Release/v1.11.1 (#104)

* feat: refactor kyverno folders

* doc(v1.11.1): update compatibility matrix and release note

* feat(kyverno,kubectl): bump to 1.27.10

---------

Co-authored-by: Samuele Chiocca <[email protected]>

README.md

@@ -5,7 +5,7 @@
 </h1>
 <!-- markdownlint-enable MD033 -->
 
-![Release](https://img.shields.io/badge/Latest%20Release-v1.11.0-blue)
+![Release](https://img.shields.io/badge/Latest%20Release-v1.11.1-blue)
 ![License](https://img.shields.io/github/license/sighupio/fury-kubernetes-opa?label=License)
 ![Slack](https://img.shields.io/badge/slack-@kubernetes/fury-yellow.svg?logo=slack&label=Slack)
 
@@ -53,9 +53,9 @@ Check the [compatibility matrix][compatibility-matrix] for additional informatio
 ### Prerequisites
 
 | Tool                                    | Version    | Description                                                                                                                                                    |
-| --------------------------------------- | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| [furyctl][furyctl-repo]                 | `>=0.25.0` | The recommended tool to download and manage KFD modules and their packages. To learn more about `furyctl` read the [official documentation][furyctl-repo].     |
-| [kustomize][kustomize-repo]             | `>=3.5.3`  | Packages are customized using `kustomize`. To learn how to create your customization layer with `kustomize`, please refer to the [repository][kustomize-repo]. |
+| --------------------------------------- |------------| -------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| [furyctl][furyctl-repo]                 | `>=0.27.0` | The recommended tool to download and manage KFD modules and their packages. To learn more about `furyctl` read the [official documentation][furyctl-repo].     |
+| [kustomize][kustomize-repo]             | `>=3.10.0` | Packages are customized using `kustomize`. To learn how to create your customization layer with `kustomize`, please refer to the [repository][kustomize-repo]. |
 | [KFD Monitoring Module][kfd-monitoring] | `>v1.10.0` | Expose metrics to Prometheus *(optional)* and use Grafana Dashboards.                                                                                          |
 
 > You can comment out the service monitor in the [kustomization.yaml][core-kustomization] file if you don't want to install the monitoring module.
@@ -67,7 +67,7 @@ Check the [compatibility matrix][compatibility-matrix] for additional informatio
 ```yaml
 bases:
   - name: opa/gatekeeper
-    version: "1.11.0"
+    version: "1.11.1"
 ```
 
 > See `furyctl` [documentation][furyctl-repo] for additional details about `Furyfile.yml` format.
@@ -178,7 +178,7 @@ Notice that the alert for when the Gatekeeper webhook is in `Ignore` mode (the d
 ```yaml
 bases:
   - name: opa/kyverno
-    version: "1.11.0"
+    version: "1.11.1"
 ```
 
 > See `furyctl` [documentation][furyctl-repo] for additional details about `Furyfile.yml` format.
@@ -204,6 +204,7 @@ kustomize build . | kubectl apply -f -
 [gatekeeper-page]: https://github.com/open-policy-agent/gatekeeper
 [gatekeeper-failmode]: https://open-policy-agent.github.io/gatekeeper/website/docs/failing-closed/
 [gatekeeper-exemption]: https://open-policy-agent.github.io/gatekeeper/website/docs/exempt-namespaces/
+[kyverno-page]: https://github.com/kyverno/kyverno
 [kubernetes-vaw-docs]: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/
 [kfd-monitoring]: https://github.com/sighupio/fury-kubernetes-monitoring
 [core-kustomization]: ./katalog/gatekeeper/core/kustomization.yaml

docs/COMPATIBILITY_MATRIX.md

@@ -2,7 +2,7 @@
 # Compatibility Matrix
 
 | Module Version / Kubernetes Version |       1.19.X       |       1.20.X       |       1.21.X       |       1.22.X       | 1.23.X             | 1.24.X             | 1.25.X             | 1.26.X             | 1.27.X             |
-| ----------------------------------- | :----------------: | :----------------: | :----------------: | :----------------: | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ |
+|-------------------------------------| :----------------: | :----------------: | :----------------: | :----------------: | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ |
 | v1.6.2                              | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :warning:          |                    |                    |                    |                    |
 | v1.7.0                              | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |                    |                    |                    |                    |
 | v1.7.1                              | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |                    |                    |
@@ -12,6 +12,7 @@
 | v1.9.0                              |                    |                    |                    | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |                    |
 | v1.10.0                             |                    |                    |                    |                    |                    | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 | v1.11.0                             |                    |                    |                    |                    |                    |                    | :white_check_mark: | :white_check_mark: | :white_check_mark: |
+| v1.11.1                             |                    |                    |                    |                    |                    |                    | :white_check_mark: | :white_check_mark: | :white_check_mark: |
 
