Releases: open-policy-agent/gatekeeper
Releases · open-policy-agent/gatekeeper
v3.4.0-rc.1
This release candidate release includes bug fixes and new features.
Features 🌈
- helm chart podLabels (#1126) #1126 (Julian Dolce)
- Allow Helm to manage namespace where objects are created. (#1132) #1132 (Julian Dolce)
- [c099e03]: added hostNetwork option for controllerManager and Audit helm templates (#1098) (Nandan Sadineni) #1098
- [6d99979]: Adding pod disruption budget (#1105) (Matt Veitas) #1105
- [55eea80]: Add --log-denies option for helm chart (#1158) (Paul Kirby) #1158
- [426949f]: Add warn enforcement action (#1107) (Sertaç Özercan) #1107
- [86ea57f]: Add readiness retries support for Constraint Templates (#1160) (Julian Katz) #1160
Bug Fixes 🐞
- [be2f5b4]: show that violations are coming from audit and not deny actions (#1099) (Michael Grosser) #1099
- [f27a73e]: Avoid passing pointer in iteration (#1129) (Becky HD) #1129
Maintenance and testing 🔧
- e2e teardown. (#1165) #1165 (Julian Dolce)
- [b19fc37]: fix helm upgrade test on releases (#1095) (Sertaç Özercan) #1095
- [db5a580]: Upgrade to controller-runtime v0.7.0 (#1073) (Sertaç Özercan) #1073
- [9d424ff]: Cleanup readme (#1111) (Sertaç Özercan) #1111
- [ccf9579]: Update helm templates for compatibility with kustomize (#1031) (Scott Leggett) #1031
- [0fad0d2]: Update to Go 1.16 (#1154) (Sertaç Özercan) #1154
- [321d8a8]: add gosec to linters (#1152) (matancarmeli7) #1152
- [70fdfe9]: fix manifest (#1164) (Sertaç Özercan) #1164
- [772a40a]: add search to docs website (#1136) (Sertaç Özercan) #1136
- [6d83b8c]: update website version (#1173) (Sertaç Özercan) #1173
- [2380fac]: Allow namespaces by prefix (#1193) (Max Smythe) #1193
- [fe3b6de]: fix helm upgrade (#1201) (Sertaç Özercan) #1201
- [bb67472]: Fix gh workflow tagged release (#1206) (Rita Zhang) #1206
Documentation 📘
- [df6c9b4]: add docs for needing operation audit and chunk size flag (#1097) (Michael Grosser) #1097
- [9917db6]: Update Helm README (#1032) (Carlos Castro) #1032
- [485fc17]: Mutation docs (#1143) (Marcin Mirecki) #1143
- [0370f15]: Add mutation docs to sidebar (#1183) (Marcin Mirecki) #1183
Experimental mutation changes 🚧
- [e8ed13c]: Add pathtest functionality to assign mutators (#1101) (Max Smythe) #1101
- [001f4c3]: Add value testing to the assign mutator (#1113) (Max Smythe) #1113
- [7a7df04]: deepcopy for mutation parser.Node types (#1121) (Bryce Cronkite-Ratcliff) #1121
- [705a40c]: Fix scope selector for mutators (#1110) (Max Smythe) #1110
- [95ec2f0]: Add more details to mutation related errors (#1142) (Marcin Mirecki) #1142
- [b975ee3]: Mutation cache warming (#952) (Marcin Mirecki) #952
- [6b17c17]: Move mutator validation to the validating webhook (#1153) (Max Smythe) #1153
- [09b2c55]: Invoke ApplyTo logic in Assign mutator's matcher (#1150) (Max Smythe) #1150
- [15eee75]: Mutation cache warming for Assign (#1161) (Marcin Mirecki) #1161
- [5b0472a]: Add mutation webhook tests, clean (#1177) (Max Smythe) #1177
- log applied mutations (#1140) #1140 (Marcin Mirecki)
- [09d9675]: Add gatekeeper mutation yaml (#1189) (Marcin Mirecki) #1189
v3.4.0-beta.0
This release is used to align with latest stable release and has the same changelog as v3.3.0
v3.3.0
This stable release includes bug fixes and new features.
