Releases: open-policy-agent/gatekeeper
Releases · open-policy-agent/gatekeeper
v3.6.0
This stable release includes bug fixes and new features.
Notable updates since last stable version
- ConstraintTemplate CRD moves to v1 🎉
- Reduce System.Mutate runtime by 87% 🔨
- Fix race conditions in watch manager and constraint controllers 🐎
- Remove non-specific webhook request metrics 📊
- Add prefix-based matching for namespaces and excludedNamespaces 🔡
- Add integer keyValue support to mutation path parser / mutators 🔢
- Helm enable to config controller manager & audit port 🎊
- Add helm hooks to upgrade CRDs 🆙
- Add metrics reporting for mutation 📈
Commits
- aad6c27: fix whitespace error in the debugging docs (#1465) (rob salmond) #1465
- 07e2fd0: Add metrics reporting for mutation (#1435) (Julian Katz) #1435
- f695654: Add frameworks apis to scheme (#1470) (Julian Katz) #1470
- 821db67: update with k8s v1.22.0 (#1477) (Sertaç Özercan) #1477
- 5975122: Add label to bats http.send test for idempotence (#1473) (Ivan Font) #1473
- 407611a: Deduplicate mutator controller logic (#1474) (Max Smythe) #1474
- 6a8ff89: Make Context usage consistent (#1457) (Will Beason) #1457
- aa8ad45: Add helm hooks to upgrade CRDs (#1485) (Rita Zhang) #1485
- c70dfd0: Unify Gatekeeper and controller-runtime metrics into a single endpoint (#1482) (Oren Shomron) #1482
- e00262b: Refactor core.Reconciler (#1489) (Will Beason) #1489
- a1b50a0: Update the upper limit of request duration metrics to 3 seconds (#1504) (Tsubasa Umeuchi) #1504
- 0238780: Dynamically change the API version of the PDB in Helm Chart (#1502) (Yuki Iwai) #1502
- 1901725: Helm enable to config controller manager & audit port (#1438) (Edvin N) #1438
- c3e9cd4: V1 constrainttemplate docs (#1492) (Julian Katz) #1492
- dd97b8a: run gator test (#1463) (Will Beason) #1463
- 93ad7e4: Refactor mutator Matches() to make extension easy (#1494) (Julian Katz) #1494
- mutation process to allProcesses list (#1516) #1516 (Spencer McCreary)
- 94ced7f: Update supported k8s versions (#1517) (Rita Zhang) #1517
- 9503ef2: Prepare v3.6.0 release (#1518) (Sertaç Özercan) #1518
v3.5.2
v3.6.0-beta.3
Commits
- 5e82e5b: Update documentation for 3.5 (#1399) (Rafe Hart) #1399
- 60c9781: Add PreserveUnknownFields: false to CRDs (#1356) (Julian Katz) #1356
- c43fb49: Create gator root command (#1403) (Will Beason) #1403
- 12d70ca: set exempt-namespaces to gatekeeper-controller-manager from values YAML (#1408) (Batuhan Apaydın) #1408
- 05f559e: Add integer keyValue support to mutation path parser / mutators (#1394) (Oren Shomron) #1394
- deba961: Read test files (#1412) (Will Beason) #1412
- d9495ad: Include v1 ConstraintTemplate from frameworks (#1416) (Julian Katz) #1416
- b791188: allow helm chart to override failurePolicy (#1417) (Heba Elayoty) #1417
- 5776a6b: Add prefix-based matching for namespaces and excludedNamespaces (#1404) (Julian Katz) #1404
- 786e2db: Remove non-specific webhook request metrics (#1428) (Julian Katz) #1428
- a6e24e7: Preserve conflicting schemas and report conflicts (#1364) (Will Beason) #1364
- a88df07: Update GK minimum version and reasoning. (#1432) (Will Beason) #1432
- 86b495b: [gk-test] parse Templates + Constraints in Suites (#1419) (Will Beason) #1419
- 643adf7: auto format linters (#1433) (Will Beason) #1433
- b018250: Force type assertions (#1436) (Will Beason) #1436
- bc22879: make resourcequota and priorityClassName's optional (#1425) (Batuhan Apaydın) #1425
- 9e76b3d: Use containerized kustomize (#1395) (Will Beason) #1395
- 4c6fae2: Benchmark AssignMutator.Mutate code (#1437) (Will Beason) #1437
- 152e102: Make dependabot-recommended changes (#1440) (Will Beason) #1440
- 938edcd: [mutation] Cache tester in AssignMetadata like we do in Assign mutators (#1442) (Will Beason) #1442
- 0ba8bc9: benchmark AssignMetadata.Mutate (#1441) (Will Beason) #1441
- c990a70: Remove erroneous print statement (#1452) (Will Beason) #1452
- 55a042e: Refactor run code into Runner (#1445) (Will Beason) #1445
- 812b7c6: deepcopy cached value instead of unmarshalling json (#1439) (Will Beason) #1439
- 6a9d3e4: Fix race conditions in watch manager and constraint controllers (#1427) (Max Smythe) #1427
- e8877be: Bump codecov/codecov-action from 1.5.2 to 2.0.1 (#1456) (dependabot[bot]) #1456
- b7a8674: Bump actions/setup-node from 2.2.0 to 2.3.0 (#1459) (dependabot[bot]) #1459
- ff826b2: Reduce System.Mutate runtime by 87% (#1454) (Will Beason) #1454
- 9ca7917: Bump codecov/codecov-action from 2.0.1 to 2.0.2 (#1462) (dependabot[bot]) #1462
- b6d1d60: [gk-test] Run case (#1446) (Will Beason) #1446
- 2b9a234: [gk-test] Add json annotations to Suites (#1447) (Will Beason) #1447
- c961ac6: Prepare v3.6.0-beta.3 release (#1460) (Sertaç Özercan) #1460
v3.6.0-beta.2
v3.5.1
This stable release includes bug fixes.
