Releases: open-policy-agent/gatekeeper
Releases · open-policy-agent/gatekeeper
v3.14.1
v3.16.0-beta.0
Features
- Update audit and controller manager with pod labels (#3240) #3240 (James Bruce)
Bug Fixes
- fixing panic in debug log (#3244) #3244 (Jaydipkumar Arvindbhai Gabani)
- fixing panic in error log (#3246) #3246 (Jaydipkumar Arvindbhai Gabani)
Documentation
- add docs on how to contribute templates (#3242) #3242 (Xander Grzywinski)
- add request input struct (#3234) #3234 (Xander Grzywinski)
Continuous Integration
- removing auto tagging workflow (#3257) #3257 (Jaydipkumar Arvindbhai Gabani)
- running ci with gatekeeper debug logs (#3260) #3260 (Jaydipkumar Arvindbhai Gabani)
Chores
- bump kubectl from v1.29.0 to v1.29.1 (#3232) #3232 (dependabot[bot])
- bump golang from
6ac4c35
toadf7ccb
in /build/tooling (#3233) #3233 (dependabot[bot]) - bump golang from
6ac4c35
toadf7ccb
in /test/image (#3231) #3231 (dependabot[bot]) - bump golang from
adf7ccb
to47fa179
in /build/tooling (#3238) #3238 (dependabot[bot]) - bump golang from
adf7ccb
to47fa179
in /test/image (#3236) #3236 (dependabot[bot]) - Setting pubsub annotations using --set in makefile (#3160) #3160 (Jaydipkumar Arvindbhai Gabani)
- Prepare v3.16.0-beta.0 release (#3256) #3256 (github-actions[bot])
v3.15.0
Notable Changes
- 📐 Introducing support for replicating data with SyncSets. This is an alpha feature, feedback is welcome!
Features
Bug Fixes
- fixing panic in debug log (#3244) cherry-pick (#3245) by @JaydipGabani
- disable psp as default (#3179) by @ritazh
- log panic in am (#3174) by @alex
- Ident podLabels on deployments (#3153) by @joaosilva15
- only validate gk res (#3158) by @alex
- check name length for all gk resources (#3094) by @alex
- ns exclusion audit from cache (#3129) by @alex
- fixes disable cache flow (#3132) by @nilekhc
- auto signing PR for dco (#3120) by @JaydipGabani
- support DELETE configs validation (#3089) by @alex
- limit length of ExpansionTemplate names to <64 (#3078) by @davis-haba
- add nindent in objectSelector (#3071) by @leewoobin789
Documentation
- syncset docs (#3202) by @alex
- update repo env var (#3203) by @ritazh
- Update install.md (#3191) by @Asya-kawai
- automate installation docs to point to tag (#3178) by @sozercan
- clarify rc release (#3139) by @sozercan
- examples, fix:improve gator err msg (#3079) by @alex
- update vap demo readme (#3096) by @sozercan
Tests
Refactoring
Continuous Integration
- set up go version for govulncheck (#3159) by @sozercan
- add govulncheck (#3114) by @sozercan
- drop arm/v7 builds for crd image (#3074) by @sozercan
Chores
- Prepare v3.15.0 release (#3248) by @github-actions[bot]
- Prepare v3.15.0-rc.0 release (#3230) by @github-actions[bot]
- bump the k8s group with 2 updates (#3226) by @dependabot[bot]
- bump golang from
1e3c713
to6ac4c35
in /test/image (#3220) by @dependabot[bot] - bump golang from
1e3c713
to6ac4c35
in /build/tooling (#3221) by @dependabot[bot] - moving to otel from opencensus (#3011) by @JaydipGabani
- bump framework to 18fa1fc7dc06 (#3211) by @ritazh
- bump the k8s group with 3 updates (#3209) by @dependabot[bot]
- bump clsx from 1.2.1 to 2.1.0 in /website (#3204) by @dependabot[bot]
- bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible (#3127) by @dependabot[bot]
- bump cloud.google.com/go/trace from 1.10.2 to 1.10.4 (#3149) by @dependabot[bot]
- bump follow-redirects from 1.14.9 to 1.15.4 in /website (#3208) by @dependabot[bot]
- bump kubectl from v1.28.3 to v1.29.0 (#3193) by @dependabot[bot]
- bump github.com/containerd/containerd from 1.7.6 to 1.7.11 (#3198) by @dependabot[bot]
