Releases: open-policy-agent/gatekeeper
Releases · open-policy-agent/gatekeeper
v3.19.0-beta.1
Chores
- bump golang.org/x/crypto from 0.28.0 to 0.31.0 (#3735) #3735 (dependabot[bot])
- update operation generate in deployment yaml and add docs (#3738) #3738 (Jaydip Gabani)
- Patch docs for 3.18.1 release (#3750) #3750 (github-actions[bot])
- Prepare v3.19.0-beta.1 release (#3752) #3752 (github-actions[bot])
v3.19.0-beta.0
Chores
- remove unused go-version file (#3711) #3711 (Sertaç Özercan)
- bump the all group across 1 directory with 5 updates (#3722) #3722 (dependabot[bot])
- removing wait of vapb deletion (#3718) #3718 (Jaydip Gabani)
- bump golang from
3f3b9datoef30001in /test/image (#3728) #3728 (dependabot[bot]) - updating deprecated flag for trivy (#3732) #3732 (Jaydip Gabani)
- bump the all group across 1 directory with 5 updates (#3734) #3734 (dependabot[bot])
- bump nanoid from 3.3.6 to 3.3.8 in /website (#3733) #3733 (dependabot[bot])
- bump cross-spawn from 7.0.3 to 7.0.6 in /website (#3710) #3710 (dependabot[bot])
- Prepare v3.19.0-beta.0 release (#3737) #3737 (github-actions[bot])
v3.18.1
Chores
- bump golang.org/x/crypto from 0.28.0 to 0.31.0 (#3735) (#3740) #3740 (Jaydip Gabani)
- update operation generate in deployment yaml and add docs, CP (#3738) (#3748) #3748 (Jaydip Gabani)
- Prepare v3.18.1 release (#3749) #3749 (github-actions[bot])
v3.18.0
Notable Changes
- 🎓 CEL-based policies enforced through Gatekeeper is GA!
- ⚙️ Operation
generateto guard CRD and VAP/VAPB generation.
Features
- add logStatsAdmission and logStatsAudit into Helm chart (#3526) #3526 (Yuedong Wu)
- Implement config pod status (#3544) #3544 (avinash patnala)
- Gator sync test support (#3098) #3098 (Anlan Du)
- add generate operation and wait for VAPB generation (#3573) #3573 (Jaydip Gabani)
- moving CEL engine to GA (#3685) #3685 (Jaydip Gabani)
- Add commonLabels to Deployments (#3684) #3684 (Wyatt Fry)
- support expansion in gator verify (#3650) #3650 (David Lee)
Bug Fixes
- vap error logging for rego only templates (#3520) #3520 (Martijn van der Ploeg)
- liniting error in gatekeeper-controller-manager-poddisruptionbudget.yaml (#3519) #3519 (tberreis)
- helm warning when setting NetworkPolicy ingress rule(s) (#3541) #3541 (Sebastian Stephan)
- Move K8scel driver from framework (#3570) #3570 (avinash patnala)
Documentation
- add alibabacloud to the list of managed services using Gatekeeper in … (#3521) #3521 (DahuK)
- refine alibaba cloud logo png (#3514) (#3524) #3524 (DahuK)
- update mutation docs (#3553) #3553 (m1schka-bdr)
- Update milestone release cadence (#3657) #3657 (Rita Zhang)
- Fix vapb argument (#3694) #3694 (Yi Rae Kim)
Code Refactoring
- Move setting up Obj to old obj on Delete logic to target handler (#3511) #3511 (avinash patnala)
Continuous Integration
- remove dockerfile buildplatform (#3491) #3491 (Sertaç Özercan)
- updating trivy version (#3691) #3691 (Jaydip Gabani)
- push container images to ghcr.io as well (#3658) #3658 (Takahiro Tsuruda)
- fix trivy throttling (#3696) #3696 (Sertaç Özercan)
