Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package kyverno for openSUSE:Factory checked
in at 2022-09-08 14:22:17
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/kyverno (Old)
and /work/SRC/openSUSE:Factory/.kyverno.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kyverno"
Thu Sep 8 14:22:17 2022 rev:7 rq:1001706 version:1.7.3
Changes:
--------
--- /work/SRC/openSUSE:Factory/kyverno/kyverno.changes 2022-07-26
19:45:05.629598570 +0200
+++ /work/SRC/openSUSE:Factory/.kyverno.new.2083/kyverno.changes
2022-09-08 14:22:51.286558293 +0200
@@ -1,0 +2,9 @@
+Wed Sep 07 06:59:32 UTC 2022 - ka...@b1-systems.de
+
+- Update to version 1.7.3:
+ * Cherry-pick #4398 - bump cosign to 1.11.0 (#4399)
+ * Release v1.7.3 (#4394)
+ * Fix deprecated api policy issue (#4349) (#4350)
+ * precondition failure will skip rule independent of audit or enforce mode
(#4163) (#4296)
+
+-------------------------------------------------------------------
Old:
----
kyverno-1.7.2.tar.gz
New:
----
kyverno-1.7.3.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ kyverno.spec ++++++
--- /var/tmp/diff_new_pack.ogpGpK/_old 2022-09-08 14:22:55.090567069 +0200
+++ /var/tmp/diff_new_pack.ogpGpK/_new 2022-09-08 14:22:55.094567079 +0200
@@ -19,7 +19,7 @@
%define __arch_install_post export NO_BRP_STRIP_DEBUG=true
Name: kyverno
-Version: 1.7.2
+Version: 1.7.3
Release: 0
Summary: CLI and kubectl plugin for Kyverno
License: Apache-2.0
++++++ _service ++++++
--- /var/tmp/diff_new_pack.ogpGpK/_old 2022-09-08 14:22:55.130567162 +0200
+++ /var/tmp/diff_new_pack.ogpGpK/_new 2022-09-08 14:22:55.134567171 +0200
@@ -3,7 +3,7 @@
<param name="url">https://github.com/kyverno/kyverno</param>
<param name="scm">git</param>
<param name="exclude">.git</param>
- <param name="revision">v1.7.2</param>
+ <param name="revision">v1.7.3</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>
@@ -17,7 +17,7 @@
<param name="compression">gz</param>
</service>
<service name="go_modules" mode="disabled">
- <param name="archive">kyverno-1.7.2.tar.gz</param>
+ <param name="archive">kyverno-1.7.3.tar.gz</param>
</service>
</services>
++++++ _servicedata ++++++
--- /var/tmp/diff_new_pack.ogpGpK/_old 2022-09-08 14:22:55.154567217 +0200
+++ /var/tmp/diff_new_pack.ogpGpK/_new 2022-09-08 14:22:55.158567226 +0200
@@ -1,6 +1,6 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/kyverno/kyverno</param>
- <param
name="changesrevision">420ac57541a3767f052d57044f636b17d9e0c346</param></service></servicedata>
+ <param
name="changesrevision">f2b63cef77d31697191c63aeef9972ee534974d3</param></service></servicedata>
(No newline at EOF)
++++++ kyverno-1.7.2.tar.gz -> kyverno-1.7.3.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kyverno-1.7.2/.github/workflows/reuse.yaml
new/kyverno-1.7.3/.github/workflows/reuse.yaml
--- old/kyverno-1.7.2/.github/workflows/reuse.yaml 2022-07-25
07:26:56.000000000 +0200
+++ new/kyverno-1.7.3/.github/workflows/reuse.yaml 2022-08-24
18:02:37.000000000 +0200
@@ -53,7 +53,7 @@
- name: Install Cosign
uses:
sigstore/cosign-installer@116dc6872c0a067bcb78758f18955414cdbf918f # v1.4.1
with:
- cosign-release: 'v1.4.1'
+ cosign-release: 'v1.11.0'
- name: Cache Go modules
uses: actions/cache@d9747005de0f7240e5d35a68dca96b3f41b8b340 # v1.2.0
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kyverno-1.7.2/charts/kyverno/Chart.yaml
new/kyverno-1.7.3/charts/kyverno/Chart.yaml
--- old/kyverno-1.7.2/charts/kyverno/Chart.yaml 2022-07-25 07:26:56.000000000
+0200
+++ new/kyverno-1.7.3/charts/kyverno/Chart.yaml 2022-08-24 18:02:37.000000000
+0200
@@ -1,8 +1,8 @@
apiVersion: v2
type: application
name: kyverno
-version: v2.5.2
-appVersion: v1.7.2
+version: v2.5.3
+appVersion: v1.7.3
icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
description: Kubernetes Native Policy Management
keywords:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kyverno-1.7.2/charts/kyverno/README.md
new/kyverno-1.7.3/charts/kyverno/README.md
--- old/kyverno-1.7.2/charts/kyverno/README.md 2022-07-25 07:26:56.000000000
+0200
+++ new/kyverno-1.7.3/charts/kyverno/README.md 2022-08-24 18:02:37.000000000
+0200
@@ -2,7 +2,7 @@
Kubernetes Native Policy Management
-
+
## About
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kyverno-1.7.2/charts/kyverno/templates/crds.yaml
new/kyverno-1.7.3/charts/kyverno/templates/crds.yaml
--- old/kyverno-1.7.2/charts/kyverno/templates/crds.yaml 2022-07-25
07:26:56.000000000 +0200
+++ new/kyverno-1.7.3/charts/kyverno/templates/crds.yaml 2022-08-24
