulename and ruletype Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: shuting <shuting@nirmata.com> * chore(deps): bump sigs.k8s.io/controller-runtime from 0.15.0 to 0.15.1 (#7975) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.15.0 to 0.15.1. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.15.0...v0.15.1) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/text from 0.11.0 to 0.12.0 (#7976) Bumps [golang.org/x/text](https://github.com/golang/text) from 0.11.0 to 0.12.0. - [Release notes](https://github.com/golang/text/releases) - [Commits](golang/text@v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/text dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * chore(deps): bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#7977) Bumps [golang.org/x/crypto](https://github.com/golang/crypto) from 0.11.0 to 0.12.0. - [Commits](golang/crypto@v0.11.0...v0.12.0) --- updated-dependencies: - dependency-name: golang.org/x/crypto dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * fix:Add Missing Severity Cases in SeverityFromString Function (#7974) Signed-off-by: lichanghao.orange <lichanghao.orange@bytedance.com> Co-authored-by: shuting <shuting@nirmata.com> * feat(chart) Allow podSecurityContext and securityContext for webhooksCleanup (#7970) Fixes #7962 Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> * fix: Fixed issue with AddVariable that prevented certain variables (#7981) When using a label or annotation with quoted dots, AddVariable was splitting inside the quote causing it to be improperly parsed and replaced Signed-off-by: mvaal <mvaal@expediagroup.com> * fix: Kyverno cli apply duplicate result counts (#7945) * removed repeated logic from kyverno_policies_types Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> fixed unit tests * fixed unit tests Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * updated common.go logic Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * remove skip response logic from common.go Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * remove skip response logic from common.go Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> * fixed conflict Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> --------- Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix: return err in load data (#7982) Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> * fix, enhancement (#7988) * fix, enhancement Signed-off-by: Ved Ratan <vedratan8@gmail.com> * lint Signed-off-by: Ved Ratan <vedratan8@gmail.com> --------- Signed-off-by: Ved Ratan <vedratan8@gmail.com> * fix: improve lint Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: update auth pkg Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore: fix go mod Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * feat: updated CLI keychains Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> * chore update fluxcd/pkg/auth@0.31.1 Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> --------- Signed-off-by: Vishal Choudhary <sendtovishalchoudhary@gmail.com> Signed-off-by: hackeramitkumar <amit9116260192@gmail.com> Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Signed-off-by: Alexej Disterhoft <alexej@disterhoft.de> Signed-off-by: Chip Zoller <chipzoller@gmail.com> Signed-off-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com> Signed-off-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Signed-off-by: Ved Ratan <vedratan8@gmail.com> Signed-off-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com> Signed-off-by: Mike Bryant <mike@mikebryant.me.uk> Signed-off-by: Mike Bryant <mike.bryant@mettle.co.uk> Signed-off-by: shuting <shutting06@gmail.com> Signed-off-by: lichanghao.orange <lichanghao.orange@bytedance.com> Signed-off-by: Trey Dockendorf <tdockendorf@osc.edu> Signed-off-by: mvaal <mvaal@expediagroup.com> Co-authored-by: Amit kumar <amit9116260192@gmail.com> Co-authored-by: shuting <shuting@nirmata.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Mariam Fahmy <mariam.fahmy@nirmata.com> Co-authored-by: Alexej Disterhoft <github@disterhoft.de> Co-authored-by: Chip Zoller <chipzoller@gmail.com> Co-authored-by: Pradyot Ranjan <99216956+prady0t@users.noreply.github.com> Co-authored-by: Pradyot Ranjan <99216956+pradyotRanjan@users.noreply.github.com> Co-authored-by: Charles-Edouard Brétéché <charles.edouard@nirmata.com> Co-authored-by: Ved Ratan <82467006+VedRatan@users.noreply.github.com> Co-authored-by: Mike Bryant <mike.bryant@mettle.co.uk> Co-authored-by: Jim Bugwadia <jim@nirmata.com> Co-authored-by: shuting <shutting06@gmail.com> Co-authored-by: UgOrange <lichanghao.orange@bytedance.com> Co-authored-by: treydock <tdockendorf@osc.edu> Co-authored-by: Marcus Vaal <mvaal@expediagroup.com>
