This is the release candidate for Kyverno GA.
BREAKING CHANGE
- API version has changed to
kyverno.io/v1
, the backward compatibility is NOT guaranteed. It is recommended to cleanup policies and CRDs with the older version and re-deploy kyverno.
Features
- Add namespaced policy violation, any violation on a namespaced resource will be reported within the namespace.
- Allow a policy to be applied on a certain type of users, add roles/clusterRoles/subjects fileds in match and exclude block, detail.
- Report webhook status in Kyverno deployment annotation with tag
kyverno.io/webhookActive
, detail.
Enhancement
- Build policy store to retrieve policies faster.
- Decouple reporting components (violations and events) from webhook.
- Update Docs.
- Add more best practices.
- Improve logging messages.