diff --git a/README.md b/README.md index 95d94cf..728b8ff 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ -![Release](https://img.shields.io/badge/Latest%20Release-v1.11.0-blue) +![Release](https://img.shields.io/badge/Latest%20Release-v1.11.1-blue) ![License](https://img.shields.io/github/license/sighupio/fury-kubernetes-opa?label=License) ![Slack](https://img.shields.io/badge/slack-@kubernetes/fury-yellow.svg?logo=slack&label=Slack) @@ -53,9 +53,9 @@ Check the [compatibility matrix][compatibility-matrix] for additional informatio ### Prerequisites | Tool | Version | Description | -| --------------------------------------- | ---------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| [furyctl][furyctl-repo] | `>=0.25.0` | The recommended tool to download and manage KFD modules and their packages. To learn more about `furyctl` read the [official documentation][furyctl-repo]. | -| [kustomize][kustomize-repo] | `>=3.5.3` | Packages are customized using `kustomize`. To learn how to create your customization layer with `kustomize`, please refer to the [repository][kustomize-repo]. | +| --------------------------------------- |------------| -------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| [furyctl][furyctl-repo] | `>=0.27.0` | The recommended tool to download and manage KFD modules and their packages. To learn more about `furyctl` read the [official documentation][furyctl-repo]. | +| [kustomize][kustomize-repo] | `>=3.10.0` | Packages are customized using `kustomize`. To learn how to create your customization layer with `kustomize`, please refer to the [repository][kustomize-repo]. | | [KFD Monitoring Module][kfd-monitoring] | `>v1.10.0` | Expose metrics to Prometheus *(optional)* and use Grafana Dashboards. | > You can comment out the service monitor in the [kustomization.yaml][core-kustomization] file if you don't want to install the monitoring module. @@ -67,7 +67,7 @@ Check the [compatibility matrix][compatibility-matrix] for additional informatio ```yaml bases: - name: opa/gatekeeper - version: "1.11.0" + version: "1.11.1" ``` > See `furyctl` [documentation][furyctl-repo] for additional details about `Furyfile.yml` format. @@ -178,7 +178,7 @@ Notice that the alert for when the Gatekeeper webhook is in `Ignore` mode (the d ```yaml bases: - name: opa/kyverno - version: "1.11.0" + version: "1.11.1" ``` > See `furyctl` [documentation][furyctl-repo] for additional details about `Furyfile.yml` format. @@ -204,6 +204,7 @@ kustomize build . | kubectl apply -f - [gatekeeper-page]: https://github.com/open-policy-agent/gatekeeper [gatekeeper-failmode]: https://open-policy-agent.github.io/gatekeeper/website/docs/failing-closed/ [gatekeeper-exemption]: https://open-policy-agent.github.io/gatekeeper/website/docs/exempt-namespaces/ +[kyverno-page]: https://github.com/kyverno/kyverno [kubernetes-vaw-docs]: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/ [kfd-monitoring]: https://github.com/sighupio/fury-kubernetes-monitoring [core-kustomization]: ./katalog/gatekeeper/core/kustomization.yaml diff --git a/docs/COMPATIBILITY_MATRIX.md b/docs/COMPATIBILITY_MATRIX.md index 29e3be3..9c839ce 100644 --- a/docs/COMPATIBILITY_MATRIX.md +++ b/docs/COMPATIBILITY_MATRIX.md @@ -2,7 +2,7 @@ # Compatibility Matrix | Module Version / Kubernetes Version | 1.19.X | 1.20.X | 1.21.X | 1.22.X | 1.23.X | 1.24.X | 1.25.X | 1.26.X | 1.27.X | -| ----------------------------------- | :----------------: | :----------------: | :----------------: | :----------------: | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | +|-------------------------------------| :----------------: | :----------------: | :----------------: | :----------------: | ------------------ | ------------------ | ------------------ | ------------------ | ------------------ | | v1.6.2 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :warning: | | | | | | v1.7.0 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | | | | v1.7.1 | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | @@ -12,6 +12,7 @@ | v1.9.0 | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | | v1.10.0 | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | | v1.11.0 | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| v1.11.1 | | | | | | | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: Compatible diff --git a/docs/releases/v1.11.1.md b/docs/releases/v1.11.1.md new file mode 100644 index 0000000..4f2af13 --- /dev/null +++ b/docs/releases/v1.11.1.md @@ -0,0 +1,27 @@ +# OPA Core Module Release 1.11.1 + +Welcome to the latest release of `OPA` module of [Kubernetes Fury Distribution](https://github.com/sighupio/fury-distribution) maintained