renovate bot
referenced
this pull request
in allenporter/flux-local
Dec 20, 2023
[](https://renovatebot.com) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [kyverno/kyverno](https://togithub.com/kyverno/kyverno) | minor | `v1.10.0` -> `v1.11.1` | --- ### Release Notes <details> <summary>kyverno/kyverno (kyverno/kyverno)</summary> ### [`v1.11.1`](https://togithub.com/kyverno/kyverno/releases/tag/v1.11.1) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.11.0...v1.11.1) #### What's Changed - Reduced verbosity of admission request filter INFO log message (cherry-pick [#​8712](https://togithub.com/kyverno/kyverno/issues/8712)) by [@​gcp-cherry-pick-bot](https://togithub.com/gcp-cherry-pick-bot) in [https://github.com/kyverno/kyverno/pull/8882](https://togithub.com/kyverno/kyverno/pull/8882) - Close reponse right after succesful request (cherry-pick [#​8894](https://togithub.com/kyverno/kyverno/issues/8894)) by [@​gcp-cherry-pick-bot](https://togithub.com/gcp-cherry-pick-bot) in [https://github.com/kyverno/kyverno/pull/8896](https://togithub.com/kyverno/kyverno/pull/8896) - chore(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc from 0.45.0 to 0.46.0 (cherry pick: [#​8893](https://togithub.com/kyverno/kyverno/issues/8893)) by [@​vishal-chdhry](https://togithub.com/vishal-chdhry) in [https://github.com/kyverno/kyverno/pull/8897](https://togithub.com/kyverno/kyverno/pull/8897) - Add policyKind option to kyverno-policies chart (cherry-pick [#​8827](https://togithub.com/kyverno/kyverno/issues/8827)) by [@​gcp-cherry-pick-bot](https://togithub.com/gcp-cherry-pick-bot) in [https://github.com/kyverno/kyverno/pull/8923](https://togithub.com/kyverno/kyverno/pull/8923) - \[Helm] correct typo in README for Kyverno 1.10+ (cherry-pick [#​8911](https://togithub.com/kyverno/kyverno/issues/8911)) by [@​gcp-cherry-pick-bot](https://togithub.com/gcp-cherry-pick-bot) in [https://github.com/kyverno/kyverno/pull/8927](https://togithub.com/kyverno/kyverno/pull/8927) - Revert "fix(chart): only create ServiceMonitor if cluster supports it ([#​7926](https://togithub.com/kyverno/kyverno/issues/7926)) (cherry-pick [#​8913](https://togithub.com/kyverno/kyverno/issues/8913)) by [@​gcp-cherry-pick-bot](https://togithub.com/gcp-cherry-pick-bot) in [https://github.com/kyverno/kyverno/pull/8931](https://togithub.com/kyverno/kyverno/pull/8931) - feat: add checks for max response size in API Call (cherry-pick [#​8957](https://togithub.com/kyverno/kyverno/issues/8957)) by [@​gcp-cherry-pick-bot](https://togithub.com/gcp-cherry-pick-bot) in [https://github.com/kyverno/kyverno/pull/8971](https://togithub.com/kyverno/kyverno/pull/8971) - fix: update KeysAreMissing() to ignore negations in resource (cherry-pick [#​8953](https://togithub.com/kyverno/kyverno/issues/8953)) by [@​gcp-cherry-pick-bot](https://togithub.com/gcp-cherry-pick-bot) in [https://github.com/kyverno/kyverno/pull/8982](https://togithub.com/kyverno/kyverno/pull/8982) - fix: block mutation only when failurePolicy is set to fail (cherry-pick [#​8952](https://togithub.com/kyverno/kyverno/issues/8952)) by [@​gcp-cherry-pick-bot](https://togithub.com/gcp-cherry-pick-bot) in [https://github.com/kyverno/kyverno/pull/8986](https://togithub.com/kyverno/kyverno/pull/8986) - fix: delete VAPs in case Kyverno policies can't be translated (cherry-pick [#​8887](https://togithub.com/kyverno/kyverno/issues/8887)) by [@​gcp-cherry-pick-bot](https://togithub.com/gcp-cherry-pick-bot) in [https://github.com/kyverno/kyverno/pull/9019](https://togithub.com/kyverno/kyverno/pull/9019) - fix: use v2beta1 version of exceptions in kyverno create CLI (cherry-pick [#​8908](https://togithub.com/kyverno/kyverno/issues/8908)) by [@​MariamFahmy98](https://togithub.com/MariamFahmy98) in [https://github.com/kyverno/kyverno/pull/9020](https://togithub.com/kyverno/kyverno/pull/9020) - fix: remove the additional dash in kyverno create exception (cherry-pick [#​8983](https://togithub.com/kyverno/kyverno/issues/8983)) by [@​MariamFahmy98](https://togithub.com/MariamFahmy98) in [https://github.com/kyverno/kyverno/pull/9021](https://togithub.com/kyverno/kyverno/pull/9021) - fix: use the default namespace in case --namespace isn't set in kyverno create