Notable updates
- If you are using Helm to upgrade your Gatekeeper deployments and have mutation enabled, make sure to install
MutatorPodStatusCRD as Helm does not install new CRDs with an upgrade.
Commits
v3.6.0-beta.1
Commits
- b1ebeb5: Bump marvinpinto/action-automatic-releases from 1.1.1 to 1.2.1 (#1345) (dependabot[bot]) #1345
- a1dba5d: Upgrade dependencies (#1335) (Will Beason) #1335
- 1eca2c6: Add unit tests for pkg/util (#1343) (Will Beason) #1343
- a91c770: [mutation] validate parent and children Conditions (#1317) (Will Beason) #1317
- bf94eb3: Add gocritic linter (#1344) (Will Beason) #1344
- d66fc95: Add default configs to mutatingwebhookconfig (#1360) (Rita Zhang) #1360
- 3cd226f: Use MaxInt32 instead of MaxInt64 (#1362) (Will Beason) #1362
- 46e026a: Bump codecov/codecov-action from 1.5.0 to 1.5.2 (#1351) (dependabot[bot]) #1351
- 471196d: Add template e2e testing design doc (#1350) (Max Smythe) #1350
- b3c706a: update mutation deploy yaml to v3.5.0-rc.1 (#1342) (Sertaç Özercan) #1342
- e4e7cec: Define gatekeeper-test CLI, import cobra (#1370) (Will Beason) #1370
- 2ff8169: Prepare v3.6.0-beta.1 release (#1377) (Sertaç Özercan) #1377
v3.5.0
This stable release includes bug fixes and new features.
Notable updates
- Compatibility with Kubernetes v1.22 and later.
Changes since v3.5.0-rc.1
- [71430c3]: Cherry pick of #1317 and #1362: validate parent and children Conditions (#1374) (Sertaç Özercan) #1374
- [45757c7]: Cherry pick of #1360: Add default configs to mutatingwebhookconfig (#1372) (Sertaç Özercan) #1372
- [c6bd27f]: Cherry pick of #1342: update mutation deploy to v3.5.0-rc.1 (#1373) (Sertaç Özercan) #1373
- [fc22afa]: Prepare v3.5.0 release (#1376) (Sertaç Özercan) #1376
v3.4.1
Commits
- [86e07b4]: Fix gatekeeper mutation image tag (#1275) (Mathieu Parent) #1275
- [96e8f1f]: fix curl image in release 3.4 branch (#1338) (Sertaç Özercan) #1338
- [7a50c3b]: Cherry pick of #1240: Do not allow status objects from other pods to trigger constraint reconciles (#1371) (Sertaç Özercan) #1371
- [b541d06]: Prepare v3.4.1 release (#1378) (Sertaç Özercan) #1378
v3.5.0-rc.1
Bug Fixes
Commits
- [ed9fd9b]: Update experimental manifest with v3.4.0 image (#1239) (Sertaç Özercan) #1239
- [e93018d]: Add more info about failing closed (#1231) (Max Smythe) #1231
- [4b4ae44]: Added missing option 'audit-match-kind-only' to helm (#1245) (Eike Wichern) #1245
- [d200811]: fix tiny typo (#1243) (Gallardot) #1243
- [183f40a]: Remove deprecated kubectl generators from e2e (#1248) (Max Smythe) #1248
- [4cbf8bd]: Simplified Helm CRD's cleanup procedure (#1246) (Goran) #1246
- [65c3f85]: Add mutation transience doc (#1237) (Max Smythe) #1237
- [2ea6388]: Resolve merge conflicts (#1242) (Njegos Railic) #1242
- [7051529]: Do not allow status objects from other pods to trigger constraint reconciles (#1240) (Max Smythe) #1240
- [98c6fa6]: set klog global logger (#1256) (Sertaç Özercan) #1256
- [05a8180]: remove duplicate isValidMetadataPath in assignMetadata (#1255) (Sertaç Özercan) #1255
- [ecd1148]: document warn enforcement action (#1259) (Sertaç Özercan) #1259
- [b468cf2]: fixing docs for website/docs/mutation.md (#1267) (Reeta Singh) #1267
- [afc9fe2]: Update Constraint Framework. (#1269) (Brian Kennedy) #1269
- [d883817]: Provide the flag for disable unsafe builtins (#1191) (Becky HD) #1191
- [a974d70]: Add priority class name (#1266) (Chris Stanaway) #1266
- [64edbe3]: Add v1 CRD deprecation doc (Julian Katz)
- [e493e19]: Revert "Add v1 CRD deprecation doc" (#1276) (Max Smythe) #1276
- [3e70bea]: Add v1beta1 CRD deprecation doc (#1277) (Julian Katz) #1277
