v3.17.0
Notable Changes
- 🎓 CEL-based policies enforced through Gatekeeper is in beta!
- ⚙️ Generating VAP (Validating Admission Policy) in Gatekeeper has transitioned from using annotations to specifying fields in ConstraintTemplate and Constraint. Please find out more details using VAP through Gatekeeper.
- 🎬 Ability to enforce specific action for Gatekeeper webhook, audit, gator, or VAP in the same constraint through
scopedEnforcementActions
field underspec
in Constraints.
Features
- add support for CONNECT operations (#3459) #3459 (Thomas Chaplin)
- adding scopedenforcementactions (#3321) #3321 (Jaydipkumar Arvindbhai Gabani)
- separate podlabels in controller-manager and audit deployment (#3378) #3378 (Robert Bublik)
- moving k8s-native-validation feature to beta (#3476) #3476 (Jaydipkumar Arvindbhai Gabani)
- check for CT generateVap intent before generating vapbinding (#3479) #3479 (Jaydipkumar Arvindbhai Gabani)
- adding generateVAP field, removing annotations for vap (#3398) #3398 (Jaydipkumar Arvindbhai Gabani)
- Make service account configurable and add option to opt out of creation (#3404) #3404 (Stef Graces)
Bug Fixes
- fixing artifact upload error (#3437) #3437 (Jaydipkumar Arvindbhai Gabani)
- adding pod subresources in mutation rules (#3426) #3426 (Jaydipkumar Arvindbhai Gabani)
- include cel flags on audit deployment (#3414) #3414 (Noah Reisch)
- only set matchConditions on webhook when not empty (#3412) #3412 (Martijn van der Ploeg)
- #3146 Support close open/fail for Ready Tracker & surface errors swallowed by grp.Wait() (#3308) #3308 (David Lee)
- Remove crashOnFailureFetchingExpectations flag (#3453) #3453 (David Lee)
- fixing error reporting for templates without CEL, cherry-pick (#3493) (#3495) #3495 (Jaydipkumar Arvindbhai Gabani)
Documentation
- quote the subPath conditional (#3385) #3385 (JenTing)
- Update mutation assign doc (#3433) #3433 (Anlan Du)
Continuous Integration
- fix test storage url (#3427) #3427 (Sertaç Özercan)
- revert kubebuilder custom env (#3430) #3430 (Sertaç Özercan)
- adding k8s-1.30 (#3447) #3447 (Jaydipkumar Arvindbhai Gabani)
- fix dockerfile lint (#3474) #3474 (Sertaç Özercan)
Chores
- bump BASEIMAGE from static to static-debian12 (#3386) #3386 (Sahil Verma)
- bump google.golang.org/grpc from 1.62.1 to 1.62.2 (#3346) #3346 (dependabot[bot])
- bump sigs.k8s.io/controller-runtime from 0.17.3 to 0.17.5 in the k8s group across 1 directory (#3382) #3382 (dependabot[bot])
- bump the k8s group across 1 directory with 5 updates (#3387) #3387 (dependabot[bot])
- bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 (#3381) #3381 (dependabot[bot])
- bump cloud.google.com/go/trace from 1.10.6 to 1.10.7 (#3373) #3373 (dependabot[bot])
- bump kubectl from v1.30.0 to v1.30.1 (#3390) #3390 (dependabot[bot])
- bumping to frameworks 2ece026 (#3392) #3392 (Jaydipkumar Arvindbhai Gabani)
- bump golang from
d996c64
to48b942a
in /build/tooling (#3347) #3347 (dependabot[bot]) - Patch docs for 3.16.1 release (#3395) #3395 (github-actions[bot])
- bumping frameworks/constraints to 5368a3b697f2 (#3399) #3399 (Jaydipkumar Arvindbhai Gabani)
- Patch docs for 3.16.3 release (#3407) #3407 (Jaydipkumar Arvindbhai Gabani)
- bump the all group across 1 directory with 12 updates (#3431) #3431 (dependabot[bot])
- bump braces from 3.0.2 to 3.0.3 in /website (#3424) #3424 (dependabot[bot])
- bump github.com/go-logr/logr from 1.4.1 to 1.4.2 (#3403) #3403 (dependabot[bot])
- bump the all group across 1 directory with 2 updates (#3444) #3444 (dependabot[bot])
- bump golang from
5c56bd4
toaec4784
in /build/tooling (#3417) #3417 (dependabot[bot]) - bump ws from 7.5.7 to 7.5.10 in /website (#3425) #3425 (dependabot[bot])
- bump kubectl from v1.30.1 to v1.30.2 (#3420) #3420 (dependabot[bot])
- bump google.golang.org/protobuf from 1.34.0 to 1.34.2 (#3423) #3423 (dependabot[bot])
- bump github.com/spf13/cobra from 1.8.0 to 1.8.1 (#3422) #3422 (dependabot[bot])
- bump the k8s group with 4 updates (#3421) #3421 (dependabot[bot])
- bump google.golang.org/grpc from 1.63.2 to 1.63.3 (#3448) #3448 (dependabot[bot])
- fixing deprecating function in dapr fake test client (#3451) #3451 (Jaydipkumar Arvindbhai Gabani)
- bump the all group with 4 updates (#3449) #3449 (dependabot[bot])
- bump kubectl from v1.30.2 to v1.30.3 (#3455) #3455 (dependabot[bot])
- bump the k8s group with 4 updates (#3456) #3456 (dependabot[bot])
- bump the all group with 2 updates (#3454) #3454 (dependabot[bot])
- bump cloud.google.com/go/trace from 1.10.7 to 1.10.11 (#3461) #3461 (dependabot[bot])
- bump the all group with 2 updates (#3466) #3466 (dependabot[bot])
- bump golang from
6c27802
toaf9b40f
in /build/tooling (#3465) #3465 (dependabot[bot]) - bump github.com/docker/docker from 25.0.5+incompatible to 26.1.4+incompatible (#3467) #3467 (dependabot[bot])
- Add optional rollingUpdate strategy parameters to helm chart (#3406) #3406 (Stefan Peer)
- add document separator to the generated manifests (#3462) #3462 (Ankur Kothiwal)
- bumping-otel to 1.28 (#3469) #3469 (Jaydipkumar Arvindbhai Gabani)
- bump actions/upload-artifact from 4.3.4 to 4.3.5 in the all group (#3473) #3473 (dependabot[bot])
- upgrading to 0.30 api, creating v1 or v1beta1 VAP/VAPB (#3472) #3472 (Jaydipkumar Arvindbhai Gabani)
- bump cert-controller to 0.11.0 (#3480) #3480 (Sertaç Özercan)
- bump github.com/docker/docker from 26.1.4+incompatible to 26.1.5+incompatible (#3482) #3482 (dependabot[bot])
- Removing setting alpha flags for vap/vapb generation unless explicitly set through helm (#3481) #3481 (Jaydipkumar Arvindbhai Gabani)
- bump golang from
af9b40f
to39b7e6e
in /build/tooling (#3488) #3488 (dependabot[bot]) - Prepare v3.17.0-rc.0 release (#3490) #3490 (github-actions[bot])
- Prepare v3.17.0-rc.1 release #3496 (JaydipGabani)
- Prepare v3.17.0-rc.1 release (#3496) #3496 (github-actions[bot])
- Prepare v3.17.0 release (#3509) #3509 (github-actions[bot])