exception (cherry-pick [#​9014](https://togithub.com/kyverno/kyverno/issues/9014)) by [@​MariamFahmy98](https://togithub.com/MariamFahmy98) in [https://github.com/kyverno/kyverno/pull/9022](https://togithub.com/kyverno/kyverno/pull/9022) - Remove var check (cherry-pick [#​8990](https://togithub.com/kyverno/kyverno/issues/8990)) by [@​gcp-cherry-pick-bot](https://togithub.com/gcp-cherry-pick-bot) in [https://github.com/kyverno/kyverno/pull/9024](https://togithub.com/kyverno/kyverno/pull/9024) - fix: use validate.message in case there is no message associated with the CEL expression (cherry-pick [#​8883](https://togithub.com/kyverno/kyverno/issues/8883)) by [@​MariamFahmy98](https://togithub.com/MariamFahmy98) in [https://github.com/kyverno/kyverno/pull/9025](https://togithub.com/kyverno/kyverno/pull/9025) - fix: cleanup older policy reports (cherry-pick [#​9026](https://togithub.com/kyverno/kyverno/issues/9026)) by [@​gcp-cherry-pick-bot](https://togithub.com/gcp-cherry-pick-bot) in [https://github.com/kyverno/kyverno/pull/9035](https://togithub.com/kyverno/kyverno/pull/9035) - Release 1.11.1 by [@​realshuting](https://togithub.com/realshuting) in [https://github.com/kyverno/kyverno/pull/9039](https://togithub.com/kyverno/kyverno/pull/9039) **Full Changelog**: kyverno/kyverno@v1.11.0...v1.11.1 ### [`v1.11.0`](https://togithub.com/kyverno/kyverno/blob/HEAD/CHANGELOG.md#v1110) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.10.7...v1.11.0) ### [`v1.10.7`](https://togithub.com/kyverno/kyverno/releases/tag/v1.10.7) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.10.6...v1.10.7) #### What's Changed - chore: fix high vulnerabilities, in release 1.10 by [@​vishal-chdhry](https://togithub.com/vishal-chdhry) in [https://github.com/kyverno/kyverno/pull/9226](https://togithub.com/kyverno/kyverno/pull/9226) - CVE-2023-30551 in `github.com/sigstore/rekor` - CVE-2023-45142 in `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` - GHSA-m425-mq94-257g in `google.golang.org/grpc` - release 1.10.7 by [@​realshuting](https://togithub.com/realshuting) in [https://github.com/kyverno/kyverno/pull/9231](https://togithub.com/kyverno/kyverno/pull/9231) **Full Changelog**: kyverno/kyverno@v1.10.6...v1.10.7 ### [`v1.10.6`](https://togithub.com/kyverno/kyverno/releases/tag/v1.10.6) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.10.5...v1.10.6) #### What's Changed - feat: add checks for max response size in API Call (release 1.10.6) by [@​vishal-chdhry](https://togithub.com/vishal-chdhry) in [https://github.com/kyverno/kyverno/pull/8981](https://togithub.com/kyverno/kyverno/pull/8981) - fix(test): random results when namespace is not specified \[v1.9-v1.10] by [@​aslafy-z](https://togithub.com/aslafy-z) in [https://github.com/kyverno/kyverno/pull/8989](https://togithub.com/kyverno/kyverno/pull/8989) - Release 1.10.6 by [@​realshuting](https://togithub.com/realshuting) in [https://github.com/kyverno/kyverno/pull/9030](https://togithub.com/kyverno/kyverno/pull/9030) **Full Changelog**: kyverno/kyverno@v1.10.5...v1.10.6 ### [`v1.10.5`](https://togithub.com/kyverno/kyverno/releases/tag/v1.10.5) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.10.4...v1.10.5) #### What's Changed - feat: add GHSA-vfp6-jrw2-99g9 fixes in cosign v1.13.1 by [@​vishal-chdhry](https://togithub.com/vishal-chdhry) in [https://github.com/kyverno/kyverno/pull/8870](https://togithub.com/kyverno/kyverno/pull/8870) - Release 1.10.5 by [@​realshuting](https://togithub.com/realshuting) in [https://github.com/kyverno/kyverno/pull/8881](https://togithub.com/kyverno/kyverno/pull/8881) **Full Changelog**: kyverno/kyverno@v1.10.4...v1.10.5 ### [`v1.10.4`](https://togithub.com/kyverno/kyverno/releases/tag/v1.10.4) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.10.3...v1.10.4) #### What's Changed - fix: backport CVE fixes by [@​realshuting](https://togithub.com/realshuting) in [https://github.com/kyverno/kyverno/pull/8798](https://togithub.com/kyverno/kyverno/pull/8798) - Release 1.10.4 by [@​realshuting](https://togithub.com/realshuting) in [https://github.com/kyverno/kyverno/pull/8799](https://togithub.com/kyverno/kyverno/pull/8799) - chore(deps): bump helm/chart-testing-action from 2.4.0 to 2.6.0 ([#​8809](https://togithub.com/kyverno/kyverno/issues/8809)) by [@​realshuting](https://togithub.com/realshuting) in [https://github.com/kyverno/kyverno/pull/8811](https://togithub.com/kyverno/kyverno/pull/8811) - fix: upgrade cosign installer