- fix ghcr push (#3698) #3698 (Sertaç Özercan)
- fix gator image for ghcr (#3700) #3700 (Sertaç Özercan)
- bump to go 1.23 in gha (#3699) #3699 (Sertaç Özercan)
- gha to check for typos in docs (#3703) #3703 (Sertaç Özercan)
Chores
- removing wait of vapb deletion, cherry-pick (#3718) (#3724) #3724 (Jaydip Gabani)
- Prepare v3.18.0-rc.1 release (#3725) #3725 (github-actions[bot])
- bump the k8s group with 5 updates (#3503) #3503 (dependabot[bot])
- bump micromatch from 4.0.5 to 4.0.8 in /website (#3517) #3517 (dependabot[bot])
- bump the all group across 1 directory with 3 updates (#3512) #3512 (dependabot[bot])
- bump golang from 1.22-bullseye to 1.23-bullseye in /test/image (#3505) #3505 (dependabot[bot])
- bump golang from 1.22-bookworm to 1.23-bookworm in /build/tooling (#3506) #3506 (dependabot[bot])
- adding design doc for exporting violation interface (#3515) #3515 (Jaydipkumar Arvindbhai Gabani)
- adding helm lint ci test (#3536) #3536 (Jaydipkumar Arvindbhai Gabani)
- Patch docs for 3.17.1 release (#3540) #3540 (github-actions[bot])
- bump kubectl from v1.30.3 to v1.31.1 (#3543) #3543 (dependabot[bot])
- bump golang from
31dc846to1a5326bin /build/tooling (#3533) #3533 (dependabot[bot]) - bump golang from
ecef830to45b4337in /test/image (#3531) #3531 (dependabot[bot]) - Updating GK -> opa versions (#3537) #3537 (Jaydip Gabani)
- adding common function for error reporting for constraint (#3486) #3486 (Jaydip Gabani)
- bumping opa to 0.68.0 (#3561) #3561 (Jaydip Gabani)
- bump webpack from 5.76.3 to 5.95.0 in /website (#3562) [#3562](ht...
v3.18.0-rc.1
Chores
- removing wait of vapb deletion, cherry-pick (#3718) (#3724) #3724 (Jaydip Gabani)
- Prepare v3.18.0-rc.1 release (#3725) #3725 (github-actions[bot])
v3.18.0-rc.0
Features
- add logStatsAdmission and logStatsAudit into Helm chart (#3526) #3526 (Yuedong Wu)
- Implement config pod status (#3544) #3544 (avinash patnala)
- Gator sync test support (#3098) #3098 (Anlan Du)
- add generate operation and wait for VAPB generation (#3573) #3573 (Jaydip Gabani)
- moving CEL engine to GA (#3685) #3685 (Jaydip Gabani)
- Add commonLabels to Deployments (#3684) #3684 (Wyatt Fry)
- support expansion in gator verify (#3650) #3650 (David Lee)
Bug Fixes
- vap error logging for rego only templates (#3520) #3520 (Martijn van der Ploeg)
- liniting error in gatekeeper-controller-manager-poddisruptionbudget.yaml (#3519) #3519 (tberreis)
- helm warning when setting NetworkPolicy ingress rule(s) (#3541) #3541 (Sebastian Stephan)
- Move K8scel driver from framework (#3570) #3570 (avinash patnala)
Documentation
- add alibabacloud to the list of managed services using Gatekeeper in … (#3521) #3521 (DahuK)
- refine alibaba cloud logo png (#3514) (#3524) #3524 (DahuK)
- update mutation docs (#3553) #3553 (m1schka-bdr)
- Update milestone release cadence (#3657) #3657 (Rita Zhang)
- Fix vapb argument (#3694) #3694 (Yi Rae Kim)
Code Refactoring
- Move setting up Obj to old obj on Delete logic to target handler (#3511) #3511 (avinash patnala)
Continuous Integration
- remove dockerfile buildplatform (#3491) #3491 (Sertaç Özercan)
- updating trivy version (#3691) #3691 (Jaydip Gabani)
- push container images to ghcr.io as well (#3658) #3658 (Takahiro Tsuruda)
- fix trivy throttling (#3696) #3696 (Sertaç Özercan)
- fix ghcr push (#3698) #3698 (Sertaç Özercan)
- fix gator image for ghcr (#3700) #3700 (Sertaç Özercan)
- bump to go 1.23 in gha (#3699) #3699 (Sertaç Özercan)
- gha to check for typos in docs (#3703) #3703 (Sertaç Özercan)
Chores
- bump the k8s group with 5 updates (#3503) #3503 (dependabot[bot])
- bump micromatch from 4.0.5 to 4.0.8 in /website (#3517) #3517 (dependabot[bot])
- bump the all group across 1 directory with 3 updates (#3512) #3512 (dependabot[bot])
- bump golang from 1.22-bullseye to 1.23-bullseye in /test/image (#3505) #3505 (dependabot[bot])
- bump golang from 1.22-bookworm to 1.23-bookworm in /build/tooling (#3506) #3506 (dependabot[bot])
- adding design doc for exporting violation interface (#3515) #3515 (Jaydipkumar Arvindbhai Gabani)
- adding helm lint ci test (#3536) #3536 (Jaydipkumar Arvindbhai Gabani)
- Patch docs for 3.17.1 release (#3540) #3540 (github-actions[bot])
- bump kubectl from v1.30.3 to v1.31.1 (#3543) #3543 (dependabot[bot])
- bump golang from
31dc846to1a5326bin /build/tooling (#3533) #3533 (dependabot[bot]) - bump golang from
ecef830to45b4337in /test/image (#3531) #3531 (dependabot[bot]) - Updating GK -> opa versions (#3537) #3537 (Jaydip Gabani)
- adding common function for error reporting for constraint (#3486) #3486 (Jaydip Gabani)
- bumping opa to 0.68.0 (#3561) #3561 (Jaydip Gabani)
- bump webpack from 5.76.3 to 5.95.0 in /website (#3562) #3562 (dependabot[bot])
- bump golang from
45b4337to1a26d5ain /test/image (#3566) #3566 (dependabot[bot]) - bump golang from
1a5326btodba79ebin /build/tooling (#3565) #3565 (dependabot[bot]) - bump express from 4.19.2 to 4.21.0 in /website (#3542) [#3542](https://github.com/ope...
v3.17.1
Bug Fixes
- vap error logging for rego only templates, cherry-pick (#3520) (#3525) #3525 (Jaydipkumar Arvindbhai Gabani)
- liniting error in gatekeeper-controller-manager-poddisruptionbudget.yaml, cherry-pick (#3519) (#3535) #3535 (Jaydipkumar Arvindbhai Gabani)
Chores
- Prepare v3.17.1 release (#3539) #3539 (github-actions[bot])
v3.18.0-beta.0
Bug Fixes
- fixing error reporting for templates without CEL (#3493) #3493 (Jaydipkumar Arvindbhai Gabani)
Documentation
- update vap doc and demo (#3502) #3502 (Rita Zhang)
Chores
- Prepare v3.18.0-beta.0 release (#3510) #3510 (github-actions[bot])
v3.17.0
Notable Changes
- 🎓 CEL-based policies enforced through Gatekeeper is in beta!
- ⚙️ Generating VAP (Validating Admission Policy) in Gatekeeper has transitioned from using annotations to specifying fields in ConstraintTemplate and Constraint. Please find out more details using VAP through Gatekeeper.
- 🎬 Ability to enforce specific action for Gatekeeper webhook, audit, gator, or VAP in the same constraint through
scopedEnforcementActionsfield underspecin Constraints.
