This is the release candidate for v1.1.6, the team is actively tracing the memory leak issue. You can find the detail on how to profile Kyverno here.
Features
- Use Helm to install and update Kyverno. Thanks @mbarrien! 😊 #835
- Deny rules to block API requests based on a set of conditions. This feature is currently in "beta" phase #744
Bug Fixes
- Validate conflicting match and exclude #753
- Policy status is not being updated #808
- Migrate from golangci.com #751
- Documentation for JSON Patch shows overlay example #797
- Slack channel link does not work #817
- Kyverno 1.1.5 crashes #786 #843
- Deleting a large number of Policy Violations blocks other processing #832
- Policy without auto-gen annotation should be applied the all matched resources #829
- Long-running Kyverno stops generating violations #819
- Generate Rule needs a second
kind
parameter #802 - Policy applies to pod-controller is not skipped on pod #811
- Required field in Generate clone fails schema validation #791
- Fix "could not parse CRD schema" error #838
- Namespace generation not working #822
- Kyverno panics with timeoutHandler #863
- Fail to insert auto-gen annotation to Pod #869
- Kyverno install does not update default roles #837
- Set owerReference on policy violation UPDATE #695
Enhancements
- Documentation updates. Thanks @nkiesel, @sgandon ! 😊 #796 #864
- Improve patches annotation adds to the resource #775
- Policies should encode and decode seamlessly #792
- Change default auto-generate annotation insert to the policy #666
- Add CPU and memory resource requests and limits #857
- Support wildcard match for namespaces in resource description #659
- Add readiness and liveness probes #856
CRD Changes
Best Practice Policies
- Remove CPU limits from the best practice policy #799