version in release 1.10 and use cosign 1.13.1 by [@​vishal-chdhry](https://togithub.com/vishal-chdhry) in [https://github.com/kyverno/kyverno/pull/8813](https://togithub.com/kyverno/kyverno/pull/8813) **Full Changelog**: kyverno/kyverno@v1.10.3...v1.10.4 ### [`v1.10.3`](https://togithub.com/kyverno/kyverno/releases/tag/v1.10.3) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.10.2...v1.10.3) #### 🐛 Fixed 🐛 Fixed an issue where the error is not returned when the deferred loader is disabled. ([https://github.com/kyverno/kyverno/pull/7982](https://togithub.com/kyverno/kyverno/pull/7982)) ### [`v1.10.2`](https://togithub.com/kyverno/kyverno/releases/tag/v1.10.2) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.10.1...v1.10.2) #### ✨ Added ✨ - Added a new `--policyReports` flag to control if the Policy Reports system is enabled or not. When set to a value of `false`, only standard Events and log messages will contain policy violations both in admission mode as well as background scans. - Booleans can now be properly compared in conditional operators without needing to be converted to string. ([#​7847](https://togithub.com/kyverno/kyverno/issues/7847)) - Added log messages for API call failures. ([#​7834](https://togithub.com/kyverno/kyverno/issues/7834)) - Events will now be created upon successful resource generation. ([#​7550](https://togithub.com/kyverno/kyverno/issues/7550)) ##### Helm - Added an additional check to the ServiceMonitor template to ensure that the cluster supports the `monitoring.coreos.com/v1` API version and if not, it will silently not create the ServiceMonitor instead of failing deployment of the chart. ([#​7926](https://togithub.com/kyverno/kyverno/issues/7926)) - Added chart configurations for cleanup and webhooks. ([#​7871](https://togithub.com/kyverno/kyverno/issues/7871)) - Add nodeSelector and labels to the cleanup CronJobs. ([#​7851](https://togithub.com/kyverno/kyverno/issues/7851), [#​7808](https://togithub.com/kyverno/kyverno/issues/7808)) ####⚠️ Changed⚠️ - (kyverno-policies chart) Added a precondition to skip DELETE operations on a couple policies to make them all consistent. ([#​7883](https://togithub.com/kyverno/kyverno/issues/7883)) - Schema validation for policies matching on CRDs will be skipped. ([#​7869](https://togithub.com/kyverno/kyverno/issues/7869)) - Performed better validation of policies which use the `cloneList` declaration in generate rules. ([#​7823](https://togithub.com/kyverno/kyverno/issues/7823)) - Removed an extra Event created by Kyverno in some verifyImages rules. ([#​7810](https://togithub.com/kyverno/kyverno/issues/7810)) - The Event created upon resource mutation has been updated to make more sense. ([#​7550](https://togithub.com/kyverno/kyverno/issues/7550)) #### 🐛 Fixed 🐛 - Fixed an issue where higher log levels weren't being printed in the logs. ([#​7877](https://togithub.com/kyverno/kyverno/issues/7877)) - Fixed an issue with an entry in a nil map when validating a policy. ([#​7874](https://togithub.com/kyverno/kyverno/issues/7874)) - Fixed a type confusion problem. ([#​7857](https://togithub.com/kyverno/kyverno/issues/7857)) - Fixed an issue with namespaceSelector and matching on Namespaces. ([#​7837](https://togithub.com/kyverno/kyverno/issues/7837)) - Fixed an issue where category and severity annotations weren't being returned in policy reports from CLI tests. ([#​7828](https://togithub.com/kyverno/kyverno/issues/7828)) - Fixed an issue where some verifyImages rules may have broken in `Audit` mode. ([#​7806](https://togithub.com/kyverno/kyverno/issues/7806)) - Fixed an issue in target scope validations for generate rules. ([#​7800](https://togithub.com/kyverno/kyverno/issues/7800)) - Fixed an issue with aggregated admission reports having stale results. ([#​7798](https://togithub.com/kyverno/kyverno/issues/7798)) - Fixed an issue preventing a rollback when a verifyImages rule was in place. ([#​7752](https://togithub.com/kyverno/kyverno/issues/7752)) - Removed some obsolete structs from the CLI. ([#​6802](https://togithub.com/kyverno/kyverno/issues/6802)) ##### Helm - Fixed a minor chart templating issue in RBAC. ([#​7774](https://togithub.com/kyverno/kyverno/issues/7774)) <details> <summary>Click to expand all PRs</summary> [#​7926](https://togithub.com/kyverno/kyverno/issues/7926) fix(chart): only create ServiceMonitor if cluster supports it [#​7888](https://togithub.com/kyverno/kyverno/issues/7888) add flag for