Release 1.6.3 (kyverno#4134)

* fix: do not remove webhooks during initialization (kyverno#3641) * Do not remove webhooks during initialization During initialization the Kyverno leader Pod deletes all the existing webhooks and recreates them. There is a small time window were the cluster is not protected by the webhooks, allowing a user to apply resources without any verfication. This commit updates the leader registration logic to not remove and recreate the webhooks but, in the case that the webhooks already exist, update them. Signed-off-by: Ioannis Bouloumpasis <[email protected]> * Fix linter errors Signed-off-by: Ioannis Bouloumpasis <[email protected]> * Use the Lister to get webhook configurations Signed-off-by: Ioannis Bouloumpasis <[email protected]> Signed-off-by: ShutingZhao <[email protected]> * Tag v1.6.3 Signed-off-by: ShutingZhao <[email protected]> Co-authored-by: Ioannis Bouloumpasis <[email protected]>
nirmata · Jun 17, 2022 · 38ca9e7 · 38ca9e7
1 parent e0f6fa1
commit 38ca9e7
Show file tree

Hide file tree

Showing 8 changed files with 192 additions and 87 deletions.
diff --git a/charts/kyverno-policies/Chart.yaml b/charts/kyverno-policies/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: kyverno-policies
-version: v2.3.4
-appVersion: v1.6.2
+version: v2.3.5
+appVersion: v1.6.3
 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
 description: Kubernetes Pod Security Standards implemented as Kyverno policies
 keywords:

diff --git a/charts/kyverno/Chart.yaml b/charts/kyverno/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: kyverno
-version: v2.3.3
-appVersion: v1.6.2
+version: v2.3.4
+appVersion: v1.6.3
 icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
 description: Kubernetes Native Policy Management
 keywords:

diff --git a/charts/kyverno/templates/crds.yaml b/charts/kyverno/templates/crds.yaml
@@ -11,7 +11,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: clusterpolicies.kyverno.io
 spec:
   group: kyverno.io
@@ -1388,7 +1388,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: clusterpolicyreports.wgpolicyk8s.io
 spec:
   group: wgpolicyk8s.io
@@ -1880,7 +1880,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: clusterreportchangerequests.kyverno.io
 spec:
   group: kyverno.io
@@ -2372,7 +2372,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: generaterequests.kyverno.io
 spec:
   group: kyverno.io
@@ -2553,7 +2553,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: policies.kyverno.io
 spec:
   group: kyverno.io
@@ -3930,7 +3930,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: policyreports.wgpolicyk8s.io
 spec:
   group: wgpolicyk8s.io
@@ -4422,7 +4422,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: reportchangerequests.kyverno.io
 spec:
   group: kyverno.io

diff --git a/config/install.yaml b/config/install.yaml
@@ -7,7 +7,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno
 ---
 apiVersion: apiextensions.k8s.io/v1
@@ -21,7 +21,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: clusterpolicies.kyverno.io
 spec:
   group: kyverno.io
@@ -2202,7 +2202,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: clusterpolicyreports.wgpolicyk8s.io
 spec:
   group: wgpolicyk8s.io
@@ -2882,7 +2882,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: clusterreportchangerequests.kyverno.io
 spec:
   group: kyverno.io
@@ -3562,7 +3562,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: generaterequests.kyverno.io
 spec:
   group: kyverno.io
@@ -3759,7 +3759,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: policies.kyverno.io
 spec:
   group: kyverno.io
@@ -5942,7 +5942,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: policyreports.wgpolicyk8s.io
 spec:
   group: wgpolicyk8s.io
@@ -6620,7 +6620,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: reportchangerequests.kyverno.io
 spec:
   group: kyverno.io
@@ -7298,7 +7298,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno-service-account
   namespace: kyverno
 ---
@@ -7311,7 +7311,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:leaderelection
   namespace: kyverno
 rules:
@@ -7345,7 +7345,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
   name: kyverno:admin-policies
 rules:
@@ -7372,7 +7372,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
   name: kyverno:admin-policyreport
 rules:
@@ -7399,7 +7399,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
     rbac.authorization.k8s.io/aggregate-to-admin: "true"
   name: kyverno:admin-reportchangerequest
 rules:
@@ -7426,7 +7426,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:events
 rules:
 - apiGroups:
@@ -7448,7 +7448,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:generate
 rules:
 - apiGroups:
@@ -7495,7 +7495,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:policies
 rules:
 - apiGroups:
@@ -7546,7 +7546,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:userinfo
 rules:
 - apiGroups:
@@ -7569,7 +7569,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:view
 rules:
 - apiGroups:
@@ -7590,7 +7590,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:webhook
 rules:
 - apiGroups:
@@ -7616,7 +7616,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:leaderelection
   namespace: kyverno
 roleRef:
@@ -7637,7 +7637,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:events
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -7657,7 +7657,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:generate
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -7677,7 +7677,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:policies
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -7697,7 +7697,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:userinfo
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -7717,7 +7717,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:view
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -7737,7 +7737,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno:webhook
 roleRef:
   apiGroup: rbac.authorization.k8s.io
@@ -7761,7 +7761,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno
   namespace: kyverno
 ---
@@ -7777,7 +7777,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno-metrics
   namespace: kyverno
 ---
@@ -7790,7 +7790,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno-svc
   namespace: kyverno
 spec:
@@ -7811,7 +7811,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno-svc-metrics
   namespace: kyverno
 spec:
@@ -7832,7 +7832,7 @@ metadata:
     app.kubernetes.io/instance: kyverno
     app.kubernetes.io/name: kyverno
     app.kubernetes.io/part-of: kyverno
-    app.kubernetes.io/version: v1.6.2
+    app.kubernetes.io/version: v1.6.3
   name: kyverno
   namespace: kyverno
 spec:
@@ -7854,7 +7854,7 @@ spec:
         app.kubernetes.io/instance: kyverno
         app.kubernetes.io/name: kyverno
         app.kubernetes.io/part-of: kyverno
-        app.kubernetes.io/version: v1.6.2
+        app.kubernetes.io/version: v1.6.3
     spec:
       affinity:
         podAntiAffinity:
@@ -7885,7 +7885,7 @@ spec:
           value: kyverno-svc
         - name: TUF_ROOT
           value: /.sigstore
-        image: ghcr.io/kyverno/kyverno:v1.6.2
+        image: ghcr.io/kyverno/kyverno:v1.6.3
         imagePullPolicy: IfNotPresent
         livenessProbe:
           failureThreshold: 2
@@ -7940,7 +7940,7 @@ spec:
           valueFrom:
             fieldRef:
               fieldPath: metadata.namespace
-        image: ghcr.io/kyverno/kyvernopre:v1.6.2
+        image: ghcr.io/kyverno/kyvernopre:v1.6.3
         imagePullPolicy: IfNotPresent
         name: kyverno-pre
         resources: