Notable Changes
- 🎓 CEL-based policies enforced through Gatekeeper is GA!
- ⚙️ Operation
generate
to guard CRD and VAP/VAPB generation.
Features
- add logStatsAdmission and logStatsAudit into Helm chart (#3526) #3526 (Yuedong Wu)
- Implement config pod status (#3544) #3544 (avinash patnala)
- Gator sync test support (#3098) #3098 (Anlan Du)
- add generate operation and wait for VAPB generation (#3573) #3573 (Jaydip Gabani)
- moving CEL engine to GA (#3685) #3685 (Jaydip Gabani)
- Add commonLabels to Deployments (#3684) #3684 (Wyatt Fry)
- support expansion in gator verify (#3650) #3650 (David Lee)
Bug Fixes
- vap error logging for rego only templates (#3520) #3520 (Martijn van der Ploeg)
- liniting error in gatekeeper-controller-manager-poddisruptionbudget.yaml (#3519) #3519 (tberreis)
- helm warning when setting NetworkPolicy ingress rule(s) (#3541) #3541 (Sebastian Stephan)
- Move K8scel driver from framework (#3570) #3570 (avinash patnala)
Documentation
- add alibabacloud to the list of managed services using Gatekeeper in … (#3521) #3521 (DahuK)
- refine alibaba cloud logo png (#3514) (#3524) #3524 (DahuK)
- update mutation docs (#3553) #3553 (m1schka-bdr)
- Update milestone release cadence (#3657) #3657 (Rita Zhang)
- Fix vapb argument (#3694) #3694 (Yi Rae Kim)
Code Refactoring
- Move setting up Obj to old obj on Delete logic to target handler (#3511) #3511 (avinash patnala)
Continuous Integration
- remove dockerfile buildplatform (#3491) #3491 (Sertaç Özercan)
- updating trivy version (#3691) #3691 (Jaydip Gabani)
- push container images to ghcr.io as well (#3658) #3658 (Takahiro Tsuruda)
- fix trivy throttling (#3696) #3696 (Sertaç Özercan)
- fix ghcr push (#3698) #3698 (Sertaç Özercan)
- fix gator image for ghcr (#3700) #3700 (Sertaç Özercan)
- bump to go 1.23 in gha (#3699) #3699 (Sertaç Özercan)
- gha to check for typos in docs (#3703) #3703 (Sertaç Özercan)
Chores
- removing wait of vapb deletion, cherry-pick (#3718) (#3724) #3724 (Jaydip Gabani)
- Prepare v3.18.0-rc.1 release (#3725) #3725 (github-actions[bot])
- bump the k8s group with 5 updates (#3503) #3503 (dependabot[bot])
- bump micromatch from 4.0.5 to 4.0.8 in /website (#3517) #3517 (dependabot[bot])
- bump the all group across 1 directory with 3 updates (#3512) #3512 (dependabot[bot])
- bump golang from 1.22-bullseye to 1.23-bullseye in /test/image (#3505) #3505 (dependabot[bot])
- bump golang from 1.22-bookworm to 1.23-bookworm in /build/tooling (#3506) #3506 (dependabot[bot])
- adding design doc for exporting violation interface (#3515) #3515 (Jaydipkumar Arvindbhai Gabani)
- adding helm lint ci test (#3536) #3536 (Jaydipkumar Arvindbhai Gabani)
- Patch docs for 3.17.1 release (#3540) #3540 (github-actions[bot])
- bump kubectl from v1.30.3 to v1.31.1 (#3543) #3543 (dependabot[bot])
- bump golang from
31dc846
to1a5326b
in /build/tooling (#3533) #3533 (dependabot[bot]) - bump golang from
ecef830
to45b4337
in /test/image (#3531) #3531 (dependabot[bot]) - Updating GK -> opa versions (#3537) #3537 (Jaydip Gabani)
- adding common function for error reporting for constraint (#3486) #3486 (Jaydip Gabani)
- bumping opa to 0.68.0 (#3561) #3561 (Jaydip Gabani)
- bump webpack from 5.76.3 to 5.95.0 in /website (#3562) #3562 (dependabot[bot])
