!!! Breaking !!!
Make sure you reapply the jspolicy crds via the following command before upgrading:
kubectl apply -f https://raw.githubusercontent.com/loft-sh/jspolicy/5211a03e9258d2f9917da3f4511af3af77fe441a/chart/crds/crds.yaml
Changes
- Decreased jsPolicy image size
- jsPolicy is now running as non root
- jsPolicy can now bundle multiple policies in parallel
- jsPolicy now applies changes to webhook configurations rather than overwriting them
- jsPolicy now supports PolicyReport and ClusterPolicyReport. PolicyReport and ClusterPolicyReport are CRDs created by the Kubernetes Policy WG (https://github.com/kubernetes-sigs/wg-policy-prototypes). These CRDs will be created besides the existing JsPolicyViolations CRD. jsPolicy can now creates one PolicyReport per Namespace for all JsPolices and one ClusterPolicyReport for all Cluster scoped violations. (thanks @fjogeleit) This makes it possible to use JsPolicy together with Policy Reporter and creates observability capabilities like integrations in Prometheus, Grafana Loki or the standalone Policy Reporter UI.
- New
imagePullSecretsin the jsPolicy chart to define custom image pull secrets (thanks @infa-ddeore) - Refactored jsPolicy controller to use conditions
- Fixed an issue where jsPolicy would end up in a retry loop on AKS clusters
- Changed health probe port from 80 to 9080
- Updated k8s dependencies to v1.23.0
- Updated v8 engine to 9.6.180.12