Pulse · kyverno/kyverno · GitHub

8000 Pulse · kyverno/kyverno · GitHub

More Web Proxy on the site http://driver.im/

May 3, 2025 – May 10, 2025

Overview

81 Active pull requests

19 Active issues

1 Release published by 1 person

v1.13.6
published May 8, 2025

69 Pull requests merged by 9 people

refactor: webhook reconciliation for vpols and ivpols (cherry-pick #13104)
#13105 merged May 9, 2025
fix: apply VPs in cluster mode in the CLI (cherry-pick #13084)
#13098 merged May 9, 2025
refactor: webhook reconciliation for vpols and ivpols
#13104 merged May 9, 2025
chore: add missing unit tests in http lib (cherry-pick #13100)
#13103 merged May 9, 2025
chore: improve cel libs unit tests env creation (cherry-pick #13097)
#13099 merged May 9, 2025
chore: add missing unit tests in http lib
#13100 merged May 9, 2025
fix: continue loop when a list error occurs (cherry-pick #13094)
#13102 merged May 9, 2025
fix: continue loop when a list error occurs
#13094 merged May 9, 2025
chore: improve cel libs unit tests env creation
#13097 merged May 9, 2025
test: add cli test with namespaceObject (cherry-pick #13083)
#13096 merged May 9, 2025
test: add cli test with namespaceObject
#13083 merged May 9, 2025
chore(deps): bump sigs.k8s.io/controller-tools from 0.17.2 to 0.18.0 in /hack/controller-gen
#13092 merged May 9, 2025
chore: add 1.13.5, 1.13.6 and 1.14.1 to the bug templates
#13088 merged May 8, 2025
fix: apply VPs in cluster mode in the CLI
#13084 merged May 8, 2025
Release v1.13.6
#13085 merged May 8, 2025
refactor: use resource fetcher in the CLI (Cherry-pick #13054)
#13080 merged May 8, 2025
chore: remove println statements (cherry-pick #13079)
#13081 merged May 8, 2025
chore: remove println statements
#13079 merged May 8, 2025
chore: bump github.com/golang-jwt/jwt/v5 from 5.2.1 to 5.2.2
#13071 merged May 8, 2025
fix: changes if condition to check for RegExp field (Cherry-pick #12237)
#13073 merged May 8, 2025
chore: remove unused function in CLI (cherry-pick #13053)
#13078 merged May 8, 2025
chore(deps): bump actions/setup-go from 5.4.0 to 5.5.0 in /.github/actions/setup-build-env
#13077 merged May 8, 2025
fix: CVE-2025-46569
#13072 merged May 8, 2025
fix: proper error handling in cel policy engines (cherry-pick #13067)
#13069 merged May 8, 2025
refactor: cel libs mocks (cherry-pick #13065)
#13068 merged May 8, 2025
fix: proper error handling in cel policy engines
#13067 merged May 7, 2025
refactor: cel libs mocks
#13065 merged May 7, 2025
chore: update CLI warning messages (cherry-pick #13060)
#13066 merged May 7, 2025
refactor: cel resource lib to remove util functions (cherry-pick #13061)
#13064 merged May 7, 2025
chore: update CLI warning messages
#13060 merged May 7, 2025
refactor: support any type in cel http lib (cherry-pick #13056)
#13062 merged May 7, 2025
fix: use the generic policy in the CLI (cherry-pick #13035)
#13059 merged May 7, 2025
refactor: cel resource lib to remove util functions
#13061 merged May 7, 2025
Update ADOPTERS.md with Finastra
#13063 merged May 7, 2025
chore: add missing tests in cel imagedata lib (cherry-pick #13049)
#13052 merged May 7, 2025
refactor: use resource fetcher in the CLI
#13054 merged May 7, 2025
chore: make image lib creation func consistent with other libs (cherry-pick #13050)
#13055 merged May 7, 2025
refactor: support any type in cel http lib
#13056 merged May 7, 2025
fix: cel image lib and add unit tests (cherry-pick #13047)
#13051 merged May 7, 2025
chore: remove unused function in CLI
#13053 merged May 7, 2025
chore: make image lib creation func consistent with other libs
#13050 merged May 7, 2025
chore: add missing tests in cel imagedata lib
#13049 merged May 7, 2025
feat: add globalContext lib overload (cherry-pick #13045)
#13048 merged May 7, 2025
fix: cel image lib and add unit tests
#13047 merged May 7, 2025
feat: add globalContext lib overload
#13045 merged May 7, 2025
chore: fix names in tests (cherry-pick #13040)
#13046 merged May 7, 2025
chore: fix names in tests
#13040 merged May 7, 2025
refactor: simplify image lib (cherry-pick #13036)
#13039 merged May 6, 2025
fix: use the generic policy in the CLI
#13035 merged May 6, 2025
fix: don't register custom libs when compiling match conditions (cherry-pick #13032)
#13038 merged May 6, 2025
refactor: simplify image lib
#13036 merged May 6, 2025
fix: don't register image lib in base env (cherry-pick #13031)
#13033 merged May 6, 2025
fix: don't register custom libs when compiling match conditions
#13032 merged May 6, 2025
fix: don't register image lib in base env
#13031 merged May 6, 2025
feat: support image extraction from old object (cherry-pick #13026)
#13030 merged May 6, 2025
feat: support image extraction from old object
#13026 merged May 6, 2025
refactor: edit warning message in test cli (cherry-pick #12990)
#13028 merged May 6, 2025
refactor: edit warning message in test cli
#12990 merged May 6, 2025
chore(deps): bump ubuntu from 1e622c5 to 6015f66 in /.devcontainer
#13021 merged May 6, 2025
chore(deps): bump golang.org/x/crypto from 0.37.0 to 0.38.0
#13024 merged May 6, 2025
chore(deps): bump github.com/open-policy-agent/opa from 1.1.0 to 1.4.0
#13019 merged May 6, 2025
chore: create a dedicated cluster when generating api-group-resources (cherry-pick #13015)
#13016 merged May 6, 2025
chore: create a dedicated cluster when generating api-group-resources
#13015 merged May 5, 2025
Fixed Helm Template for HPA (cherry-pick #13009)
#13014 merged May 5, 2025
Fixed Helm Template for HPA
#13009 merged May 5, 2025
chore(deps): bump zgosalvez/github-actions-ensure-sha-pinned-actions from 3.0.23 to 3.0.24
#13003 merged May 5, 2025
refactor: move image extraction in in cel/compiler (cherry-pick #13006)
#13007 merged May 5, 2025
refactor: move image extraction in in cel/compiler
#13006 merged May 5, 2025
chore(deps): bump github/codeql-action from 3.28.16 to 3.28.17
#13004 merged May 5, 2025

12 Pull requests opened by 9 people

feat(cli): support Kubernetes ConfigMap in --values-file (#12897)
#13001 opened May 5, 2025
feat: Kyverno conformance test improvements for the K8s Version
#13002 opened May 5, 2025
feat: Init DeletingPolicy API and Compiler
#13008 opened May 5, 2025
feat: CLI - apply: add option to clone from private repo
#13012 opened May 5, 2025
feat: Add comprehensive chainsaw tests for ivpol
#13017 opened May 5, 2025
feat: consider only CREATE and UPDATE when applying ivpols
#13029 opened May 6, 2025
fix(cli): dedupe autogenerated controller rules to prevent redundant “Excluded” entries in kyverno test
#13042 opened May 7, 2025
Ensure spec.template.metadata isn't null
#13057 opened May 7, 2025
feat: add mutatingpolicy api
#13095 opened May 9, 2025
fix: apply IVPs in cluster mode in the CLI
#13101 opened May 9, 2025
fix: inject policy names in webhook configs
#13106 opened May 9, 2025
chore: fix typo
#13108 opened May 10, 2025

6 Issues closed by 5 people

[Bug] [CLI] can't use `namespaceObject` cel variable in kyverno CLI
#13058 closed May 9, 2025
[Feature] Investigate type checking based on openapi schema
#11908 closed May 9, 2025
[Bug] [CLI] ValidatingPolicies don't work with `--cluster` flag
#12940 closed May 8, 2025
Vulnerabilities detected
#13020 closed May 8, 2025
Vulnerabilities detected
#13043 closed May 8, 2025
[Bug] The migration for keep using PolicyException isn't working
#11721 closed May 5, 2025

13 Issues opened by 13 people

[Bug] admission controller fails to come online, when reporting is disabled
#13107 opened May 9, 2025
[Bug] namespaceSelector not working 1.14.1< 101C9 /a>
#13093 opened May 9, 2025

[Bug] Graciously handle failure to watch resource in cleanup controller
#13090 opened May 8, 2025
[Bug] [CLI] `VPOL/IVPOL` not resolving deprecated API versions due to missing client-go scheme registrations
#13089 opened May 8, 2025
[Bug]
#13087 opened May 8, 2025
[Bug] Exceptions with subresources are not working
#13086 opened May 8, 2025
[Bug] json format to parameter "failed rules" has an space between the words making very difficult to parse in another tools like Datadog
#13082 opened May 8, 2025
Vulnerabilities detected
#13070 opened May 8, 2025
[Feature] Kyverno pods should set `automountServiceAccountToken` to false
#13041 opened May 7, 2025
[Bug] Mutating policy not applied to existing ServiceAccounts unless updated manually
#13034 opened May 6, 2025
[Feature] Improve tests and docs for new policy types
#13011 opened May 5, 2025
[Bug] Pods shutting down after the re-election leader
#13010 opened May 5, 2025
[Bug] CVE-2025-30204 issue
#13000 opened May 4, 2025