Features 🌈
- [30d0470]: Helm chart: make namespace creation optional (#981) (Paavo Pokkinen) #981
- [13edcf9]: Adding modifiable priority class to controller-manager and audit deployment (#1008) (Borbély Botond) #1008
- [1fc4ad1]: Add the readiness-retries flag, allowing the user to configure how many (#1014) (Julian Katz) #1014
- [5f9e98a]: Check that the Config resource is named 'config' (#1057) (Julian Katz) #1057
- [49f2f97]: Allow different settings for audit vs controller (#1006) (Stijn De Haes) #1006
- [7bb367a]: Enable readOnlyRootFilesystem in Helm chart (#1048) (James Alseth) #1048
- [e68a39e]: Parametrize delete operations and timeout for webhook in helm chart (#1051) (Jonny) #1051
- [764cb0a]: Add validation webhook maximum worker threads (#1021) (Max Smythe) #1021
- [46767a1]: Allow a tracker with observations but without expectations to be (#1062) (Julian Katz) #1062
Bug Fixes 🐞
- [dfa7551]: Fix for selfLink removal (#1007) (Sertaç Özercan) #1007
- [13bbfd8]: Fix excluding namespaces from config namespace exclusion (#975) (Sertaç Özercan) #975
Experimental mutation changes 🚧
- Implement CRD validation. (#978) #978 (Federico Paolinelli)
- [394a93c]: Add mutation cache to webhook and controller (#945) (Marcin Mirecki) #945
- [d6c5389]: Write Mutation function for Assing and AssignMetadata (#937) (Marcin Mirecki) #937
- [321dd44]: Common stats reporting code for validation and mutation (#976) (Marcin Mirecki) #976
- [0f20ba0]: Update TestAssignMetadataToMutator to check mutator and path (#1016) (Marcin Mirecki) #1016
- [1459e2f]: Use ID only for cache deletion. (#1020) (Federico Paolinelli) #1020
- [d33f09a]: Add assign controller (#1019) (Rita Zhang) #1019
- [66288bc]: AssignMetadata Controller should end processing on resource parsing error (#989) (Marcin Mirecki) #989
- [a5309a6]: Connect mutation webhook with mutation system (#1015) (Marcin Mirecki) #1015
- [a128317]: Update assignmetadata controller pkg (#1025) (Rita Zhang) #1025
- [a4c6ebb]: Mutation webhook should not return any patches when nothing was mutated (#1026) (Marcin Mirecki) #1026
- [e0a1ae2]: Fix mutator removal (#1036) (Marcin Mirecki) #1036
- [1eed2a3]: Error when oscilating mutation is detected (#1030) (Marcin Mirecki) #1030
- [106494f]: Update comment
Mutate
function (#1040) (Max Smythe) #1040 - [6ceb3f4]: Add schema DB (#979) (Max Smythe) #979
- [5610c59]: Fix assign mutation panic (#1054) (Rita Zhang) #1054
- [6243e45]: New process excluder for mutation (#970) (Marcin Mirecki) #970
v3.2.3
v3.3.0-beta.2
Commits
- [9a28f98]: Mutation Objects (#916) (yanir quinn) #916
- lay down the interfaces required for implementing the mutation feature. (#926) #926 (Federico Paolinelli)
- [f3ec64a]: Allow multiple webhooks to be created (#882) (Marcin Mirecki) #882
- [dfca71a]: dockerize controller-gen (#958) (Julian Katz) #958
- [b1f5535]: Fix broken
make generate
, which requires CGO (#961) (Julian Katz) #961 - [bb41a66]: Fix typo in kustomize (#960) (Marcin Mirecki) #960
- [72d6399]: Keep retrying if watch not established successfully (#903) (Max Smythe) #903
- [ecba004]: Add new mutation design docs (#862) (Max Smythe) #862
- [cff9cdd]: Specify automountServiceAccountToken: true on Deployments (#950) (Julian Katz) #950
- [6dab5d4]: Fix instructions on how to deploy from master. (#966) (Federico Paolinelli) #966
- [15255ec]: Added imagePullSecrets to helm chart (#948) (Nick Fisher) #948
- [60b11a7]: Fix cert-controller order in go.mod (#965) (Marcin Mirecki) #965
- [2666ce8]: Fix e2e test flakiness (#964) (Max Smythe) #964
- [b43bd8d]: Fix set-env deprecation (#969) (Sertaç Özercan) #969
- [5320da3]: Fix nil prometheus exporter (#968) (Sertaç Özercan) #968
- [3444c16]: Write location parser for Mutations (#946) (Oren Shomron) #946
- add a cache of mutations, sorted and thread safe. (#928) #928 (Federico Paolinelli)
- [688b17d]: Scope secrets cache to single namespace (#972) (Oren Shomron) #972
- [e47d95b]: Add SecretAnnotations to Chart (#853) (Guy Templeton) #853
- conversion functions from assign / assignmetadata to Mutator (#938) #938 (Federico Paolinelli)
- [57dabe2]: Add AssignMetadata controller (#927) (Marcin Mirecki) #927
- [0af9133]: Implement the match logic (#932) (Federico Paolinelli) #932
- [34ab3d2]: Add Value function to mutators (#987) (Marcin Mirecki) #987
- [8a538e4]: add documentation for cherry pick (#998) (Sertaç Özercan) #998
- [bb460f7]: Add mutating webhook (#881) (Marcin Mirecki) #881
- [ebb2da1]: Disable mutation webhook generators for now (#1004) (Max Smythe) #1004
- [c3b0a88]: Prepare v3.3.0-beta.2 release (#1005) (Rita Zhang) #1005
v3.2.2
v3.2.1
v3.3.0-beta.1
v3.1.3
v3.2.0
This stable release has the same changes as v3.2.0-rc.1
Gateekeeper library is moved to it's own repo at https://github.com/open-policy-agent/gatekeeper-library.