18:02:37.000000000 +0200
@@ -12,7 +12,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: clusterpolicies.kyverno.io
spec:
group: kyverno.io
@@ -1625,7 +1625,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: clusterpolicyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@@ -1891,7 +1891,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: clusterreportchangerequests.kyverno.io
spec:
group: kyverno.io
@@ -2157,7 +2157,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: generaterequests.kyverno.io
spec:
group: kyverno.io
@@ -2332,7 +2332,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: policies.kyverno.io
spec:
group: kyverno.io
@@ -3945,7 +3945,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: policyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@@ -4211,7 +4211,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: reportchangerequests.kyverno.io
spec:
group: kyverno.io
@@ -4477,7 +4477,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: updaterequests.kyverno.io
spec:
group: kyverno.io
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kyverno-1.7.2/charts/kyverno-policies/Chart.yaml
new/kyverno-1.7.3/charts/kyverno-policies/Chart.yaml
--- old/kyverno-1.7.2/charts/kyverno-policies/Chart.yaml 2022-07-25
07:26:56.000000000 +0200
+++ new/kyverno-1.7.3/charts/kyverno-policies/Chart.yaml 2022-08-24
18:02:37.000000000 +0200
@@ -1,8 +1,8 @@
apiVersion: v2
type: application
name: kyverno-policies
-version: v2.5.2
-appVersion: v1.7.2
+version: v2.5.3
+appVersion: v1.7.3
icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
description: Kubernetes Pod Security Standards implemented as Kyverno policies
keywords:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kyverno-1.7.2/charts/kyverno-policies/README.md
new/kyverno-1.7.3/charts/kyverno-policies/README.md
--- old/kyverno-1.7.2/charts/kyverno-policies/README.md 2022-07-25
07:26:56.000000000 +0200
+++ new/kyverno-1.7.3/charts/kyverno-policies/README.md 2022-08-24
18:02:37.000000000 +0200
@@ -2,7 +2,7 @@
Kubernetes Pod Security Standards implemented as Kyverno policies
-
+
## About
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kyverno-1.7.2/config/install.yaml
new/kyverno-1.7.3/config/install.yaml
--- old/kyverno-1.7.2/config/install.yaml 2022-07-25 07:26:56.000000000
+0200
+++ new/kyverno-1.7.3/config/install.yaml 2022-08-24 18:02:37.000000000
+0200
@@ -7,7 +7,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno
---
apiVersion: apiextensions.k8s.io/v1
@@ -21,7 +21,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: clusterpolicies.kyverno.io
spec:
group: kyverno.io
@@ -2590,7 +2590,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: clusterpolicyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@@ -2952,7 +2952,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: clusterreportchangerequests.kyverno.io
spec:
group: kyverno.io
@@ -3314,7 +3314,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: generaterequests.kyverno.io
spec:
group: kyverno.io
@@ -3504,7 +3504,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: policies.kyverno.io
spec:
group: kyverno.io
@@ -6075,7 +6075,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: policyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@@ -6436,7 +6436,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: reportchangerequests.kyverno.io
spec:
group: kyverno.io
@@ -6798,7 +6798,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: updaterequests.kyverno.io
spec:
group: kyverno.io
@@ -7187,7 +7187,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno-service-account
namespace: kyverno
---
@@ -7200,7 +7200,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:leaderelection
namespace: kyverno
rules:
@@ -7234,7 +7234,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-generaterequest
rules:
@@ -7260,7 +7260,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policies
rules:
@@ -7287,7 +7287,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policyreport
rules:
@@ -7314,7 +7314,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-reportchangerequest
rules:
@@ -7341,7 +7341,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:events
rules:
- apiGroups:
@@ -7363,7 +7363,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:generate
rules:
- apiGroups:
@@ -7410,7 +7410,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:policies
rules:
- apiGroups:
@@ -7463,7 +7463,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:userinfo
