v3.1.0-beta.2

Bug Fixes 🐞

• Fix deadlock. (#361)

v3.1.0-beta.1

DO NOT USE

This release has a deadlock, fixed by: #361

Features 🌈

• Initial metrics integration (#290)

Bug Fixes 🐞

• Use patch to set finalizers (#317)
• Add security context to Gatekeeper container (#273)
• Clean up watch manager (#308)
• Use namespace of Pod as namespace for cert secret (#347)
• Inject namespace as part of the request. (#344)

v3.1.0-beta.0

Warning

This release is a migration to Kubebuilder V2, which changes the structure of the deployment. If upgrading, we recommend you uninstall the previous version of Gatekeeper before deploying the new version.

Features 🌈

• ValidatingAdmissionWebhookConfiguration can be fully configured from the manifest -- no more clobbering
• Certificate generation/rotation can be disabled by setting the flag: --disable-cert-rotation
• Gatekeeper is mangaged via a Deployment resource instead of a StatefulSet
• Migrate to Kubebuilder V2 (#292)
• Upgrade constraint framework, enabling multi-source constraints (#270)

Bug Fixes 🐞

• Stop caching constraint status to OPA (#313)
• Increase CPU limits (#309)
• Removed unnecessary layers/file copies from Docker images (#279)

v3.0.4-beta.2

This beta release includes bug fixes and stable api versions.

Features 🌈

• add psp library seccomp and apparmor annotations (#236)
• Add Https Only to library (#260)
• Add unique ingress host to library (#253)
• add psp library forbidden sysctls (#233)
• add psp library selinux (#234)

Bug Fixes 🐞

• Do not assume the operation is CREATE on audit (#267)
• Watch manager should ignore unrecognized groups (#263)
• Add make target-template-source to build pkg/target/target_template_source.go (#257)
• Image package update and run as a non-root user (#252)
• Dependency Updates (#251)
• Use struct literal instead of an interface for the client (#241)
• Service selector needs to not be in a system namespace in order to be denied (#227)

v3.0.4-beta.1

This beta release includes bug fixes and stable api versions.

Features 🌈

• Add dry run feature (#202)
• Add PSP constraints and CTs to library (#203)
• Add docs and update script for make release (#220)
• Add e2e with kind and bats tests (#211)
• Upgrade constraint framework (#218)
• Make logging configurable (#212)
• Add demo templates to the constraint template library (#205)

Bug Fixes 🐞

• Update templates and constraints version (#221)
• Fix handling of unrecognized constraints on deletion (#208)
• Always check for a tag update before building container (#201)
• Make gatekeeper namespace-agnostic (#200)

v3.0.4-beta.0

This beta release includes bug fixes and stable api versions.

Features 🌈

• Convert to using beta resources. (#190)
• Add enforcementAction to status (#180)

Bug Fixes 🐞

• Conversion errors should be fatal (#197)
• Update apiversion, input in yaml (#193)

v3.0.4-alpha.0

This alpha release includes breaking changes and bug fixes.

v3.0.3-alpha.0

This alpha release includes breaking changes and bug fixes.

Breaking Changes ⚠️

• Rename deny rule to violation (#169)
• Change to HA-Compatible Status Schemas (#159)
• Fix CT name validation (open-policy-agent/frameworks#27)
• Only require kind for Constraint Templates (open-policy-agent/frameworks#29)
• Handle namespaceselector and empty namespaces (open-policy-agent/frameworks#26)

Bug Fixes 🐞

• Detect/handle invalid syntax in k8scontainerlimits (#167)
• Handle namespaceselector failure (#155)

Please report any issues here: https://github.com/open-policy-agent/gatekeeper/issues/new

v3.0.2-alpha.0

This alpha release includes bug fixes and new features.

Bug Fixes 🐞

• fix ValidatingWebhookConfiguration name (#110)
• add second check if watchmanager started (#118)
• add control-plane label to exclude gk ns (#126)
• Crd errors oscillation (#134)
• Fix support for DELETE (#146)
• check error type instead of string (#145)

Features 🌈

• Report constraint name in rejection message. (#124)
• Surface template errors (#129)
• add support for namespaceselector (#131)

Demos 📷

• Add Agile Bank Fictitious Company Demo (#113)
• Add audit to demo (#116)

Please report any issues here: https://github.com/open-policy-agent/gatekeeper/issues/new

v3.0.1-alpha.0

This alpha release contains bug fixes for Gatekeeper with Constraints Framework integration.