- bump golang from
fe69f48
toca78a56
in /build/tooling (#3194) by @dependabot[bot] - bump golang from
fe69f48
toca78a56
in /test/image (#3196) by @dependabot[bot] - bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#3197) by @dependabot[bot]
- bump the all group with 5 updates (#3207) by @dependabot[bot]
- fix golanglint, checkout prior to setup-go (#3206) by @apeabody
- bump golang from
26c7537
tofe69f48
in /test/image (#3150) by @dependabot[bot] - bump golang from
26c7537
tofe69f48
in /build/tooling (#3148) by @dependabot[bot] - bump the all group with 5 updates (#3182) by @dependabot[bot]
- auto tagging after release pr is merged (#3135) by @JaydipGabani
- Prepare v3.15.0-beta.0 release (#3142) by @github-actions[bot]
- adding default helm values for pubsub audit connection and channel (#3097) by @JaydipGabani
- bump kubectl from 1.28.2 to v1.28.3 (#3101) by @dependabot[bot]
- add codeowners (#3110) by @sozercan
- bump @docusaurus/preset-classic from 2.4.0 to 2.4.3 in /website (#3022) by @dependabot[bot]
- bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#3087) by @dependabot[bot]
- bump @docusaurus/core from 2.4.0 to 2.4.3 in /website (#3021) by @dependabot[bot]
- bump the all group with 1 update (#3104) by @dependabot[bot]
- bump cloud.google.com/go/trace from 1.10.1 to 1.10.2 (#3095) by @dependabot[bot]
- bump github.com/onsi/gomega from 1.27.7 to 1.27.10 (#2900) by @dependabot[bot]
- bump the all group with 3 updates (#3088) by @dependabot[bot]
- bump @babel/traverse from 7.18.8 to 7.23.2 in /website (#3075) by @dependabot[bot]
- bump frameworks for 3.14 (#3083) by @sozercan
Full Changelog: v3.14.0...v3.15.0
v3.15.0-rc.0
Features
Bug Fixes
- Ident podLabels on deployments (#3153) #3153 (João Silva)
- log panic in am (#3174) #3174 (alex)
- disable psp as default (#3179) #3179 (Rita Zhang)
Documentation
- automate installation docs to point to tag (#3178) #3178 (Sertaç Özercan)
- Update install.md (#3191) #3191 (Asya-kawai)
- update repo env var (#3203) #3203 (Rita Zhang)
- syncset docs (#3202) #3202 (alex)
Tests
- bump dapr to 1.12 (#3108) #3108 (Sertaç Özercan)
Continuous Integration
- set up go version for govulncheck (#3159) #3159 (Sertaç Özercan)
Chores
- auto tagging after release pr is merged (#3135) #3135 (Jaydipkumar Arvindbhai Gabani)
- bump the all group with 5 updates (#3182) #3182 (dependabot[bot])
- bump golang from
26c7537
tofe69f48
in /build/tooling (#3148) #3148 (dependabot[bot]) - bump golang from
26c7537
tofe69f48
in /test/image (#3150) #3150 (dependabot[bot]) - fix golanglint, checkout prior to setup-go (#3206) #3206 (Andrew Peabody)
- bump the all group with 5 updates (#3207) #3207 (dependabot[bot])
- bump golang.org/x/crypto from 0.14.0 to 0.17.0 (#3197) #3197 (dependabot[bot])
- bump golang from
fe69f48
toca78a56
in /test/image (#3196) #3196 (dependabot[bot]) - bump golang from
fe69f48
toca78a56
in /build/tooling (#3194) #3194 (dependabot[bot]) - bump github.com/containerd/containerd from 1.7.6 to 1.7.11 (#3198) #3198 (dependabot[bot])
- bump kubectl from v1.28.3 to v1.29.0 (#3193) #3193 (dependabot[bot])
- bump follow-redirects from 1.14.9 to 1.15.4 in /website (#3208) #3208 (dependabot[bot])
- bump cloud.google.com/go/trace from 1.10.2 to 1.10.4 (#3149) #3149 (dependabot[bot])
- bump github.com/docker/docker from 24.0.6+incompatible to 24.0.7+incompatible (#3127) #3127 (dependabot[bot])
- bump clsx from 1.2.1 to 2.1.0 in /website (#3204) #3204 (dependabot[bot])
- bump the k8s group with 3 updates (#3209) #3209 (dependabot[bot])
- bump framework to 18fa1fc7dc06 (#3211) #3211 (Rita Zhang)
- moving to otel from opencensus (#3011) #3011 (Jaydipkumar Arvindbhai Gabani)
- bump golang from
1e3c713
to6ac4c35
in /build/tooling (#3221) #3221 (dependabot[bot]) - bump golang from
1e3c713
to6ac4c35
in /test/image (#3220) #3220 (dependabot[bot]) - bump the k8s group with 2 updates (#3226) #3226 (dependabot[bot])
- Prepare v3.15.0-rc.0 release (#3230) #3230 (github-actions[bot])
v3.15.0-beta.0
Bug Fixes
- helm: add nindent in objectSelector (#3071) #3071 (leewoobin789)
- limit length of ExpansionTemplate names to <64 (#3078) #3078 (Davis Haba)
- support DELETE configs validation (#3089) #3089 (alex)
- auto signing PR for dco (#3120) #3120 (Jaydipkumar Arvindbhai Gabani)
- fixes disable cache flow (#3132) #3132 (Nilekh Chaudhari)
- ns exclusion audit from cache (#3129) #3129 (alex)
- check name length for all gk resources (#3094) #3094 (alex)
- only validate gk res (#3158) #3158 (alex)
Documentation
- update vap demo readme (#3096) #3096 (Sertaç Özercan)
- examples, fix:improve gator err msg (#3079) #3079 (alex)
- clarify rc release (#3139) #3139 (Sertaç Özercan)
Code Refactoring
Continuous Integration
- drop arm/v7 builds for crd image (#3074) #3074 (Sertaç Özercan)
- add govulncheck (#3114) #3114 (Sertaç Özercan)
Chores
- bump frameworks for 3.14 (#3083) #3083 (Sertaç Özercan)
- bump @babel/traverse from 7.18.8 to 7.23.2 in /website (#3075) #3075 (dependabot[bot])
- bump the all group with 3 updates (#3088) #3088 (dependabot[bot])
- bump github.com/onsi/gomega from 1.27.7 to 1.27.10 (#2900) #2900 (dependabot[bot])
- bump cloud.google.com/go/trace from 1.10.1 to 1.10.2 (#3095) #3095 (dependabot[bot])
- bump the all group with 1 update (#3104) #3104 (dependabot[bot])
- bump @docusaurus/core from 2.4.0 to 2.4.3 in /website (#3021) #3021 (dependabot[bot])
- bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#3087) #3087 (dependabot[bot])
- bump @docusaurus/preset-classic from 2.4.0 to 2.4.3 in /website (#3022) #3022 (dependabot[bot])
- add codeowners (#3110) #3110 (Sertaç Özercan)
- bump kubectl from 1.28.2 to v1.28.3 (#3101) #3101 (dependabot[bot])
- adding default helm values for pubsub audit connection and channel (#3097) #3097 (Jaydipkumar Arvindbhai Gabani)
- Prepare v3.15.0-beta.0 release (#3142) #3142 (github-actions[bot])
v3.13.4
Bug Fixes
- CVE-2023-45142 for release 3.13 (#3113) #3113 (Sertaç Özercan)
- ns exclusion audit from cache (#3129) cherry-pick for 3.13 (#3140) #3140 (alex)
Chores
- bump kubectl for release 3.13 (#3118) #3118 (Sertaç Özercan)
- Prepare v3.13.4 release (#3144) #3144 (github-actions[bot])
v3.14.0
Notable Changes
- 🧪 Improves experimental Validating Admission Policy (VAP) support
- 🚂 Updates OPA to v0.57.1
Features
- Add Recommended Helm/K8s labels (#2788) #2788 (James Bruce)
- allow changing the default revisionHistoryLimit (#2920) #2920 (tberreis)
- Upgrade constraint framework to add new K8s Native Validation driver schema by @maxsmythe in #2951
- Support multiple sync sources by @acpana in #2852
- Exposes --external-data-provider-response-cache-ttl via helm chart by @nilekhc in #2978
- Enhance replay by @acpana in #2984
- Print object name on test output by @Duologic in #3018
- Disables provider response cache when TTL is set to 0 by @nilekhc in #3028
Bug Fixes
- helm-chart: controller-manager wh name flags (#2879) #2879 (Ugur Can Ozturk)
- enable cert rotation for audit by default (#2875) #2875 (Jaydipkumar Arvindbhai Gabani)
- rework ns check, refactor: bubble up match err for mut (#2812) #2812 (alex)
- fixes disable cache flow (#3134) #3134 (Nilekh Chaudhari)
- ns exclusion audit from cache (#3129) cherry-pick for 3.14 (#3141) #3141 (alex)
- Remove readiness tracker deadlock caused by duplicate syncs by @maxsmythe in #2970
- Update audit-from-cache flag description by @ssheladiya in #2989
- Mutation: use
generateName
for generated resources when logging by @acpana in #2974 - Adding flag to validate rego for templates by @JaydipGabani in #3026
- Use log level 1 for debug by @acpana in #3039
- Protect agg against empty gvks by @acpana in #3040
Refactoring
- Use buildinfo to get opa and frameworks version by @sozercan in #2950
- Adder interface, rename data client by @acpana in #2991
Continuous Integration
- cherry-pick #3074 for release-3.14 (#3076) #3076 (Sertaç Özercan)
- Group dependabot prs by @sozercan in #2969
- Validate docs by @sozercan in #2968
- Lint timeout m 5->7 by @acpana in #3005
- Filter out helm gh pages image from release cleanup by @sozercan in #3053
- Cherry-pick #3074 for release-3.14 by @sozercan in #3076
Documentation
- adding doc for pubsub (#2808) #2808 (Jaydipkumar Arvindbhai Gabani)
- update release cadence to three months (#2914) #2914 (Xander Grzywinski)
- add config alpha state and exempt-namespace docs (#2890) #2890 (Xander Grzywinski)
- Add status tag for expansion metric (#2919) #2919 (Rita Zhang)
- Non default ns eg by @acpana in #2939
- Add docs for cel based Validating Admission Policy support by @ritazh in #2960
- Update vap by @ritazh in #2961
- Removing quotes from the title in expansion template doc by @JaydipGabani in #2964
- Adds documentation about provider response caching by @nilekhc in #2927
- Add opa version map to site and version badge to README by @salaxander in #2982
- Add docs on mutation annotations by @salaxander in #2999
Chores
- cherry pick #3083 for release 3.14 (#3086) #3086 (Sertaç Özercan)
- bump k8s.io/client-go from 0.27.2 to 0.27.4 (#2898) #2898 (dependabot[bot])
- bump go.uber.org/automaxprocs from 1.5.2 to 1.5.3 (#2897) #2897 (dependabot[bot])
- removing pubsub design from proposed section (#2904) #2904 (Jaydipkumar Arvindbhai Gabani)
- bump golang from
851af0a
to2ae255c
in /build/tooling (#2912) #2912 (dependabot[bot]) - bump golang from
851af0a
to2ae255c
in /test/image (#2913) #2913 (dependabot[bot]) - bump actions/setup-node from 3.6.0 to 3.7.0 (#2886) #2886 (dependabot[bot])
- bump actions/setup-go from 3 to 4 (#2795) #2795 (dependabot[bot])
- bump golangci/golangci-lint-action from 3.4.0 to 3.6.0 (#2829) #2829 (dependabot[bot])
- bump step-security/harden-runner from 2.4.0 to 2.5.0 (#2902) #2902 (dependabot[bot])
- bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 (#2887) #2887 (dependabot[bot])
- bump semver from 5.7.1 to 5.7.2 in /website (#2870) #2870 (dependabot[bot])
- bump k8s.io/apiextensions-apiserver from 0.27.2 to 0.27.4 (#2910) #2910 (dependabot[bot])
- bump github/codeql-action from 2.20.4 to 2.21.2 (#2923) #2923 (dependabot[bot])
- bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#2921) #2921 (dependabot[bot])
- bump peter-evans/create-or-update-comment from 3.0.1 to 3.0.2 (#2922) [#2922](https://...
v3.14.0-rc.2
This release candidate release updates OPA to v0.57.1
Chores
- cherry pick #3083 for release 3.14 (#3086) #3086 (Sertaç Özercan)
- Prepare v3.14.0-rc.2 release (#3091) #3091 (github-actions[bot])
v3.14.0-rc.1
Continuous Integration
- cherry-pick #3074 for release-3.14 (#3076) #3076 (Sertaç Özercan)
v3.13.3
This patch release fixes CVE-2023-39325
Bug Fixes
- cherry pick #3060 (#3061) #3061 (Sertaç Özercan)
Chores
- Prepare v3.13.3 release (#3063) #3063 (github-actions[bot])