rules:
- apiGroups:
@@ -7486,7 +7486,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:view
rules:
- apiGroups:
@@ -7507,7 +7507,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:webhook
rules:
- apiGroups:
@@ -7533,7 +7533,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:leaderelection
namespace: kyverno
roleRef:
@@ -7554,7 +7554,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:events
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -7574,7 +7574,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:generate
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -7594,7 +7594,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:policies
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -7614,7 +7614,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:userinfo
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -7634,7 +7634,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:view
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -7654,7 +7654,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -7679,7 +7679,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno
namespace: kyverno
---
@@ -7695,7 +7695,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno-metrics
namespace: kyverno
---
@@ -7708,7 +7708,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno-svc
namespace: kyverno
spec:
@@ -7729,7 +7729,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno-svc-metrics
namespace: kyverno
spec:
@@ -7750,7 +7750,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno
namespace: kyverno
spec:
@@ -7772,7 +7772,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
spec:
affinity:
podAntiAffinity:
@@ -7807,7 +7807,7 @@
value: kyverno-svc
- name: TUF_ROOT
value: /.sigstore
- image: ghcr.io/kyverno/kyverno:v1.7.2
+ image: ghcr.io/kyverno/kyverno:v1.7.3
imagePullPolicy: Always
livenessProbe:
failureThreshold: 2
@@ -7862,7 +7862,7 @@
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/kyverno/kyvernopre:v1.7.2
+ image: ghcr.io/kyverno/kyvernopre:v1.7.3
imagePullPolicy: Always
name: kyverno-pre
resources:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kyverno-1.7.2/config/release/install.yaml
new/kyverno-1.7.3/config/release/install.yaml
--- old/kyverno-1.7.2/config/release/install.yaml 2022-07-25
07:26:56.000000000 +0200
+++ new/kyverno-1.7.3/config/release/install.yaml 2022-08-24
18:02:37.000000000 +0200
@@ -7,7 +7,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno
---
apiVersion: apiextensions.k8s.io/v1
@@ -21,7 +21,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: clusterpolicies.kyverno.io
spec:
group: kyverno.io
@@ -2590,7 +2590,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: clusterpolicyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@@ -2952,7 +2952,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: clusterreportchangerequests.kyverno.io
spec:
group: kyverno.io
@@ -3314,7 +3314,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: generaterequests.kyverno.io
spec:
group: kyverno.io
@@ -3504,7 +3504,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: policies.kyverno.io
spec:
group: kyverno.io
@@ -6075,7 +6075,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: policyreports.wgpolicyk8s.io
spec:
group: wgpolicyk8s.io
@@ -6436,7 +6436,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: reportchangerequests.kyverno.io
spec:
group: kyverno.io
@@ -6798,7 +6798,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: updaterequests.kyverno.io
spec:
group: kyverno.io
@@ -7187,7 +7187,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno-service-account
namespace: kyverno
---
@@ -7200,7 +7200,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:leaderelection
namespace: kyverno
rules:
@@ -7234,7 +7234,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-generaterequest
rules:
@@ -7260,7 +7260,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policies
rules:
@@ -7287,7 +7287,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-policyreport
rules:
@@ -7314,7 +7314,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
rbac.authorization.k8s.io/aggregate-to-admin: "true"
name: kyverno:admin-reportchangerequest
rules:
@@ -7341,7 +7341,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:events
rules:
- apiGroups:
@@ -7363,7 +7363,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:generate
rules:
- apiGroups:
@@ -7410,7 +7410,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:policies
rules:
