v3.13.0
·
192 commits
to master
since this release
This stable release has no other functional changes from v3.13.0-rc.1.
Notable Changes
- 📚 Added PubSub support for audit.
- 🎓 ExpansionTemplates that validate workload resources has graduated to beta!
- 🧪 Added experimental
ValidatingAdmissionPolicy(VAP) driver. - 🗃️ Added support for External Data Provider Audit Cache.
- 🔭 Observability statistics for admission, audit and gator CLI is now available!
Features
- add syncset crd (#2775) #2775 (alex)
- log details on log denies (#2813) #2813 (alex)
- Support adding priority class to Jobs (#2822) #2822 (Grace Do)
- Upgrade to k8s v1.27.2; controller-runtime v0.15.0; add VAP prototype (#2819) #2819 (Max Smythe)
- Graduate ExpansionTemplate CRD to beta (#2857) #2857 (Davis Haba)
- implements external data response cache (#2823) #2823 (Nilekh Chaudhari)
- stats in webhook, audit & gator (#2686) #2686 (alex)
- recursive expansion (#2679) #2679 (Davis Haba)
- add webhookURL helm option (#2722) #2722 (Navid)
- activate stats when flag is on in audit, webhook (#2749) #2749 (alex)
- add gvk aggregator (#2733) #2733 (alex)
- Sync annotation unmarshaling in gator (#2734) #2734 (Anlan Du)
- Adding pubsub interface (#2538) #2538 (Jaydipkumar Arvindbhai Gabani)
- implement expansion template pod status (#2598) #2598 (Davis Haba)
Bug Fixes
- Pkg Wildcard Validation to allow the ':' character (#2797) #2797 (Nobu)
- correct identation for webhook-configs-pre-delete.yaml (#2817) #2817 (Vaishnav Gaikwad)
- statically link gator binary (#2840) #2840 (alex)
- name matcher to match generate names as well (#2841) #2841 (Jaydipkumar Arvindbhai Gabani)
- security context value indentation for gatekeeper-delete-webhook-configs job (#2862) #2862 (Vardhaman Surana)
- helm probe webhook retry logic (#2873) #2873 (Eshaan Mathur)
- eliminate deadlock-on-exit (#2708) #2708 (Max Smythe)
- duplicate gator version (#2743) #2743 (Sertaç Özercan)
- memory leak in the webhook TLS healthcheck (#2690) #2690 (Thibault Deutsch)
Documentation
- Gator syncset doc (#2833) #2833 (Anlan Du)
- fix link coloring issue in dark mode (#2867) #2867 (Rajeesh C V)
- adding doc for benchmarking (#2866) #2866 (Jaydipkumar Arvindbhai Gabani)
- update all design doc links to new drive locations (#2791) #2791 (Xander Grzywinski)
- Fix typo in ExpansionTemplate (#2884) #2884 (Calle Pettersson)
- Add External Data Response Cache design doc and reorg links based on … (#2724) #2724 (Rita Zhang)
- add landing page to website (#2677) #2677 (Xander Grzywinski)
- add assignImage mutation demo (#2694) #2694 (Rita Zhang)
- Fix meeting link in website bottom bar (#2736) #2736 (Max Smythe)
- remove old redirect for website (#2729) #2729 (Xander Grzywinski)
- expansion docs rewrite (#2707) #2707 (alex)
- fix link to policy library on website (#2738) #2738 (Xander Grzywinski)
- Adding pubsub design to docs (#2732) #2732 (Jaydipkumar Arvindbhai Gabani)
- add docs about stats (#2776) #2776 (alex)
- update applyTo description to mention AssignImage (#2648) #2648 (Davis Haba)
- add sbom and provenance (#2665) #2665 (Sertaç Özercan)
- Add sync resource proposal to design docs (#2674) #2674 (Anlan Du)
- Fix typo (#2669) #2669 (Matthias Teich)
Continuous Integration
- bump trivy version (#2737) #2737 (Sertaç Özercan)
- [StepSecurity] Apply security best practices (#2726) #2726 (StepSecurity Bot)
- fix release action (#2807) #2807 (Sertaç Özercan)
Code Refactoring
- loggers in webhook handlers (#2786) #2786 (alex)
- introduce CacheManager (#2785) #2785 (alex)
- move util.Wildcard into its own package (#2853) #2853 (Christoph Mewes)
Tests
- adding unit tests for dapr and updating dapr sdk version (#2846) #2846 (Jaydipkumar Arvindbhai Gabani)
- use custom filter to make tests less brittle (#2544) #2544 (alex)
- Upgrade checkout action to v3 (#2658) #2658 (Benjamin Muschko)
- fix gator cli build (#2657) #2657 (Sertaç Özercan)
Chores
- upgrade cf to have the defaults injection (#2811) #2811 (alex)
- pkg imported more than once (#2851) #2851 (guangwu)
- bump golang from
918857fto419bc89in /test/image (#2830) #2830 (dependabot[bot]) - bump golang from
918857fto419bc89in /build/tooling (#2831) #2831 (dependabot[bot]) - add ability to choose deployment strategy for controller-manager (#2777) #2777 (Patrik Chadima)
- bump golang from
a3598b9tod9f7519in /test/image (#2868) #2868 (dependabot[bot]) - bump golang from
a3598b9tod9f7519in /build/tooling (#2869) #2869 (dependabot[bot]) - update cert-controller (#2876) #2876 (alex)
- bump golang from
d9f7519to851af0ain /test/image (#2882) #2882 (dependabot[bot]) - bump golang from
d9f7519to851af0ain /build/tooling (#2880) #2880 (dependabot[bot]) - bump github/codeql-action from 2.3.3 to 2.20.4 (#2883) #2883 (dependabot[bot])
- bump github.com/stretchr/testify from 1.8.2 to 1.8.4 (#2815) #2815 (dependabot[bot])
- bump github.com/go-logr/zapr from 1.2.3 to 1.2.4 (#2756) #2756 (dependabot[bot])
- bump github.com/docker/distribution from 2.8.1+incompatible to 2.8.2+incompatible (#2752) #2752 (dependabot[bot])
- bump actions/dependency-review-action from 3.0.4 to 3.0.6 (#2809) #2809 (dependabot[bot])
- bump actions/checkout from 3.3.0 to 3.5.3 (#2828) #2828 (dependabot[bot])
- Prepare v3.13.0-rc.1 release (#2901) #2901 (github-actions[bot])
- bump k8s.io/apiextensions-apiserver from 0.26.3 to 0.26.4 (#2704) #2704 (dependabot[bot])
- bump github/codeql-action from 2.2.11 to 2.2.12 (#2700) #2700 (dependabot[bot])
- bump github/codeql-action from 2.2.12 to 2.3.0 (#2714) #2714 (dependabot[bot])
- configure retries in pre-upgrade hook job (helm) (#2710) #2710 (Anish Ramasekar)
- add k8s 1.27 to tests (#2692) #2692 (Sertaç Özercan)
- bump github/codeql-action from 2.3.0 to 2.3.2 (#2728) #2728 (dependabot[bot])
- bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.9.4 (#2745) #2745 (dependabot[bot])
- bump github/codeql-action from 2.3.2 to 2.3.3 (#2741) #2741 (dependabot[bot])
- Replace ghodss/yaml with sigs.k8s.io/yaml (#2697) #2697 (Manuel Rüger)
- update go module with /v3 (#2742) #2742 (Sertaç Özercan)
- bump actions/checkout from 3.3.0 to 3.5.2 (#2764) #2764 (dependabot[bot])
- bump actions/setup-go from 4.0.0 to 4.0.1 (#2763) #2763 (dependabot[bot])
- bump codecov/codecov-action from 3.1.3 to 3.1.4 (#2766) #2766 (dependabot[bot])
- bump actions/dependency-review-action from 2.5.1 to 3.0.4 (#2765) #2765 (dependabot[bot])
