v3.9.0
Notable changes
- External Data TLS/mTLS support 🔐
- Ability to validate subresources 🔎
- OpenCensus and Stackdriver exporters 🏹
- Performance improvements 🏃♂️
Features
- Add post-upgrade job for labeling namespace (#2113) #2113 (Zhimin Xiang)
- Add Constraint schema validation testing (#2092) #2092 (Will Beason)
- Add pod annotations specific for openshift environment (#2116) #2116 (Erez Tamam)
- Allow wildcard at start string and end together (#2130) #2130 (Erez Tamam)
- TLS support for External Data Providers (#2121) #2121 (Ernest Wong)
- Add extra rules to all roles (#2110) #2110 (Erez Tamam)
- adding pod security context variable (#2127) #2127 (ChrisFraun)
- Make gatekeeper validate subresources (#2054) #2054 (Mac Chaffee)
- Allow explicitly skipping tests in gator verify (#2078) #2078 (Will Beason)
- Added dockerfile for gator (#2077) #2077 (HenriWilliams)
- add opencensus and stackdriver exporters (#2017) #2017 (Max Smythe)
- charts: Add objectSelector to webhooks (#2034) #2034 (Nicholas Blott)
- Label exempted namespaces (#2029) #2029 (Mathieu Parent)
- Allow to set affinity for upgradeCRDs (#2015) (Bryan Pearson) #2015
- Add metrics backend flag to Helm chart (#2051) #2051 (Max Smythe)
Performance Improvements
- Integrate go.uber.org/automaxprocs (#2080) #2080 (Max Smythe)
Bug Fixes
- Fix Helm chart webhook exempt Namespace label templating (#2090) #2090 (Luke Addison)
- Validation error in all_ns_must_have_gatekeeper constraint (#2091) #2091 (Amit Raj)
- #2095 GV in constraint StatusViolation (#2098) #2098 (Prachi Pendse)
- Add kubernetes job annotations (#2115) #2115 (Ben Wells)
- remove prs from codeql (#2139) #2139 (Sertaç Özercan)
- Add CTs to sync unit test to avoid flakiness (#2065) #2065 (Max Smythe)
- Add gatekeeper-webhook post install hook to Helm chart (#2052) #2052 (Joao Ubaldo)
- Adding possibility to define extra Role rules (#2064) #2064 (Jiri Tyr)
- Update CF to fix unenforced violations on data deletion (#2038) (Max Smythe) #2038
- release branches shouldn't trigger prerelease job (#2041) (Sertaç Özercan) #2041
- Upgrade deps, including OPA to v0.40.0 (#2069) (Will Beason) #2069
Documentation
- clarify k8s support (#2112) #2112 (Sertaç Özercan)
- add group and version to audit status violations (#2134) #2134 (Rita Zhang)
- TLS and mTLS documentation (#2141) #2141 (Ernest Wong)
- document about using inventory in Case (#2068) #2068 (Jeongwook Park)
- use release-3.8 manifest in v3.8.x installation doc (#2025) #2025 (Ernest Wong)
- add compiler sharding (#2030) #2030 (Rita Zhang)
- mention NET_BIND_SERVICE in cloud-specific (#1983) #1983 (Viktor Oreshkin)
Continuous Integration
- add codeql action (#2138) #2138 (Sertaç Özercan)
- add buildx-builder to gator docker build (#2088) (Sertaç Özercan) #2088
- bump kind and k8s versions (#2048) #2048 (Sertaç Özercan)
Tests
- Use a different template kind per test (#2067) #2067 (Max Smythe)
Chores
- bump k8s.io/client-go from 0.24.1 to 0.24.2 (#2109) #2109 (dependabot[bot])
- bump sigs.k8s.io/controller-runtime from 0.12.1 to 0.12.2 (#2124) #2124 (dependabot[bot])
- Update to opa v0.41 (#2093) #2093 (Manuel Rüger)
- bump github/codeql-action from 2.1.14 to 2.1.15 (#2140) #2140 (dependabot[bot])
- bump clsx from 1.1.1 to 1.2.0 in /website (#2143) #2143 (dependabot[bot])
- bump clsx from 1.2.0 to 1.2.1 in /website (#2148) #2148 (dependabot[bot])
- bump @docusaurus/core from 2.0.0-beta.20 to 2.0.0-beta.21 in /website (#2072) #2072 (dependabot[bot])
- bump @docusaurus/preset-classic from 2.0.0-beta.20 to 2.0.0-beta.21 in /website (#2071) #2071 (dependabot[bot])
- bump k8s.io/apiextensions-apiserver from 0.23.5 to 0.23.6 (#2021) #2021 (dependabot[bot])
- bump @docusaurus/core from 2.0.0-beta.18 to 2.0.0-beta.19 in /website (#2042) #2042 (dependabot[bot])
- bump @docusaurus/preset-classic from 2.0.0-beta.18 to 2.0.0-beta.19 in /website (#2043) #2043 (dependabot[bot])
- bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#2033) #2033 (dependabot[bot])
- bump @docusaurus/core from 2.0.0-beta.19 to 2.0.0-beta.20 in /website (#2045) #2045 (dependabot[bot])
- bump @docusaurus/preset-classic from 2.0.0-beta.19 to 2.0.0-beta.20 in /website (#2044) #2044 (dependabot[bot])
- bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 (#2049) #2049 (dependabot[bot])
- Remove "Unstable" field from G8r target's gkReview object (#2031) (Huang Huang) #2031
New Contributors
- @stek29 made their first contribution in #1982
- @jocelynthode made their first contribution in #2008
- @resnostyle made their first contribution in #2015
- @blottn made their first contribution in #2034
- @henrysecond1 made their first contribution in #2068
- @joaoubaldo made their first contribution in #2052
- @jtyr made their first contribution in #2064
- @HenriWilliams made their first contribution in #2077
- @dippynark made their first contribution in #2090
- @inboxamitraj made their first contribution in #2091
- @bvwells made their first contribution in #2115
- @erezo9 made their first contribution in #2116
- @ChrisFraun made their first contribution in #2127
Full Changelog: v3.8.0...v3.9.0
Contributors
resnostyle, joaoubaldo, and 11 other contributors