- bump golang from
45b4337
to1a26d5a
in /test/image (#3566) #3566 (dependabot[bot]) - bump golang from
1a5326b
todba79eb
in /build/tooling (#3565) #3565 (dependabot[bot]) - bump express from 4.19.2 to 4.21.0 in /website (#3542) #3542 (dependabot[bot])
- bump github.com/prometheus/client_golang from 1.20.2 to 1.20.4 (#3575) #3575 (dependabot[bot])
- bump the k8s group with 4 updates (#3547) #3547 (dependabot[bot])
- bump google.golang.org/grpc from 1.66.0 to 1.66.3 (#3644) #3644 (dependabot[bot])
- bump the all group across 1 directory with 9 updates (#3649) #3649 (dependabot[bot])
- bump distroless/static-debian12 from
8dd8d3c
to69830f2
in /test/externaldata/dummy-provider (#3567) #3567 (dependabot[bot]) - bump distroless/static-debian12 from
8dd8d3c
to69830f2
(#3564) #3564 (dependabot[bot]) - remove setting alpha flags out of box (#3578) #3578 (Jaydip Gabani)
- bump golang from 1.22-bookworm to 1.23-bookworm (#3551) #3551 (dependabot[bot])
- bump golang from 1.22-bookworm to 1.23-bookworm in /test/externaldata/dummy-provider (#3549) #3549 (dependabot[bot])
- bump golang from
18d2f94
to2341ddf
in /build/tooling (#3655) #3655 (dependabot[bot]) - bump golang from
ebaf58d
toecb3fe7
in /test/image (#3654) #3654 (dependabot[bot]) - bump the all group with 6 updates (#3672) #3672 (dependabot[bot])
- bump golang from
37189aa
to2341ddf
(#3670) #3670 (dependabot[bot]) - Update constraint framework to version without k8scel (#3680) #3680 (Max Smythe)
- adding scoped ea with vap ep demo (#3687) #3687 (Jaydip Gabani)
- bump the all group across 1 directory with 2 updates (#3692) #3692 (dependabot[bot])
- bump golang from
2341ddf
to0e3377d
(#3688) #3688 (dependabot[bot]) - bump golang from
2341ddf
to0e3377d
in /build/tooling (#3689) #3689 (dependabot[bot]) - bump distroless/static-debian12 from
69830f2
tof4a57e8
(#3695) #3695 (dependabot[bot]) - bump kubectl from v1.31.1 to v1.31.2 (#3671) #3671 (dependabot[bot])
- bump the k8s group across 1 directory with 5 updates (#3679) #3679 (dependabot[bot])
- bump github.com/prometheus/client_golang from 1.20.4 to 1.20.5 (#3653) #3653 (dependabot[bot])
- bump distroless/static-debian12 from
69830f2
tocc226ca
in /test/externaldata/dummy-provider (#3666) #3666 (dependabot[bot]) - bump golang from
ecb3fe7
to2341ddf
in /test/image (#3668) #3668 (dependabot[bot]) - bump golang from
1a5326b
to2341ddf
in /test/externaldata/dummy-provider (#3665) #3665 (dependabot[bot]) - bump golang from
0e3377d
to3f3b9da
(#3704) #3704 (dependabot[bot]) - bump golang from
1f001ad
to3f3b9da
in /test/externaldata/dummy-provider (#3706) #3706 (dependabot[bot]) - bump golang from
2341ddf
to3f3b9da
in /test/image (#3709) #3709 (dependabot[bot]) - bump golang from
0e3377d
to3f3b9da
in /build/tooling (#3708) #3708 (dependabot[bot]) - bump distroless/static-debian12 from
cc226ca
tof4a57e8
in /test/externaldata/dummy-provider (#3705) #3705 (dependabot[bot]) - bump the all group with 2 updates (#3707) #3707 (dependabot[bot])
- adding enforcement point status, vapgeneratestatus (#3686) #3686 (Jaydip Gabani)
- updating VAP default failure policy to fail (#3702) #3702 (Jaydip Gabani)
- Prepare v3.18.0-rc.0 release (#3712) #3712 (github-actions[bot])
- Prepare v3.18.0 release (#3736) #3736 (github-actions[bot])