 :white_check_mark: Compatible
 

docs/releases/v1.11.1.md

@@ -0,0 +1,27 @@
+# OPA Core Module Release 1.11.1
+
+Welcome to the latest release of `OPA` module of [Kubernetes Fury Distribution](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP.
+
+This is a patch release including the following changes:
+
+- Spliting of kyverno core and policies
+
+## Component Images 🚢
+
+| Component                   | Supported Version                                                                     | Previous Version |
+| --------------------------- | ------------------------------------------------------------------------------------- | ---------------- |
+| `gatekeeper`                | [`v3.14.0`](https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.14.0)     | `No Update`      |
+| `gatekeeper-policy-manager` | [`v1.0.9`](https://github.com/sighupio/gatekeeper-policy-manager/releases/tag/v1.0.9) | `No Update`      |
+| `kyverno`                   | [`v1.11.0`](https://github.com/kyverno/kyverno/releases/tag/v1.11.0)                  | `New package`    |
+
+> Please refer the individual release notes to get a detailed information on each release.
+
+## Update Guide 🦮
+
+### Process
+
+To upgrade this core module from `v1.11.0` to `v1.11.1`, you need to download this new version, then apply the `kustomize` project. No further action is required.
+
+```bash
+kustomize build katalog/gatekeeper | kubectl apply -f -
+```

katalog/kyverno/MAINTENANCE.md

@@ -18,7 +18,7 @@ helm template kyverno /tmp/kyverno --values MAINTENANCE.values.yaml --namespace
 helm template kyverno /tmp/kyverno --values MAINTENANCE.values.yaml --set crds.install=true --namespace kyverno | yq 'select(.kind == "CustomResourceDefinition")' > crds.yaml
 ```
 
-Compare the deploy.yaml file with the built-kyverno.yaml to find differences with the current version.
+Compare the core/deploy.yaml file with the built-kyverno.yaml to find differences with the current version.
 
 What was changed:
 - Removed all the helm hooks from the deploy

katalog/kyverno/core/kustomization.yaml

@@ -0,0 +1,34 @@
+# Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
+# Use of this source code is governed by a BSD-style
+# license that can be found in the LICENSE file.
+
+---
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+namespace: kyverno
+
+resources:
+  - crds.yaml
+  - namespace.yaml
+  - deploy.yaml
+
+images:
+  - name: ghcr.io/kyverno/kyverno
+    newName: registry.sighup.io/fury/kyverno/kyverno
+    newTag: v1.11.0
+  - name: ghcr.io/kyverno/kyvernopre
+    newName: registry.sighup.io/fury/kyverno/kyvernopre
+    newTag: v1.11.0
+  - name: ghcr.io/kyverno/background-controller
+    newName: registry.sighup.io/fury/kyverno/background-controller
+    newTag: v1.11.0
+  - name: ghcr.io/kyverno/cleanup-controller
+    newName: registry.sighup.io/fury/kyverno/cleanup-controller
+    newTag: v1.11.0
+  - name: ghcr.io/kyverno/reports-controller
+    newName: registry.sighup.io/fury/kyverno/reports-controller
+    newTag: v1.11.0
+  - name: bitnami/kubectl
+    newName: registry.sighup.io/fury/bitnami/kubectl
+    newTag: "1.27.10"

katalog/kyverno/kustomization.yaml

@@ -6,30 +6,6 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 
-namespace: kyverno
-
 resources:
-  - crds.yaml
+  - core
   - policies
-  - namespace.yaml
-  - deploy.yaml
-
-images:
-  - name: ghcr.io/kyverno/kyverno
-    newName: registry.sighup.io/fury/kyverno/kyverno
-    newTag: v1.11.0
-  - name: ghcr.io/kyverno/kyvernopre
-    newName: registry.sighup.io/fury/kyverno/kyvernopre
-    newTag: v1.11.0
-  - name: ghcr.io/kyverno/background-controller
-    newName: registry.sighup.io/fury/kyverno/background-controller
-    newTag: v1.11.0
-  - name: ghcr.io/kyverno/cleanup-controller
-    newName: registry.sighup.io/fury/kyverno/cleanup-controller
-    newTag: v1.11.0
-  - name: ghcr.io/kyverno/reports-controller
-    newName: registry.sighup.io/fury/kyverno/reports-controller
-    newTag: v1.11.0
-  - name: bitnami/kubectl
-    newName: registry.sighup.io/fury/bitnami/kubectl
-    newTag: "1.26.10"