NOTE: It is recommended to deploy the stable release v1.1.1.
Features
- (CRD changes) Change CRD namespacedpolicyviolation to policyviolation
- (CRD changes) Update abbreviations: clusterpolicy -> cpol; clusterpolicyviolation -> cpolv; policyviolation -> polv
- (CRD changes) Create role for the tenant admin to allow access to the namespace policy violations, instruction
- Support variable substitution #549
- Apply rules of Pod on podControllers automatically by default #518
- Handle memory/cpu or volumes comparison
- Support Amazon EKS cluster #542
Enhancement
- (CRD changes) Policy violations are displayed with detailed information: policyname, resource name, resource kind, age.
- Introduce
background
flag to disable of policy running backgroung mode #566 - Report violation if referenced context is not present when substitute variables #568
- Flip ownerReferences on violations to resource and handle policy explicitly #524
- Refactor cluster PV and namespaced PV generator
- Register webhooks for policy and resource after verifying webhook is active #421
- Add init container to clean up stale webhookconfigurations created by Kyverno
- Webhook configurations are gracefully cleaned up when Kyverno shuts down #424
- Best Practices: disallow_bind_mounts, disallow_helm_tiller, disallow_privileged, disallow_root_user, add_network_policy, add_ns_quota, add_safe_to_evict, restrict_usergroup_fsgroup_id
Bug fixes