v1.4.3-rc1

v1.4.3-rc1

Enhancements

• CLI variables should be coming from the resources itself (kyverno#1996)
• Adding ownerRef with namespace for Kyverno managed webhook configurations (kyverno#2263)
• Support new policy report CRD kyverno#1753, (kyverno#2376)
• Clean up formatting in mutate test file (kyverno#2338)
• Add test case for non zero index patches with patchesJson6902 (kyverno#2339)
• Cleanup Kustomization configurations (kyverno#2274)
• Kyverno CLI apply command improvements (kyverno#2342, kyverno#2331, kyverno#2318, kyverno#2310, kyverno#2296, kyverno#2290, kyverno#2122, kyverno#2120, kyverno#2367)
• Validate path element begins with a forward slash in patchesJson6902 (kyverno#2117)
• Support gvk in CLI for policies applied on cluster (kyverno#2363)
• Update cosign (kyverno#2266)
• Allow users to skip policy validation when mutating resources (kyverno#2185)
• Allow NetworkPolicy customization (kyverno#2287)
• Patch labels to Helm templates (kyverno#2262)
• Support for configurable automatic refresh of metrics and selective exposure of metrics at namespace-level (kyverno#2268)
• Support global anchor behavior in validation and mutation rules (kyverno#2201)

Bug Fixes

• Unable to use GreaterThan operator with precondition (kyverno#2211)
• Fix precondition logic for mutating policies (kyverno#2271, kyverno#2228, kyverno#2352)
• Fix Kyverno Deployment updateStrategy (kyverno#1982)
• Helm chart releases are not gated behind something like a tag (kyverno#2264)
• Add validation for generate loops (kyverno#1941)
• Policy doesn't work when match.resources.kinds is set to Policy/ClusterPolicy (kyverno#2149)
• Kyverno CLI panics when context is added to rule, but not actually used (kyverno#2289)
• Generate policies with background:false and synchronize:false are still re-evaluated every 15mins (kyverno#2181)
• Tests applied on excluded resources should succeed (kyverno#2295)
• Kyverno CLI with context variables needs documentation (kyverno#2291)
• Kyverno CLI test requires var resolution for non-applicable resources (kyverno#2331)
• Test command result showing Notfound in result (kyverno#2296)
• any/all in match block fails in the CLI (kyverno#2350)
• JMESPath contains function behavior not consistent in Kyverno vs upstream (kyverno#2345)
• patchStrategicMerge fails to mutate if policy written with initContainers object (kyverno#1916)
• Check Any and All ResourceFilters during policy mutation (kyverno#2373)
• Support variable replacement in the key of annotations (kyverno#2316)
• Background scan doesn't work with any/all (kyverno#2299)

Others

• Kyverno gives error when installed with KEDA (kyverno#2267)
• Using Argo to deploy, baseline policies are constantly out-of-sync (kyverno#2234)
• Policy update, flux2-multi-tenancy fails to update kyverno to v1.4.2-rc3 (kyverno#2241)
• Throws a variable substitution error in spite of no variable present in the policy (kyverno#2374)