Features
- add support for CONNECT operations (#3459) #3459 (Thomas Chaplin)
- adding scopedenforcementactions (#3321) #3321 (Jaydipkumar Arvindbhai Gabani)
- separate podlabels in controller-manager and audit deployment (#3378) #3378 (Robert Bublik)
- moving k8s-native-validation feature to beta (#3476) #3476 (Jaydipkumar Arvindbhai Gabani)
- check for CT generateVap intent before generating vapbinding (#3479) #3479 (Jaydipkumar Arvindbhai Gabani)
- adding generateVAP field, removing annotations for vap (#3398) #3398 (Jaydipkumar Arvindbhai Gabani)
- Make service account configurable and add option to opt out of creation (#3404) #3404 (Stef Graces)
Bug Fixes
- fixing artifact upload error (#3437) #3437 (Jaydipkumar Arvindbhai Gabani)
- adding pod subresources in mutation rules (#3426) #3426 (Jaydipkumar Arvindbhai Gabani)
- include cel flags on audit deployment (#3414) #3414 (Noah Reisch)
- only set matchConditions on webhook when not empty (#3412) #3412 (Martijn van der Ploeg)
- #3146 Support close open/fail for Ready Tracker & surface errors swallowed by grp.Wait() (#3308) #3308 (David Lee)
- Remove crashOnFailureFetchingExpectations flag (#3453) #3453 (David Lee)
- fixing error reporting for templates without CEL, cherry-pick (#3493) (#3495) #3495 (Jaydipkumar Arvindbhai Gabani)
Documentation
- quote the subPath conditional (#3385) #3385 (JenTing)
- Update mutation assign doc (#3433) #3433 (Anlan Du)
Continuous Integration
- fix test storage url (#3427) #3427 (Sertaç Özercan)
- revert kubebuilder custom env (#3430) #3430 (Sertaç Özercan)
- adding k8s-1.30 (#3447) #3447 (Jaydipkumar Arvindbhai Gabani)
- fix dockerfile lint (#3474) #3474 (Sertaç Özercan)
Chores
- bump BASEIMAGE from static to static-debian12 (#3386) #3386 (Sahil Verma)
- bump google.golang.org/grpc from 1.62.1 to 1.62.2 (#3346) #3346 (dependabot[bot])
- bump sigs.k8s.io/controller-runtime from 0.17.3 to 0.17.5 in the k8s group across 1 directory (#3382) #3382 (dependabot[bot])
- bump the k8s group across 1 directory with 5 updates (#3387) #3387 (dependabot[bot])
- bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 (#3381) #3381 (dependabot[bot])
- bump cloud.google.com/go/trace from 1.10.6 to 1.10.7 (#3373) #3373 (dependabot[bot])
- bump kubectl from v1.30.0 to v1.30.1 (#3390) #3390 (dependabot[bot])
- bumping to frameworks 2ece026 (#3392) #3392 (Jaydipkumar Arvindbhai Gabani)
- bump golang from
d996c64to48b942ain /build/tooling (#3347) #3347 (dependabot[bot]) - Patch docs for 3.16.1 release (#3395) #3395 (github-actions[bot])
- bumping frameworks/constraints to 5368a3b697f2 (#3399) #3399 (Jaydipkumar Arvindbhai Gabani)
- Patch docs for 3.16.3 release (#3407) #3407 (Jaydipkumar Arvindbhai Gabani)
- bump the all group across 1 directory with 12 updates (#3431) #3431 (dependabot[bot])
- bump braces from 3.0.2 to 3.0.3 in /website (#3424) #3424 (dependabot[bot])
- bump github.com/go-logr/logr from 1.4.1 to 1.4.2 (#3403) #3403 (dependabot[bot])
- bump the all group across 1 directory with 2 updates (#3444) #3444 (dependabot[bot])
- bump golang from
5c56bd4toaec4784in /build/tooling (#3417) #3417 (dependabot[bot]) - bump ws from 7.5.7 ...