policy reports [#​7883](https://togithub.com/kyverno/kyverno/issues/7883) fix(policy chart): Skip DELETE requests on policies using deny statements [#​7877](https://togithub.com/kyverno/kyverno/issues/7877) fix log level in `logging` package [#​7874](https://togithub.com/kyverno/kyverno/issues/7874) policy validation: fix assignment to entry in nil map [#​7871](https://togithub.com/kyverno/kyverno/issues/7871) feat(chart) Add configurations for cleanup jobs and webhooks [#​7869](https://togithub.com/kyverno/kyverno/issues/7869) feat: skip schema validation for CRD [#​7858](https://togithub.com/kyverno/kyverno/issues/7858) fix: add tekton/pipeline to nancy ignore list [#​7857](https://togithub.com/kyverno/kyverno/issues/7857) fix type confusion in policy validation [#​7851](https://togithub.com/kyverno/kyverno/issues/7851) Add nodeSelector for cleanupJob CronJob resources [#​7847](https://togithub.com/kyverno/kyverno/issues/7847) feat: enable operator boolean comparison [#​7837](https://togithub.com/kyverno/kyverno/issues/7837) fix: namespace label matching for Namespace [#​7834](https://togithub.com/kyverno/kyverno/issues/7834) Added log message for API call failures [#​7828](https://togithub.com/kyverno/kyverno/issues/7828) bug: add severity and category in cluster policy report [#​7823](https://togithub.com/kyverno/kyverno/issues/7823) Feat: cloneList rule validation [#​7810](https://togithub.com/kyverno/kyverno/issues/7810) fix: skip creating event for an empty resource name [#​7808](https://togithub.com/kyverno/kyverno/issues/7808) feat: allow pod labels for cleanup jobs [#​7806](https://togithub.com/kyverno/kyverno/issues/7806) refactor: remove manual keychain refresh from client [#​7800](https://togithub.com/kyverno/kyverno/issues/7800) fix: target scope validation for the generate rule [#​7798](https://togithub.com/kyverno/kyverno/issues/7798) fix: aggregated admission report not updated correctly [#​7774](https://togithub.com/kyverno/kyverno/issues/7774) chart: fix admission controller rbac templating [#​7752](https://togithub.com/kyverno/kyverno/issues/7752) Modified annotation matching during rollback [#​7550](https://togithub.com/kyverno/kyverno/issues/7550) feat: add events for successful generation [#​6802](https://togithub.com/kyverno/kyverno/issues/6802) refactor: remove obsolete structs from CLI </details> ### [`v1.10.1`](https://togithub.com/kyverno/kyverno/releases/tag/v1.10.1) [Compare Source](https://togithub.com/kyverno/kyverno/compare/v1.10.0...v1.10.1) This patch release of 1.10 unblocks users of generate rules using [clone-type](https://kyverno.io/docs/writing-policies/generate/#clone-source) declarations as mentioned in the [1.10 migration guide](https://togithub.com/kyverno/kyverno/blob/release-1.10/charts/kyverno/README.md#migrating-from-v2-to-v3). Please see the complete [1.10.0 release notes](https://togithub.com/kyverno/kyverno/releases/tag/v1.10.0) if you are installing/upgrading to 1.10.1 without progressing through 1.10.0. Please also see the security advisory [here](https://togithub.com/kyverno/kyverno/security/advisories/GHSA-rw9c-qq4h-c24p) acknowledging detected vulnerabilities in the 1.10 release to which Kyverno is NOT susceptible. #### ✨ Added ✨ - Added the ability to assign custom labels to policy reports ([#​7416](https://togithub.com/kyverno/kyverno/issues/7416)) - All release artifacts are now signed ([#​7478](https://togithub.com/kyverno/kyverno/issues/7478), [#​7711](https://togithub.com/kyverno/kyverno/issues/7711)) - Added a new environment variable, settable on the background controller, called `BACKGROUND_SCAN_INTERVAL` which can override the background scan interval from its default of one hour ([#​7504](https://togithub.com/kyverno/kyverno/issues/7504)) - Added a new container flag called `--enableDeferredLoading` (`true` by default) which allows disabling of the new deferred/lazy context variable loading system introduced in 1.10.0 ([#​7694](https://togithub.com/kyverno/kyverno/issues/7694), [#​7691](https://togithub.com/kyverno/kyverno/issues/7691)) ##### Helm - Added the ability to configure tolerations, resources, and Pod annotations for the admission report cleanup jobs ([#​7331](https://togithub.com/kyverno/kyverno/issues/7331), [#​7337](https://togithub.com/kyverno/kyverno/issues/7337), [#​7366](https://togithub.com/kyverno/kyverno/issues/7366)) - Added missing `delete` verb to the admission reports cleanup job ClusterRole ([#​7375](https://togithub.com/kyverno/kyverno/issues/7375)) - Added the ability to set verbs for the `additionalresources` ClusterRole used by the background controller to address the inability to generate Roles and ClusterRoles ([#​7380](https://togithub.com/kyverno/kyverno/issues/7380)) - Removal of the Helm chart will now properly remove all Kyverno webhooks ([#​7633](https://togithub.com/kyverno/kyverno/issues/7633)) - Added ability to select cluster on the Grafana dashboard ([#​7659](https://togithub.com/kyverno/kyverno/issues/7659)) - Add `relabelings` and `metricRelabelings` config to all ServiceMonitors ([#​7659](https://togithub.com/kyverno/kyverno/issues/7659)) - Make ConfigMap labels for the Grafana dashboard ConfigMap configurable ([#​7659](https://togithub.com/kyverno/kyverno/issues/7659)) - Added ability to use imagePullSecrets for the admission reports cleanup CronJobs ([#​7730](https://togithub.com/kyverno/kyverno/issues/7730)) ####⚠️ Changed⚠️ - The new `order` field available under `foreach` loops will now be respected when the mutation method is `patchStrategicMerge` ([#​7336](https://togithub.com/kyverno/kyverno/issues/7336)) - Changed the message returned from a failed permissions check so it's more general in nature ([#​7362](https://togithub.com/kyverno/kyverno/issues/7362)) - Removed the redundant loop protection introduced in 1.10.0 making it possible to match on the same resource kind as Kyverno should generate ([#​7388](https://togithub.com/kyverno/kyverno/issues/7388)) - Performed some internal refactoring of the generate rule type ([#​7417](https://togithub.com/kyverno/kyverno/issues/7417)) - Make it so that setting `--webhookTimeout` affects all of Kyverno's webhooks and not just the resource webhooks ([#​7435](https://togithub.com/kyverno/kyverno/issues/7435)) - Made it so that the `name` field for a rule is required ([#​7464](https://togithub.com/kyverno/kyverno/issues/7464)) - Log kind, namespace, and name in processed resources ([#​7498](https://togithub.com/kyverno/kyverno/issues/7498)) - Refactored some reconciliation logic for generate rules ([#​7531](https://togithub.com/kyverno/kyverno/issues/7531)) - Mutation failures, when occurring within a `foreach` loop, will show the cause ([#​7563](https://togithub.com/kyverno/kyverno/issues/7563)) - Bumped notation-go from 1.0.0-rc.3 to 1.0.0-rc.6 ([#​7666](https://togithub.com/kyverno/kyverno/issues/7666)) - Misc. refactors related to the changes/fixes in deferred/lazy loading ([#​7675](https://togithub.com/kyverno/kyverno/issues/7675), [#​7678](https://togithub.com/kyverno/kyverno/issues/7678), [#​7690](https://togithub.com/kyverno/kyverno/issues/7690)) #### 🐛 Fixed 🐛 - Fixed a panic when a user installs a policy with an invalid schema ([#​6526](https://togithub.com/kyverno/kyverno/issues/6526)) - Fixed an issue where the `default` field in a `variable`-type context variable was not being used when the result was `nil` ([#​7251](https://togithub.com/kyverno/kyverno/issues/7251)) - Fixed a panic in the reports controller when it encounters an invalid image ([#​7332](https://togithub.com/kyverno/kyverno/issues/7332)) - Fixed an issue when `--protectManagedResources` was enabled which prevented generation of bindings ([#​7363](https://togithub.com/kyverno/kyverno/issues/7363)) - Fixed a panic when environment variables weren't passed ([#​7383](https://togithub.com/kyverno/kyverno/issues/7383)) - Fixed an inability to use the `target.*` variable in a mutate existing rule ([#​7387](https://togithub.com/kyverno/kyverno/issues/7387)) - Fixed a sync issue if an array element was removed from a clone source ([#​7417](https://togithub.com/kyverno/kyverno/issues/7417)) - Fixed an issue preventing background reports from being created if an empty response is received for a given API group ([#​7428](https://togithub.com/kyverno/kyverno/issues/7428)) - Fixed an issue where Policy Exceptions weren't being considered for deletes ([#​7433](https://togithub.com/kyverno/kyverno/issues/7433)) - Fixed an issue preventing one clone source from being used in multiple rules or for multiple targets ([#​7436](https://togithub.com/kyverno/kyverno/issues/7436)) - Fixed an issue with generate rules failing when the trigger resource kind used a forward slash ([#​7436](https://togithub.com/kyverno/kyverno/issues/7436)) - Fixed a generate issue in which removal of a single trigger would remove generated resources it shouldn't have ([#​7579](https://togithub.com/kyverno/kyverno/issues/7579)) - Fixed an issue with how Kyverno reports a failure when it cannot fetch a CRD ([#​7439](https://togithub.com/kyverno/kyverno/issues/7439)) - Fixed an issue with auto-gen not generating the correct matching kinds when overridden with the annotation ([#​7455](https://togithub.com/kyverno/kyverno/issues/7455)) - Fixed another issue with auto-gen in which CronJob translated rules weren't translating variables correctly ([#​7571](https://togithub.com/kyverno/kyverno/issues/7571)) - Fixed an issue with a generate rule using a cloneList declaration so that syncs are observed properly ([#​7466](https://togithub.com/kyverno/kyverno/issues/7466)) - Fixed a panic when the background controller substitutes a variable with `nil` ([#​7473](https://togithub.com/kyverno/kyverno/issues/7473)) - Fixed the scope validation check for a generate rule so it detects the correct resource kind ([#​7479](https://togithub.com/kyverno/kyverno/issues/7479)) - Fixed an issue preventing generated resources from being removed when preconditions no longer matched ([#​7496](https://togithub.com/kyverno/kyverno/issues/7496)) - Fixed a slightly misleading error message in deny conditions ([#​7503](https://togithub.com/kyverno/kyverno/issues/7503)) - Fixed it (finally) so that no informational logs are produced when logging is set to `0` ([#​7515](https://togithub.com/kyverno/kyverno/issues/7515)) - Fixed removal of ownerReferences when generating via clone a resource across Namespaces ([#​7517](https://togithub.com/kyverno/kyverno/issues/7517)) - Fixed residual issues from 1.10.0 for lazy/deferred loading of context variables ([#​7552](https://togithub.com/kyverno/kyverno/issues/7552), [#​7597](https://togithub.com/kyverno/kyverno/issues/7597)) - Fixed an issue performing image verification in background mode ([#​7564](https://togithub.com/kyverno/kyverno/issues/7564)) - Make configuring max procs not exit in case of error ([#​7588](https://togithub.com/kyverno/kyverno/issues/7588)) - Fixed some typos in the descriptions of flags applicable to the reports controller ([#​7617](https://togithub.com/kyverno/kyverno/issues/7617)) - Fixed a permissions check when installing a generate policy due to incorrect API group matching ([#​7628](https://togithub.com/kyverno/kyverno/issues/7628)) - Fixed an issue where the service name in a tracer configuration could not be customized ([#​7644](https://togithub.com/kyverno/kyverno/issues/7644)) - Fixed an issue with an image verification rule which would cause updating a Deployment with more than one container to fail ([#​7692](https://togithub.com/kyverno/kyverno/issues/7692)) - Fixed a minor issue in an error message ([#​7688](https://togithub.com/kyverno/kyverno/issues/7688)) - Fixed an issue with locking the schema manager which could result in CRDs not being found ([#​7704](https://togithub.com/kyverno/kyverno/issues/7704)) ##### Helm - Fixed missing environment variables in the admission controller ([#​7383](https://togithub.com/kyverno/kyverno/issues/7383)) - Fixed missing `extraEnvVars` on all controllers ([#​7403](https://togithub.com/kyverno/kyverno/issues/7403)) - Fixed an issue templating the new reports cleanup job image ([#​7430](https://togithub.com/kyverno/kyverno/issues/7430)) - Fixed a typo when enabling anti-affinity ([#​7440](https://togithub.com/kyverno/kyverno/issues/7440)) - Fixed missing imagePullSecrets ([#​7474](https://togithub.com/kyverno/kyverno/issues/7474)) - Fixed missing `delete` verb for Secrets in the admission controller and cleanup controller ([#​7527](https://togithub.com/kyverno/kyverno/issues/7527), [#​7679](https://togithub.com/kyverno/kyverno/issues/7679)) <details> <summary>Click to expand all PRs</summary> 7730 feat: Add option to add imagePullSecrets to cleanup CronJobs 7712 fix: remove show goreleaser version step 7711 fix: release signing 7704 fix: lock schema manager when updating it 7694 Fix deferred loading (cherry-pick [#​7597](https://togithub.com/kyverno/kyverno/issues/7597)) 7692 fix: image verification (cherry-pick [#​7652](https://togithub.com/kyverno/kyverno/issues/7652)) 7691 feat: add lazy loading feature flag (cherry-pick [#​7680](https://togithub.com/kyverno/kyverno/issues/7680)) 7690 refactor: migrate context loaders (part 2) from [#​7597](https://togithub.com/kyverno/kyverno/issues/7597) (cherry-pick [#​7677](https://togithub.com/kyverno/kyverno/issues/7677)) 7688 fix: Swap any/all in the error message. 