- bump golang from
595c9afto2dc5c56in /build/tooling (#2761) #2761 (dependabot[bot]) - bump peter-evans/create-or-update-comment from 3.0.0 to 3.0.1 (#2762) #2762 (dependabot[bot])
- bump ossf/scorecard-action from 2.0.6 to 2.1.3 (#2770) #2770 (dependabot[bot])
- bump golang from
595c9afto2dc5c56in /test/image (#2760) #2760 (dependabot[bot]) - bump step-security/harden-runner from 2.3.1 to 2.4.0 (#2771) #2771 (dependabot[bot])
- bump github/codeql-action from 2.3.1 to 2.3.3 (#2772) #2772 (dependabot[bot])
- migrate to dl.k8s.io storage (#2759) #2759 (Sertaç Özercan)
- bump peter-evans/create-pull-request from 5.0.0 to 5.0.1 (#2773) #2773 (dependabot[bot])
- bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 (#2769) #2769 (dependabot[bot])
- bump golang from
2dc5c56to918857fin /build/tooling (#2804) #2804 (dependabot[bot]) - bump golang from
2dc5c56to918857fin /test/image (#2803) #2803 (dependabot[bot]) - Prepare v3.13.0-beta.1 release (#2806) #2806 (github-actions[bot])
- Prepare v3.13.0 release (#2934) #2934 (github-actions[bot])
- bump @docusaurus/core from 2.3.1 to 2.4.0 in /website (#2640) #2640 (dependabot[bot])
- bump @docusaurus/preset-classic from 2.3.1 to 2.4.0 in /website (#2639) #2639 (dependabot[bot])
- bump github.com/onsi/gomega from 1.27.4 to 1.27.5 (#2644) #2644 (dependabot[bot])
- bump github/codeql-action from 2.2.8 to 2.2.9 (#2651) #2651 (dependabot[bot])
- bump peaceiris/actions-gh-pages from 3.9.2 to 3.9.3 (#2664) #2664 (dependabot[bot])
- bump webpack from 5.73.0 to 5.76.3 in /website (#2652) #2652 (dependabot[bot])
- bump sigs.k8s.io/controller-runtime from 0.14.5 to 0.14.6 (#2673) #2673 (dependabot[bot])
- bump github.com/onsi/gomega from 1.27.5 to 1.27.6 (#2671) #2671 (dependabot[bot])
- bump github.com/go-logr/logr from 1.2.3 to 1.2.4 (#2672) #2672 (dependabot[bot])
- bump peter-evans/create-or-update-comment from 2 to 3 (#2680) #2680 (dependabot[bot])
- bump github/codeql-action from 2.2.9 to 2.2.11 (#2689) #2689 (dependabot[bot])
- bump peter-evans/create-pull-request from 4 to 5 (#2681) #2681 (dependabot[bot])
- bump github.com/docker/docker from 20.10.21+incompatible to 20.10.24+incompatible (#2676) #2676 (dependabot[bot])
- upgrade CF for stats (#2698) #2698 (alex)
- Prepare v3.13.0-beta.0 release (#2701) #2701 (github-actions[bot])
New Contributors
- @Mitsuwa made their first contribution in #2797
- @doflamingo721 made their first contribution in #2817
- @testwill made their first contribution in #2851
- @xrstf made their first contribution in #2853
- @Hy3n4 made their first contribution in #2777
- @vardhaman-surana made their first contribution in #2862
- @cvrajeesh made their first contribution in #2867
- @carlpett made their first contribution in #2884
- @eshaanm25 made their first contribution in #2873
- @golpa made their first contribution in #2722
- @step-security-bot made their first contribution in #2726
- @bmuschko made their first contribution in #2658
- @Mattes83 made their first contribution in #2669
- @dethi made their first contribution in #2690
Full Changelog: v3.12.0...v3.13.0
Contributors
xrstf, carlpett, and 12 other contributors