Releases: open-policy-agent/gatekeeper
Releases · open-policy-agent/gatekeeper
v3.6.0
This stable release includes bug fixes and new features.
Notable updates since last stable version
- ConstraintTemplate CRD moves to v1 🎉
- Reduce System.Mutate runtime by 87% 🔨
- Fix race conditions in watch manager and constraint controllers 🐎
- Remove non-specific webhook request metrics 📊
- Add prefix-based matching for namespaces and excludedNamespaces 🔡
- Add integer keyValue support to mutation path parser / mutators 🔢
- Helm enable to config controller manager & audit port 🎊
- Add helm hooks to upgrade CRDs 🆙
- Add metrics reporting for mutation 📈
Commits
- aad6c27: fix whitespace error in the debugging docs (#1465) (rob salmond) #1465
- 07e2fd0: Add metrics reporting for mutation (#1435) (Julian Katz) #1435
- f695654: Add frameworks apis to scheme (#1470) (Julian Katz) #1470
- 821db67: update with k8s v1.22.0 (#1477) (Sertaç Özercan) #1477
- 5975122: Add label to bats http.send test for idempotence (#1473) (Ivan Font) #1473
- 407611a: Deduplicate mutator controller logic (#1474) (Max Smythe) #1474
- 6a8ff89: Make Context usage consistent (#1457) (Will Beason) #1457
- aa8ad45: Add helm hooks to upgrade CRDs (#1485) (Rita Zhang) #1485
- c70dfd0: Unify Gatekeeper and controller-runtime metrics into a single endpoint (#1482) (Oren Shomron) #1482
- e00262b: Refactor core.Reconciler (#1489) (Will Beason) #1489
- a1b50a0: Update the upper limit of request duration metrics to 3 seconds (#1504) (Tsubasa Umeuchi) #1504
- 0238780: Dynamically change the API version of the PDB in Helm Chart (#1502) (Yuki Iwai) #1502
- 1901725: Helm enable to config controller manager & audit port (#1438) (Edvin N) #1438
- c3e9cd4: V1 constrainttemplate docs (#1492) (Julian Katz) #1492
- dd97b8a: run gator test (#1463) (Will Beason) #1463
- 93ad7e4: Refactor mutator Matches() to make extension easy (#1494) (Julian Katz) #1494
- mutation process to allProcesses list (#1516) #1516 (Spencer McCreary)
- 94ced7f: Update supported k8s versions (#1517) (Rita Zhang) #1517
- 9503ef2: Prepare v3.6.0 release (#1518) (Sertaç Özercan) #1518
v3.5.2
v3.6.0-beta.3
Commits
- 5e82e5b: Update documentation for 3.5 (#1399) (Rafe Hart) #1399
- 60c9781: Add PreserveUnknownFields: false to CRDs (#1356) (Julian Katz) #1356
- c43fb49: Create gator root command (#1403) (Will Beason) #1403
- 12d70ca: set exempt-namespaces to gatekeeper-controller-manager from values YAML (#1408) (Batuhan Apaydın) #1408
- 05f559e: Add integer keyValue support to mutation path parser / mutators (#1394) (Oren Shomron) #1394
- deba961: Read test files (#1412) (Will Beason) #1412
- d9495ad: Include v1 ConstraintTemplate from frameworks (#1416) (Julian Katz) #1416
- b791188: allow helm chart to override failurePolicy (#1417) (Heba Elayoty) #1417
- 5776a6b: Add prefix-based matching for namespaces and excludedNamespaces (#1404) (Julian Katz) #1404
- 786e2db: Remove non-specific webhook request metrics (#1428) (Julian Katz) #1428
- a6e24e7: Preserve conflicting schemas and report conflicts (#1364) (Will Beason) #1364
- a88df07: Update GK minimum version and reasoning. (#1432) (Will Beason) #1432
- 86b495b: [gk-test] parse Templates + Constraints in Suites (#1419) (Will Beason) #1419
- 643adf7: auto format linters (#1433) (Will Beason) #1433
- b018250: Force type assertions (#1436) (Will Beason) #1436
- bc22879: make resourcequota and priorityClassName's optional (#1425) (Batuhan Apaydın) #1425
- 9e76b3d: Use containerized kustomize (#1395) (Will Beason) #1395
- 4c6fae2: Benchmark AssignMutator.Mutate code (#1437) (Will Beason) #1437
- 152e102: Make dependabot-recommended changes (#1440) (Will Beason) #1440
- 938edcd: [mutation] Cache tester in AssignMetadata like we do in Assign mutators (#1442) (Will Beason) #1442
- 0ba8bc9: benchmark AssignMetadata.Mutate (#1441) (Will Beason) #1441
- c990a70: Remove erroneous print statement (#1452) (Will Beason) #1452
- 55a042e: Refactor run code into Runner (#1445) (Will Beason) #1445
- 812b7c6: deepcopy cached value instead of unmarshalling json (#1439) (Will Beason) #1439
- 6a9d3e4: Fix race conditions in watch manager and constraint controllers (#1427) (Max Smythe) #1427
- e8877be: Bump codecov/codecov-action from 1.5.2 to 2.0.1 (#1456) (dependabot[bot]) #1456
- b7a8674: Bump actions/setup-node from 2.2.0 to 2.3.0 (#1459) (dependabot[bot]) #1459
- ff826b2: Reduce System.Mutate runtime by 87% (#1454) (Will Beason) #1454
- 9ca7917: Bump codecov/codecov-action from 2.0.1 to 2.0.2 (#1462) (dependabot[bot]) #1462
- b6d1d60: [gk-test] Run case (#1446) (Will Beason) #1446
- 2b9a234: [gk-test] Add json annotations to Suites (#1447) (Will Beason) #1447
- c961ac6: Prepare v3.6.0-beta.3 release (#1460) (Sertaç Özercan) #1460
v3.6.0-beta.2
v3.5.1
This stable release includes bug fixes.