- apiGroups:
@@ -7463,7 +7463,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:userinfo
rules:
- apiGroups:
@@ -7486,7 +7486,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:view
rules:
- apiGroups:
@@ -7507,7 +7507,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:webhook
rules:
- apiGroups:
@@ -7533,7 +7533,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:leaderelection
namespace: kyverno
roleRef:
@@ -7554,7 +7554,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:events
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -7574,7 +7574,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:generate
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -7594,7 +7594,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:policies
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -7614,7 +7614,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:userinfo
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -7634,7 +7634,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:view
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -7654,7 +7654,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno:webhook
roleRef:
apiGroup: rbac.authorization.k8s.io
@@ -7679,7 +7679,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno
namespace: kyverno
---
@@ -7695,7 +7695,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno-metrics
namespace: kyverno
---
@@ -7708,7 +7708,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno-svc
namespace: kyverno
spec:
@@ -7729,7 +7729,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno-svc-metrics
namespace: kyverno
spec:
@@ -7750,7 +7750,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
name: kyverno
namespace: kyverno
spec:
@@ -7772,7 +7772,7 @@
app.kubernetes.io/instance: kyverno
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: kyverno
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
spec:
affinity:
podAntiAffinity:
@@ -7807,7 +7807,7 @@
value: kyverno-svc
- name: TUF_ROOT
value: /.sigstore
- image: ghcr.io/kyverno/kyverno:v1.7.2
+ image: ghcr.io/kyverno/kyverno:v1.7.3
imagePullPolicy: Always
livenessProbe:
failureThreshold: 2
@@ -7862,7 +7862,7 @@
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- image: ghcr.io/kyverno/kyvernopre:v1.7.2
+ image: ghcr.io/kyverno/kyvernopre:v1.7.3
imagePullPolicy: Always
name: kyverno-pre
resources:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kyverno-1.7.2/config/release/kustomization.yaml
new/kyverno-1.7.3/config/release/kustomization.yaml
--- old/kyverno-1.7.2/config/release/kustomization.yaml 2022-07-25
07:26:56.000000000 +0200
+++ new/kyverno-1.7.3/config/release/kustomization.yaml 2022-08-24
18:02:37.000000000 +0200
@@ -9,6 +9,6 @@
images:
- name: ghcr.io/kyverno/kyverno
- newTag: v1.7.2
+ newTag: v1.7.3
- name: ghcr.io/kyverno/kyvernopre
- newTag: v1.7.2
+ newTag: v1.7.3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kyverno-1.7.2/config/release/labels.yaml
new/kyverno-1.7.3/config/release/labels.yaml
--- old/kyverno-1.7.2/config/release/labels.yaml 2022-07-25
07:26:56.000000000 +0200
+++ new/kyverno-1.7.3/config/release/labels.yaml 2022-08-24
18:02:37.000000000 +0200
@@ -4,7 +4,7 @@
metadata:
name: labelTransformer
labels:
- app.kubernetes.io/version: v1.7.2
+ app.kubernetes.io/version: v1.7.3
fieldSpecs:
- path: metadata/labels
create: true
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kyverno-1.7.2/pkg/engine/validation.go
new/kyverno-1.7.3/pkg/engine/validation.go
--- old/kyverno-1.7.2/pkg/engine/validation.go 2022-07-25 07:26:56.000000000
+0200
+++ new/kyverno-1.7.3/pkg/engine/validation.go 2022-08-24 18:02:37.000000000
+0200
@@ -216,7 +216,7 @@
return ruleError(v.rule, response.Validation, "failed to
evaluate preconditions", err)
}
- if !preconditionsPassed &&
(v.ctx.Policy.GetSpec().ValidationFailureAction != kyverno.Audit ||
store.GetMock()) {
+ if !preconditionsPassed {
return ruleResponse(*v.rule, response.Validation,
"preconditions not met", response.RuleStatusSkip, nil)
}
@@ -257,7 +257,7 @@
preconditionsPassed, err := checkPreconditions(v.log, v.ctx,
v.anyAllConditions)
if err != nil {
return ruleError(v.rule, response.Validation, "failed to
evaluate preconditions", err)
- } else if !preconditionsPassed &&
(v.ctx.Policy.GetSpec().ValidationFailureAction != kyverno.Audit ||
store.GetMock()) {
+ } else if !preconditionsPassed {
return ruleResponse(*v.rule, response.Validation,
"preconditions not met", response.RuleStatusSkip, nil)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/kyverno-1.7.2/pkg/webhookconfig/configmanager.go
new/kyverno-1.7.3/pkg/webhookconfig/configmanager.go
--- old/kyverno-1.7.2/pkg/webhookconfig/configmanager.go 2022-07-25
07:26:56.000000000 +0200
+++ new/kyverno-1.7.3/pkg/webhookconfig/configmanager.go 2022-08-24
18:02:37.000000000 +0200
@@ -821,7 +821,12 @@
for _, gvr := range gvrList {
groups = append(groups, gvr.Group)
- versions = append(versions, gvr.Version)
+ if gvr.Version == "*" {
+ versions = make([]string, 0)
+ versions = append(versions, gvr.Version)
+ } else if !utils.ContainsString(versions, "*") {
+ versions = append(versions, gvr.Version)
+ }
rsrcs = append(rsrcs, gvr.Resource)
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kyverno-1.7.2/test/cli/test/policy-reports-skip-validation/kyverno-test.yaml
new/kyverno-1.7.3/test/cli/test/policy-reports-skip-validation/kyverno-test.yaml
---
old/kyverno-1.7.2/test/cli/test/policy-reports-skip-validation/kyverno-test.yaml
1970-01-01 01:00:00.000000000 +0100
+++
new/kyverno-1.7.3/test/cli/test/policy-reports-skip-validation/kyverno-test.yaml
2022-08-24 18:02:37.000000000 +0200
@@ -0,0 +1,17 @@
+name: disallow-naked-pods
+policies:
+ - policy.yaml
+resources:
+ - resource.yaml
+variables: values.yaml
+results:
+- policy: disallow-naked-pods
+ rule: validate-naked-pods
+ resource: blank-skip
+ kind: Pod
+ result: skip
+- policy: disallow-naked-pods
+ rule: validate-naked-pods
+ resource: blank-fail
+ kind: Pod
+ result: fail
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kyverno-1.7.2/test/cli/test/policy-reports-skip-validation/policy.yaml
new/kyverno-1.7.3/test/cli/test/policy-reports-skip-validation/policy.yaml
--- old/kyverno-1.7.2/test/cli/test/policy-reports-skip-validation/policy.yaml
1970-01-01 01:00:00.000000000 +0100
+++ new/kyverno-1.7.3/test/cli/test/policy-reports-skip-validation/policy.yaml
2022-08-24 18:02:37.000000000 +0200
@@ -0,0 +1,32 @@
+apiVersion: kyverno.io/v1
+kind: ClusterPolicy
+metadata:
+ name: disallow-naked-pods
+spec:
+ validationFailureAction: audit
+ background: false
+ rules:
+ - name: validate-naked-pods
+ match:
+ any:
+ - resources:
+ kinds:
+ - Pod
+ context:
+ - name: ignorepolicy
+ apiCall:
+ urlPath: "/api/v1/namespaces/{{request.namespace}}"
+ jmesPath:
"metadata.annotations.\"policies.example.ignore-policy/disallow-naked-pods\" ||
''"
+ preconditions:
+ all:
+ - key: "{{ignorepolicy}}"
+ operator: NotEquals
+ value: "ignore"
+ validate:
+ message: "naked pods are not allowed"
+ deny:
+ conditions:
+ any:
+ - key: ownerReferences
+ operator: AnyNotIn
+ value: "{{request.object.metadata.keys(@)}}"
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kyverno-1.7.2/test/cli/test/policy-reports-skip-validation/resource.yaml
new/kyverno-1.7.3/test/cli/test/policy-reports-skip-validation/resource.yaml
---
old/kyverno-1.7.2/test/cli/test/policy-reports-skip-validation/resource.yaml
1970-01-01 01:00:00.000000000 +0100
+++
new/kyverno-1.7.3/test/cli/test/policy-reports-skip-validation/resource.yaml
2022-08-24 18:02:37.000000000 +0200
@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: blank-skip
+spec:
+ hostIPC: true
+ containers:
+ - name: busybox
+ image: busyboxasdfasdf:1.28
+ args:
+ - sleep
+ - "9999"
+ securityContext:
+ runAsUser: 12345
+
+---
+apiVersion: v1
+kind: Pod
+metadata:
+ name: blank-fail
+ labels:
+ foo: bar
+spec:
+ hostIPC: true
+ containers:
+ - name: busybox
+ image: nginx
\ No newline at end of file
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/kyverno-1.7.2/test/cli/test/policy-reports-skip-validation/values.yaml
new/kyverno-1.7.3/test/cli/test/policy-reports-skip-validation/values.yaml
--- old/kyverno-1.7.2/test/cli/test/policy-reports-skip-validation/values.yaml
1970-01-01 01:00:00.000000000 +0100
+++ new/kyverno-1.7.3/test/cli/test/policy-reports-skip-validation/values.yaml
2022-08-24 18:02:37.000000000 +0200
@@ -0,0 +1,14 @@
+policies:
+ - name: disallow-naked-pods
+ resources:
+ - name: blank-skip
+ # It doesn't satifies the precondition. Therefore can not proceed
+ # further for validation.
+ values:
+ ignorepolicy: "ignore"
+ - name: blank-fail
+ # It satisfies the precondition. Therefore can proceed
+ # further for validation against policy.
+ values:
+ ignorepolicy: "allowit"
+
\ No newline at end of file
++++++ vendor.tar.gz ++++++
/work/SRC/openSUSE:Factory/kyverno/vendor.tar.gz
/work/SRC/openSUSE:Factory/.kyverno.new.2083/vendor.tar.gz differ: char 5, line
1
