Release v1.7.0
·
104 commits
to main
since this release
OPA Core Module Release v1.7.0
Welcome to the latest release of the OPA module of Kubernetes Fury Distribution maintained by team SIGHUP.
This release includes the following changes:
- Gatekeeper has been updated to v3.9.0 with mutating capabilities in beta.
- The custom rules have been updated to use
constraintTemplatesv1 and improved with added descriptions and better deny messages. - The Gatekeeper audit process for the provided constraints now triggers violations for pre-existing resources.
- A set of custom Prometheus alerts that get triggered when the Gatekeeper webhooks are misbehaving for more than 5 min* has been added.
- The Grafana Dashboard for Gatekeeper has been updated.
- Gatekeeper Policy Manager has been updated to v1.0.0, including a revamped UI.
- Gatekeeper Policy Manager now uses local manifests instead of pulling them at
kustomize buildtime. - The module's documentation has been updated and improved.
* The alert for webhooks failing in
Ignoremode requires Kubernetes version 1.24 or later.
Component Images 🚢
| Component | Supported Version | Previous Version |
|---|---|---|
gatekeeper |
v3.9.0 |
v3.7.0 |
gatekeeper-policy-manager |
v1.0.0 |
v0.5.1 |
Please refer the linked release notes to get more information on the changes for these versions.
Update Guide 🦮
Warnings
- The
http.sendOPA built-in is now disabled. See: https://open-policy-agent.github.io/gatekeeper/website/docs/externaldata#motivation - Enabled beta mutating capabilities. See: https://open-policy-agent.github.io/gatekeeper/website/docs/mutation
Upgrade from v1.6.2 should be straightforward and no downtime is expected.
Process
To upgrade this core module from v1.6.2 to v1.7.0, you need to download this new version, then apply the kustomize project. No further action is required.
kustomize build katalog/gatekeeper | kubectl apply -f -