Notable updates
- If you are using Helm to upgrade your Gatekeeper deployments and have mutation enabled, make sure to install
MutatorPodStatus
CRD as Helm does not install new CRDs with an upgrade.
Commits
v3.6.0-beta.1
Commits
- b1ebeb5: Bump marvinpinto/action-automatic-releases from 1.1.1 to 1.2.1 (#1345) (dependabot[bot]) #1345
- a1dba5d: Upgrade dependencies (#1335) (Will Beason) #1335
- 1eca2c6: Add unit tests for pkg/util (#1343) (Will Beason) #1343
- a91c770: [mutation] validate parent and children Conditions (#1317) (Will Beason) #1317
- bf94eb3: Add gocritic linter (#1344) (Will Beason) #1344
- d66fc95: Add default configs to mutatingwebhookconfig (#1360) (Rita Zhang) #1360
- 3cd226f: Use MaxInt32 instead of MaxInt64 (#1362) (Will Beason) #1362
- 46e026a: Bump codecov/codecov-action from 1.5.0 to 1.5.2 (#1351) (dependabot[bot]) #1351
- 471196d: Add template e2e testing design doc (#1350) (Max Smythe) #1350
- b3c706a: update mutation deploy yaml to v3.5.0-rc.1 (#1342) (Sertaç Özercan) #1342
- e4e7cec: Define gatekeeper-test CLI, import cobra (#1370) (Will Beason) #1370
- 2ff8169: Prepare v3.6.0-beta.1 release (#1377) (Sertaç Özercan) #1377
v3.5.0
This stable release includes bug fixes and new features.
Notable updates
- Compatibility with Kubernetes v1.22 and later.
Changes since v3.5.0-rc.1
- [71430c3]: Cherry pick of #1317 and #1362: validate parent and children Conditions (#1374) (Sertaç Özercan) #1374
- [45757c7]: Cherry pick of #1360: Add default configs to mutatingwebhookconfig (#1372) (Sertaç Özercan) #1372
- [c6bd27f]: Cherry pick of #1342: update mutation deploy to v3.5.0-rc.1 (#1373) (Sertaç Özercan) #1373
- [fc22afa]: Prepare v3.5.0 release (#1376) (Sertaç Özercan) #1376
v3.4.1
Commits
- [86e07b4]: Fix gatekeeper mutation image tag (#1275) (Mathieu Parent) #1275
- [96e8f1f]: fix curl image in release 3.4 branch (#1338) (Sertaç Özercan) #1338
- [7a50c3b]: Cherry pick of #1240: Do not allow status objects from other pods to trigger constraint reconciles (#1371) (Sertaç Özercan) #1371
- [b541d06]: Prepare v3.4.1 release (#1378) (Sertaç Özercan) #1378
v3.5.0-rc.1
Bug Fixes
Commits
- [ed9fd9b]: Update experimental manifest with v3.4.0 image (#1239) (Sertaç Özercan) #1239
- [e93018d]: Add more info about failing closed (#1231) (Max Smythe) #1231
- [4b4ae44]: Added missing option 'audit-match-kind-only' to helm (#1245) (Eike Wichern) #1245
- [d200811]: fix tiny typo (#1243) (Gallardot) #1243
- [183f40a]: Remove deprecated kubectl generators from e2e (#1248) (Max Smythe) #1248
- [4cbf8bd]: Simplified Helm CRD's cleanup procedure (#1246) (Goran) #1246
- [65c3f85]: Add mutation transience doc (#1237) (Max Smythe) #1237
- [2ea6388]: Resolve merge conflicts (#1242) (Njegos Railic) #1242
- [7051529]: Do not allow status objects from other pods to trigger constraint reconciles (#1240) (Max Smythe) #1240
- [98c6fa6]: set klog global logger (#1256) (Sertaç Özercan) #1256
- [05a8180]: remove duplicate isValidMetadataPath in assignMetadata (#1255) (Sertaç Özercan) #1255
- [ecd1148]: document warn enforcement action (#1259) (Sertaç Özercan) #1259
- [b468cf2]: fixing docs for website/docs/mutation.md (#1267) (Reeta Singh) #1267
- [afc9fe2]: Update Constraint Framework. (#1269) (Brian Kennedy) #1269
- [d883817]: Provide the flag for disable unsafe builtins (#1191) (Becky HD) #1191
- [a974d70]: Add priority class name (#1266) (Chris Stanaway) #1266
- [64edbe3]: Add v1 CRD deprecation doc (Julian Katz)
- [e493e19]: Revert "Add v1 CRD deprecation doc" (#1276) (Max Smythe) #1276
- [3e70bea]: Add v1beta1 CRD deprecation doc (#1277) (Julian Katz) #1277
