Notable Changes
🧪 Improves experimental Validating Admission Policy (VAP) support
🚂 Updates OPA to v0.57.1
Features
- Add Recommended Helm/K8s labels (#2788) #2788 (James Bruce)
- allow changing the default revisionHistoryLimit (#2920) #2920 (tberreis)
- Upgrade constraint framework to add new K8s Native Validation driver schema by @maxsmythe in #2951
- Support multiple sync sources by @acpana in #2852
- Exposes --external-data-provider-response-cache-ttl via helm chart by @nilekhc in #2978
- Enhance replay by @acpana in #2984
- Print object name on test output by @Duologic in #3018
- Disables provider response cache when TTL is set to 0 by @nilekhc in #3028
Bug Fixes
- helm-chart: controller-manager wh name flags (#2879) #2879 (Ugur Can Ozturk)
- enable cert rotation for audit by default (#2875) #2875 (Jaydipkumar Arvindbhai Gabani)
- rework ns check, refactor: bubble up match err for mut (#2812) #2812 (alex)
- fixes disable cache flow (#3134) #3134 (Nilekh Chaudhari)
- ns exclusion audit from cache (#3129) cherry-pick for 3.14 (#3141) #3141 (alex)
- Remove readiness tracker deadlock caused by duplicate syncs by @maxsmythe in #2970
- Update audit-from-cache flag description by @ssheladiya in #2989
- Mutation: use
generateNamefor generated resources when logging by @acpana in #2974 - Adding flag to validate rego for templates by @JaydipGabani in #3026
- Use log level 1 for debug by @acpana in #3039
- Protect agg against empty gvks by @acpana in #3040
Refactoring
- Use buildinfo to get opa and frameworks version by @sozercan in #2950
- Adder interface, rename data client by @acpana in #2991
Continuous Integration
- cherry-pick #3074 for release-3.14 (#3076) #3076 (Sertaç Özercan)
- Group dependabot prs by @sozercan in #2969
- Validate docs by @sozercan in #2968
- Lint timeout m 5->7 by @acpana in #3005
- Filter out helm gh pages image from release cleanup by @sozercan in #3053
- Cherry-pick #3074 for release-3.14 by @sozercan in #3076
Documentation
- adding doc for pubsub (#2808) #2808 (Jaydipkumar Arvindbhai Gabani)
- update release cadence to three months (#2914) #2914 (Xander Grzywinski)
- add config alpha state and exempt-namespace docs (#2890) #2890 (Xander Grzywinski)
- Add status tag for expansion metric (#2919) #2919 (Rita Zhang)
- Non default ns eg by @acpana in #2939
- Add docs for cel based Validating Admission Policy support by @ritazh in #2960
- Update vap by @ritazh in #2961
- Removing quotes from the title in expansion template doc by @JaydipGabani in #2964
- Adds documentation about provider response caching by @nilekhc in #2927
- Add opa version map to site and version badge to README by @salaxander in #2982
- Add docs on mutation annotations by @salaxander in #2999
Chores
- cherry pick #3083 for release 3.14 (#3086) #3086 (Sertaç Özercan)
- bump k8s.io/client-go from 0.27.2 to 0.27.4 (#2898) #2898 (dependabot[bot])
- bump go.uber.org/automaxprocs from 1.5.2 to 1.5.3 (#2897) #2897 (dependabot[bot])
- removing pubsub design from proposed section (#2904) #2904 (Jaydipkumar Arvindbhai Gabani)
- bump golang from
851af0ato2ae255cin /build/tooling (#2912) #2912 (dependabot[bot]) - bump golang from
851af0ato2ae255cin /test/image (#2913) #2913 (dependabot[bot]) - bump actions/setup-node from 3.6.0 to 3.7.0 (#2886) #2886 (dependabot[bot])
- bump actions/setup-go from 3 to 4 (#2795) #2795 (dependabot[bot])
- bump golangci/golangci-lint-action from 3.4.0 to 3.6.0 (#2829) #2829 (dependabot[bot])
- bump step-security/harden-runner from 2.4.0 to 2.5.0 (#2902) #2902 (dependabot[bot])
- bump peter-evans/create-pull-request from 5.0.1 to 5.0.2 (#2887) #2887 (dependabot[bot])
- bump semver from 5.7.1 to 5.7.2 in /website (#2870) #2870 (dependabot[bot])
- bump k8s.io/apiextensions-apiserver from 0.27.2 to 0.27.4 (#2910) #2910 (dependabot[bot])
- bump github/codeql-action from 2.20.4 to 2.21.2 (#2923) #2923 (dependabot[bot])
- bump ossf/scorecard-action from 2.1.3 to 2.2.0 (#2921) #2921 (dependabot[bot])
- bump peter-evans/create-or-update-comment from 3.0.1 to 3.0.2 (#2922) #2922 (dependabot[bot])
- update cf to 0200614 (#2928) #2928 (alex)
- bump golang from
2ae255cto74b09b3in /build/tooling (#2932) #2932 (dependabot[bot]) - bump golang from
2ae255cto74b09b3in /test/image (#2931) #2931 (dependabot[bot])
Sure, here are the items sorted into categories: - Adding cel demo by @JaydipGabani in #2908
- Bump actions/dependency-review-action from 3.0.6 to 3.0.8 by @dependabot in #2956
- Bump golang from 1.20-bullseye to 1.21-bullseye in /build/tooling by @dependabot in #2953
- Bump golang from 1.20-bullseye to 1.21-bullseye in /test/image by @dependabot in #2952
- Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 by @dependabot in #2957
- Bump github/codeql-action from 2.21.2 to 2.21.4 by @dependabot in #2955
- Bump the all group with 2 updates by @dependabot in #2972
- Bump golang from
0ed2638to02f350din /test/image by @dependabot in #2965 - Bump golang from
0ed2638to02f350din /build/tooling by @dependabot in #2966 - Bump the all group with 4 updates by @dependabot in #3029
- Cleanup disk usage before release by @sozercan in #3042
- Bump golang from
02f350dto4369695in /build/tooling by @dependabot in #2997 - Bump golang from
02f350dto4369695in /test/image by @dependabot in #2996 - Bump the all group with 3 updates by @dependabot in #3051
- Bump postcss from 8.4.14 to 8.4.31 in /website by @dependabot in #3041
- Bump to go 1.21 and k8s 1.28 by @sozercan in #2979
- Bump golang.org/x/net from 0.11.0 to 0.17.0 by @dependabot in #3060
- Bump kubectl from 1.28.1 to v1.28.2 by @dependabot in #3068
- Bump golang from
23ad9feto26c7537in /build/tooling by @dependabot in #3070 - Bump golang from 23ad9fe to 26c7537 in /test/image by @dependabot in #3069
New Contributors
- @ugur99 made their first contribution in #2879
- @jbruce-nex made their first contribution in #2788
- @tberreis made their first contribution in #2920
- @ssheladiya made their first contribution in #2989
- @Duologic made their first contribution in #3018
Full Changelog: v3.13.0...v3.14.0