v3.17.0-rc.1
Features
- add support for CONNECT operations (#3459) #3459 (Thomas Chaplin)
- adding scopedenforcementactions (#3321) #3321 (Jaydipkumar Arvindbhai Gabani)
- separate podlabels in controller-manager and audit deployment (#3378) #3378 (Robert Bublik)
- moving k8s-native-validation feature to beta (#3476) #3476 (Jaydipkumar Arvindbhai Gabani)
- check for CT generateVap intent before generating vapbinding (#3479) #3479 (Jaydipkumar Arvindbhai Gabani)
- adding generateVAP field, removing annotations for vap (#3398) #3398 (Jaydipkumar Arvindbhai Gabani)
- Make service account configurable and add option to opt out of creation (#3404) #3404 (Stef Graces)
Bug Fixes
- fixing artifact upload error (#3437) #3437 (Jaydipkumar Arvindbhai Gabani)
- adding pod subresources in mutation rules (#3426) #3426 (Jaydipkumar Arvindbhai Gabani)
- include cel flags on audit deployment (#3414) #3414 (Noah Reisch)
- only set matchConditions on webhook when not empty (#3412) #3412 (Martijn van der Ploeg)
- #3146 Support close open/fail for Ready Tracker & surface errors swallowed by grp.Wait() (#3308) #3308 (David Lee)
- Remove crashOnFailureFetchingExpectations flag (#3453) #3453 (David Lee)
- fixing error reporting for templates without CEL, cherry-pick (#3493) (#3495) #3495 (Jaydipkumar Arvindbhai Gabani)
Documentation
- quote the subPath conditional (#3385) #3385 (JenTing)
- Update mutation assign doc (#3433) #3433 (Anlan Du)
Continuous Integration
- fix test storage url (#3427) #3427 (Sertaç Özercan)
- revert kubebuilder custom env (#3430) #3430 (Sertaç Özercan)
- adding k8s-1.30 (#3447) #3447 (Jaydipkumar Arvindbhai Gabani)
- fix dockerfile lint (#3474) #3474 (Sertaç Özercan)
Chores
- bump BASEIMAGE from static to static-debian12 (#3386) #3386 (Sahil Verma)
- bump google.golang.org/grpc from 1.62.1 to 1.62.2 (#3346) #3346 (dependabot[bot])
- bump sigs.k8s.io/controller-runtime from 0.17.3 to 0.17.5 in the k8s group across 1 directory (#3382) #3382 (dependabot[bot])
- bump the k8s group across 1 directory with 5 updates (#3387) #3387 (dependabot[bot])
- bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 (#3381) #3381 (dependabot[bot])
- bump cloud.google.com/go/trace from 1.10.6 to 1.10.7 (#3373) #3373 (dependabot[bot])
- bump kubectl from v1.30.0 to v1.30.1 (#3390) #3390 (dependabot[bot])
- bumping to frameworks 2ece026 (#3392) #3392 (Jaydipkumar Arvindbhai Gabani)
- bump golang from
d996c64to48b942ain /build/tooling (#3347) #3347 (dependabot[bot]) - Patch docs for 3.16.1 release (#3395) #3395 (github-actions[bot])
- bumping frameworks/constraints to 5368a3b697f2 (#3399) #3399 (Jaydipkumar Arvindbhai Gabani)
- Patch docs for 3.16.3 release (#3407) #3407 (Jaydipkumar Arvindbhai Gabani)
- bump the all group across 1 directory with 12 updates (#3431) #3431 (dependabot[bot])
- bump braces from 3.0.2 to 3.0.3 in /website (#3424) #3424 (dependabot[bot])
- bump github.com/go-logr/logr from 1.4.1 to 1.4.2 (#3403) #3403 (dependabot[bot])
- bump the all group across 1 directory with 2 updates (#3444) #3444 (dependabot[bot])
- bump golang from
5c56bd4toaec4784in /build/tooling (#3417) #3417 (dependabot[bot]) - bump ws from 7.5.7 to 7.5.10 in /website (#3425) #3425 (dependabot[bot])
- bump kubectl from v1.30.1 to v1.30.2 (#3420) #3420 (dependabot[bot])
- bump google.golang.org/protobuf from 1.34.0 to 1.34.2 (#3423) #3423 (dependabot[bot])
- bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#3422) #3422 ([dependa...