by team SIGHUP. + +This is a patch release including the following changes: + +- Spliting of kyverno core and policies + +## Component Images 🚢 + +| Component | Supported Version | Previous Version | +| --------------------------- | ------------------------------------------------------------------------------------- | ---------------- | +| `gatekeeper` | [`v3.14.0`](https://github.com/open-policy-agent/gatekeeper/releases/tag/v3.14.0) | `No Update` | +| `gatekeeper-policy-manager` | [`v1.0.9`](https://github.com/sighupio/gatekeeper-policy-manager/releases/tag/v1.0.9) | `No Update` | +| `kyverno` | [`v1.11.0`](https://github.com/kyverno/kyverno/releases/tag/v1.11.0) | `New package` | + +> Please refer the individual release notes to get a detailed information on each release. + +## Update Guide 🦮 + +### Process + +To upgrade this core module from `v1.11.0` to `v1.11.1`, you need to download this new version, then apply the `kustomize` project. No further action is required. + +```bash +kustomize build katalog/gatekeeper | kubectl apply -f - +``` diff --git a/katalog/kyverno/MAINTENANCE.md b/katalog/kyverno/MAINTENANCE.md index bfedcf4..cdc7821 100644 --- a/katalog/kyverno/MAINTENANCE.md +++ b/katalog/kyverno/MAINTENANCE.md @@ -18,7 +18,7 @@ helm template kyverno /tmp/kyverno --values MAINTENANCE.values.yaml --namespace helm template kyverno /tmp/kyverno --values MAINTENANCE.values.yaml --set crds.install=true --namespace kyverno | yq 'select(.kind == "CustomResourceDefinition")' > crds.yaml ``` -Compare the deploy.yaml file with the built-kyverno.yaml to find differences with the current version. +Compare the core/deploy.yaml file with the built-kyverno.yaml to find differences with the current version. What was changed: - Removed all the helm hooks from the deploy diff --git a/katalog/kyverno/crds.yaml b/katalog/kyverno/core/crds.yaml similarity index 100% rename from katalog/kyverno/crds.yaml rename to katalog/kyverno/core/crds.yaml diff --git a/katalog/kyverno/deploy.yaml b/katalog/kyverno/core/deploy.yaml similarity index 100% rename from katalog/kyverno/deploy.yaml rename to katalog/kyverno/core/deploy.yaml diff --git a/katalog/kyverno/core/kustomization.yaml b/katalog/kyverno/core/kustomization.yaml new file mode 100644 index 0000000..a075e1a --- /dev/null +++ b/katalog/kyverno/core/kustomization.yaml @@ -0,0 +1,34 @@ +# Copyright (c) 2017-present SIGHUP s.r.l All rights reserved. +# Use of this source code is governed by a BSD-style +# license that can be found in the LICENSE file. + +--- +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +namespace: kyverno + +resources: + - crds.yaml + - namespace.yaml + - deploy.yaml + +images: + - name: ghcr.io/kyverno/kyverno + newName: registry.sighup.io/fury/kyverno/kyverno + newTag: v1.11.0 + - name: ghcr.io/kyverno/kyvernopre + newName: registry.sighup.io/fury/kyverno/kyvernopre + newTag: v1.11.0 + - name: ghcr.io/kyverno/background-controller + newName: registry.sighup.io/fury/kyverno/background-controller + newTag: v1.11.0 + - name: ghcr.io/kyverno/cleanup-controller + newName: registry.sighup.io/fury/kyverno/cleanup-controller + newTag: v1.11.0 + - name: ghcr.io/kyverno/reports-controller + newName: registry.sighup.io/fury/kyverno/reports-controller + newTag: v1.11.0 + - name: bitnami/kubectl + newName: registry.sighup.io/fury/bitnami/kubectl + newTag: "1.27.10" diff --git a/katalog/kyverno/namespace.yaml b/katalog/kyverno/core/namespace.yaml similarity index 100% rename from katalog/kyverno/namespace.yaml rename to katalog/kyverno/core/namespace.yaml diff --git a/katalog/kyverno/kustomization.yaml b/katalog/kyverno/kustomization.yaml index 949dd92..bcbf8b6 100644 --- a/katalog/kyverno/kustomization.yaml +++ b/katalog/kyverno/kustomization.yaml @@ -6,30 +6,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: kyverno - resources: - - crds.yaml + - core - policies - - namespace.yaml - - deploy.yaml - -images: - - name: ghcr.io/kyverno/kyverno - newName: registry.sighup.io/fury/kyverno/kyverno - newTag: v1.11.0 - - name: ghcr.io/kyverno/kyvernopre - newName: registry.sighup.io/fury/kyverno/kyvernopre - newTag: v1.11.0 - - name: ghcr.io/kyverno/background-controller - newName: registry.sighup.io/fury/kyverno/background-controller - newTag: v1.11.0 - - name: ghcr.io/kyverno/cleanup-controller - newName: registry.sighup.io/fury/kyverno/cleanup-controller - newTag: v1.11.0 - - name: ghcr.io/kyverno/reports-controller - newName: registry.sighup.io/fury/kyverno/reports-controller - newTag: v1.11.0 - - name: bitnami/kubectl - newName: registry.sighup.io/fury/bitnami/kubectl - newTag: "1.26.10" \ No newline at end of file