- [aa20de6]: add test matrix for k8s versions (#1268) (Sertaç Özercan) #1268
- [f6d0fc9]: Rebase controller-runtime/pkg/cache fork over v0.8.2 (#1284) (Oren Shomron) #1284
- [20a0e1a]: Add by pod status for mutators (#1260) (Max Smythe) #1260
- [0fccf8b]: Update to admissionregistration.k8s.io/v1 (#1250) (Sertaç Özercan) #1250
- [dc33b0a]: revert #1250 on charts (#1290) (Sertaç Özercan) #1290
- [64ad499]: Bump peaceiris/actions-gh-pages from 3 to 3.8.0 (#1304) (dependabot[bot]) #1304
- [3c1a847]: Bump actions/cache from 2 to 2.1.5 (#1302) (dependabot[bot]) #1302
- [1c05297]: Bump actions/setup-node from 2.1.2 to 2.1.5 (#1300) (dependabot[bot]) #1300
- [19a8b48]: Bump codecov/codecov-action from 1 to 1.5.0 (#1301) (dependabot[bot]) #1301
- [ac7f0f6]: Bump @docusaurus/core from 2.0.0-alpha.71 to 2.0.0-beta.0 in /website (#1307) (dependabot[bot]) #1307
- [404988d]: Bump @docusaurus/preset-classic from 2.0.0-alpha.71 to 2.0.0-beta.0 in /website (#1308) (dependabot[bot]) #1308
- [2bb6244]: Resolve rangeValCopy lint suggestions (#1292) (Will Beason) #1292
- [876ba46]: Fix mutation docs errors (#1288) (Shaw Ho) #1288
- [9aff3e3]: Add ResourceQuota for pod PriorityClass to deployment (#1282) (James Alseth) #1282
- [88df46b]: Update linked release version to 3.4 (#1312) (Gareth Western) #1312
- [92bf487]: Add structural information to Constraint Kind CRDs (#1249) (Julian Katz) #1249
- [a2a42df]: Upgrade v1beta1 CRD yamls to v1 (#1286) (Julian Katz) #1286
- [e09498c]: Use "revive" instead of "golint" linter (#1316) (Will Beason) #1316
- [edb29d0]: fix curl image used for e2e (#1321) (Rita Zhang) #1321
- [e6ea240]: add k8s v1.21 to test matrix (#1314) (Sertaç Özercan) #1314
- [0b1d89d]: Upgrade constrainttemplate_controller to apiextensionsv1 (#1320) (Julian Katz) #1320
- [[f6c2fe8](https://github.com/open-policy-agent/gatekeeper/commit/f6c2fe854a78...
v3.4.0
This stable release includes bug fixes and new features.
Notable updates
- Helm v2 chart has been removed starting with v3.4.0. Helm v3 chart is supported and available in the Helm repository.
- Mutation is available as an
alpha
feature. You can deploy using experimental yaml or Helm chart usingexperimentalEnableMutation
flag. request_count
andrequest_duration_seconds
validation metrics will be deprecated in a future release in favor ofvalidation_request_count
andvalidation_request_duration_seconds
. See #1010 for details.
Changes since v3.4.0-rc.1
Features 🌈
- deprecate Helm 2 (#1179) #1179 (Julian Dolce)
- [cd9de86]: Add invalid input feedback (#1196) (KeisukeYamashita) #1196
- [e1021ca]: feat(mutation/helm) - Add mutation to helm chart (#1220) (Rita Zhang) #1220
Bug Fixes 🐞
- [cca802c]: Fixes #1203 - log ucloop.uc in audit (#1210) (Rita Zhang) #1210
- [ff5fc7a]: [Helm] Remove duplicate affinity key (#1199) (Daniel Wegener) #1199
- [9eed155]: fix(helm) - Remove crd-install helm hook (#1230) (Rita Zhang) #1230
Maintenance and testing 🔧
- [ccc6ffc]: add dependabot for updating website and actions (#1218) (Sertaç Özercan) #1218
- [54166f8]: add helm chart info to pr template (#1217) (Sertaç Özercan) #1217
- [fe52bc9]: fix release manifest (#1234) (Sertaç Özercan) #1234
Documentation 📘
- fix markdown heading (#1209) #1209 (Takao Shibata)
- fix anchor (#1208) #1208 (Takao Shibata)
- [67c8211]: move metrics doc to website (#1219) (Sertaç Özercan) #1219
- [f1eda8f]: add external data design proposal (#1212) (Sertaç Özercan) #1212
- fix whitespace in manifest (#1227) #1227 (Takao Shibata)
- [48b449e]: fix edit page link (#1235) (Sertaç Özercan) #1235
- [a0fd054]: fix(helm/doc) - Add mutation flag to chart readme (#1236) (Rita Zhang) #1236