35 Unresolved conversations

Sometimes conversations happen on old items that aren’t yet closed. Here is a list of all the Issues and Pull Requests with unresolved conversations.

feat: support Cli for map
#12667 commented on May 9, 2025 • 36 new comments
fix: ensure consistent ordering of imagePullSecrets in Helm chart
#12999 commented on May 9, 2025 • 2 new comments
[Feature] Support Direct Scanning of Helm Charts for Kyverno Policy Violations
#12748 commented on May 4, 2025 • 0 new comments
[Bug] Sequential redundant auth checks lead to policy validation timeout
#12099 commented on May 8, 2025 • 0 new comments
[Bug] Log full of misleading `disallowed operation` messages
#12097 commented on May 8, 2025 • 0 new comments
Kyverno CreatingPolicy CRD
#11638 commented on May 9, 2025 • 0 new comments
Kyverno Deleting Policy CRD
#12839 commented on May 9, 2025 • 0 new comments
[Bug] lease.coordination.k8s.io kyverno-health not found
#12996 commented on May 9, 2025 • 0 new comments
[Bug] policy-reporter has no access to flowschemas, prioritylevelconfigurations
#12935 commented on May 9, 2025 • 0 new comments
[Bug][Feature] No mechanism to determine when CRDs are synced or a way to invalidate cache preventing creation of new CR objects
#10729 commented on May 10, 2025 • 0 new comments
[Feature] Better error message when raw requests are denied for permissions reasons.
#12206 commented on May 10, 2025 • 0 new comments
Fix test-case-selector
#12681 commented on May 7, 2025 • 0 new comments
test: Add HTTP-CEL chainsaw test with test server
#12692 commented on May 9, 2025 • 0 new comments
feat: switch to community go-jmespath and fix CLI error reporting
#12836 commented on May 4, 2025 • 0 new comments
feat: Removing old schema
#12840 commented on May 9, 2025 • 0 new comments
fix: Fixing Test errors masquerading
#12841 commented on May 5, 2025 • 0 new comments
refactor(cel): rename image() to ParseReference()
#12895 commented on May 7, 2025 • 0 new comments
Fix/issue 11680 nil error messages
#12991 commented on May 7, 2025 • 0 new comments
[Bug] [CLI] flag provided but not defined: -caSecretName, -ttlReconciliationInterval
#11863 commented on May 5, 2025 • 0 new comments
[Bug] verifyImages validation wrongly denies the request when adding a second container to the pod
#12978 commented on May 5, 2025 • 0 new comments
Chainsaw testing
#12064 commented on May 5, 2025 • 0 new comments
[Bug] Nonsense log `applying background rule`
#12069 commented on May 6, 2025 • 0 new comments
[Bug] Webhook-related log entries do not contain the subresource
#12067 commented on May 6, 2025 • 0 new comments
[Feature] ValidatingPolicy Generate Events
#12087 commented on May 6, 2025 • 0 new comments
[Feature] Variables/context in CEL expressions
#11060 commented on May 6, 2025 • 0 new comments
[Bug] [CLI] False positive test results
#9804 commented on May 6, 2025 • 0 new comments
[Bug] Kyverno Helm chart uninstall using Argo CD fails leaving behind kyverno-cleanup-controller and other resources with finalizers
#11592 commented on May 7, 2025 • 0 new comments
[Bug] Kyverno deployment violates its own best practice policy
#12889 commented on May 7, 2025 • 0 new comments
[Bug] Missing RBAC permissions Helm v3.4.0 and Kyverno 1.14.0 on reports-controller
#12956 commented on May 7, 2025 • 0 new comments
[Bug] podSecurity exception for Running as Non-root control doesn't work
#12888 commented on May 7, 2025 • 0 new comments
[Feature] Ability to provide a config-map manifest to --values-file
#12897 commented on May 7, 2025 • 0 new comments
[Bug] [CLI] Redundant Policy Evaluations for Controllers with `kyverno test` Command with Autogen Rules
#12988 commented on May 7, 2025 • 0 new comments
[Bug] Admission controller returns "disallowed operation" for resources explicitly allowed through additional rbac role
#11667 commented on May 8, 2025 • 0 new comments
[Feature] Re-use the compiled CEL expressions across policies
#10754 commented on May 8, 2025 • 0 new comments
[Bug] Validating webhook namespaceSelector configuration lost during helm upgrade
#12089 commented on May 8, 2025 • 0 new comments

0