- [aa20de6]: add test matrix for k8s versions (#1268) (Sertaç Özercan) #1268
- [f6d0fc9]: Rebase controller-runtime/pkg/cache fork over v0.8.2 (#1284) (Oren Shomron) #1284
- [20a0e1a]: Add by pod status for mutators (#1260) (Max Smythe) #1260
- [0fccf8b]: Update to admissionregistration.k8s.io/v1 (#1250) (Sertaç Özercan) #1250
- [dc33b0a]: revert #1250 on charts (#1290) (Sertaç Özercan) #1290
- [64ad499]: Bump peaceiris/actions-gh-pages from 3 to 3.8.0 (#1304) (dependabot[bot]) #1304
- [3c1a847]: Bump actions/cache from 2 to 2.1.5 (#1302) (dependabot[bot]) #1302
- [1c05297]: Bump actions/setup-node from 2.1.2 to 2.1.5 (#1300) (dependabot[bot]) #1300
- [19a8b48]: Bump codecov/codecov-action from 1 to 1.5.0 (#1301) (dependabot[bot]) #1301
- [ac7f0f6]: Bump @docusaurus/core from 2.0.0-alpha.71 to 2.0.0-beta.0 in /website (#1307) (dependabot[bot]) #1307
- [404988d]: Bump @docusaurus/preset-classic from 2.0.0-alpha.71 to 2.0.0-beta.0 in /website (#1308) (dependabot[bot]) #1308
- [2bb6244]: Resolve rangeValCopy lint suggestions (#1292) (Will Beason) #1292
- [876ba46]: Fix mutation docs errors (#1288) (Shaw Ho) #1288
- [9aff3e3]: Add ResourceQuota for pod PriorityClass to deployment (#1282) (James Alseth) #1282
- [88df46b]: Update linked release version to 3.4 (#1312) (Gareth Western) #1312
- [92bf487]: Add structural information to Constraint Kind CRDs (#1249) (Julian Katz) #1249
- [a2a42df]: Upgrade v1beta1 CRD yamls to v1 (#1286) (Julian Katz) #1286
- [e09498c]: Use "revive" instead of "golint" linter (#1316) (Will Beason) #1316
- [edb29d0]: fix curl image used for e2e (#1321) (Rita Zhang) #1321
- [e6ea240]: add k8s v1.21 to test matrix (#1314) (Sertaç Özercan) #1314
- [0b1d89d]: Upgrade constrainttemplate_controller to apiextensionsv1 (#1320) (Julian Katz) #1320
- [[f6c2fe8](https://github.com/open-policy-agent/gatekeeper/commit/f6c2fe854a78...
v3.4.0
This stable release includes bug fixes and new features.
Notable updates
- Helm v2 chart has been removed starting with v3.4.0. Helm v3 chart is supported and available in the Helm repository.
- Mutation is available as an
alphafeature. You can deploy using experimental yaml or Helm chart usingexperimentalEnableMutationflag. request_countandrequest_duration_secondsvalidation metrics will be deprecated in a future release in favor ofvalidation_request_countandvalidation_request_duration_seconds. See #1010 for details.
Changes since v3.4.0-rc.1
Features 🌈
- deprecate Helm 2 (#1179) #1179 (Julian Dolce)
- [cd9de86]: Add invalid input feedback (#1196) (KeisukeYamashita) #1196
- [e1021ca]: feat(mutation/helm) - Add mutation to helm chart (#1220) (Rita Zhang) #1220
Bug Fixes 🐞
- [cca802c]: Fixes #1203 - log ucloop.uc in audit (#1210) (Rita Zhang) #1210
- [ff5fc7a]: [Helm] Remove duplicate affinity key (#1199) (Daniel Wegener) #1199
- [9eed155]: fix(helm) - Remove crd-install helm hook (#1230) (Rita Zhang) #1230
Maintenance and testing 🔧
- [ccc6ffc]: add dependabot for updating website and actions (#1218) (Sertaç Özercan) #1218
- [54166f8]: add helm chart info to pr template (#1217) (Sertaç Özercan) #1217
- [fe52bc9]: fix release manifest (#1234) (Sertaç Özercan) #1234
Documentation 📘
- fix markdown heading (#1209) #1209 (Takao Shibata)
- fix anchor (#1208) #1208 (Takao Shibata)
- [67c8211]: move metrics doc to website (#1219) (Sertaç Özercan) #1219
- [f1eda8f]: add external data design proposal (#1212) (Sertaç Özercan) #1212
- fix whitespace in manifest (#1227) #1227 (Takao Shibata)
- [48b449e]: fix edit page link (#1235) (Sertaç Özercan) #1235
- [a0fd054]: fix(helm/doc) - Add mutation flag to chart readme (#1236) (Rita Zhang) #1236