7680 feat: add lazy loading feature flag 7679 fix: cleanup controller rbac (cherry-pick [#​7669](https://togithub.com/kyverno/kyverno/issues/7669)) 7678 refactor: migrate context loaders (part 1) from [#​7597](https://togithub.com/kyverno/kyverno/issues/7597) (cherry-pick [#​7676](https://togithub.com/kyverno/kyverno/issues/7676)) 7677 refactor: migrate context loaders (part 2) from [#​7597](https://togithub.com/kyverno/kyverno/issues/7597) 7676 refactor: migrate context loaders (part 1) from [#​7597](https://togithub.com/kyverno/kyverno/issues/7597) 7675 refactor: add specific loaders from [#​7597](https://togithub.com/kyverno/kyverno/issues/7597) (cherry-pick [#​7671](https://togithub.com/kyverno/kyverno/issues/7671)) 7671 refactor: add specific loaders from [#​7597](https://togithub.com/kyverno/kyverno/issues/7597) 7669 fix: cleanup controller rbac 7666 \[Chore] bump notation-go from 1.0.0-rc.3 -> 1.0.0-rc.6 7659 feat: add cluster select and relabling config for ServiceMonitors 7652 fix: image verification with 2+ containers 7644 fix: customizable tracer configuration 7633 feat: enable Helm webhook cleanup hook by default 7628 fix: auth checks with the APIVersion and the subresource 7617 fix: update the flag descriptions of the reports-controller 7597 Fix deferred loading 7596 fix: CLI tests 7590 Add nancy-ignore to make it pass with current dependencies 7589 chore: reduce sleep duration for generate kuttl tests 7588 fix: make configuring max procs not exit in case of error 7579 fix: deletion mismatch for the generate policy 7571 fix: autogen not working correctly with cronjob conditions 7564 fix: background image verification not working 7563 Fix: Mutate: Foreach: Error cause is missing 7552 fix: recursive lazy loading 7531 refactor: generate reconciliation on policy updates 7527 fix: update kyverno admission-controller role to have delete verb for… 7517 fix: Remove ownerReferences when cloning across Namespaces 7515 fix: log level initialisation 7504 feat: add debug env BACKGROUND_SCAN_INTERVAL 7503 fix: misleading error message in deny conditions 7498 fix: log kind/namespace/name in scan errors 7496 fix: Delete downstream objects on precondition fail 7479 fix: target scope validation for the generate rule 7478 feat: sign released artifacts 7474 fix: image pull secrets in admission controller 7473 fix: background controller panics during variables substitution 7466 fix: cloneList sync behavior 7464 fix: rule name not required in the crd schema 7460 fix: flaky generate test 7455 fix: autogen not generating the correct kind 7440 fixed typo in admission controller chart template 7439 fix: error reported when sanity check fails 7436 fix: the same source cannot be used for multiple targets with a generate clone rule 7435 fix: add missing webhook timeouts 7433 fix: exceptions not considered on delete 7430 fix: helm template for cleanup jobs image 7428 fix: reports discovery error 7417 fix: array element removal should be synced to the downstream resource with a generate data sync rule 7416 feat: hold custom labels 7403 fix: missing extraEnvVars in helm chart 7388 Remove policy validation prevent loop for generate 7387 fix mutate targets validation 7383 fix: missing/incorrect env variables 7380 Allow setting verbs for clusterrole extraresources on backgroundController 7375 Add missing delete verb to admission cleanup clusterrole 7366 feat(cronjobs): Enable podAnnotations on CronJobs 7363 fix: protect managed resource not considering other components 7362 fix: permission validation message 7338 fix: flaky kuttl test add-external-secret-prefix 7337 feat: cleanup jobs resources 7336 feat: obey the order field in patchStrategicMerge method 7332 fix: panic in background reports 7331 feat: cleanup job tolerations 7251 Fix: \[Bug] The default field in a context variable does not replace nil results 6526 fix: add type conversion error judgment to avoid program panic </details> </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Enabled. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Mend Renovate](https://www.mend.io/free-developer-tools/renovate/). View repository job log [here](https://developer.mend.io/github/allenporter/flux-local). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xMDMuMSIsInVwZGF0ZWRJblZlciI6IjM3LjEwMy4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiJ9--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Load data did not return an error