v0.17.0

The released image is quay.io/open-cluster-management/governance-policy-addon-controller:v0.17.0

🚀 Features

• feat: enable crd-sync to open PRs by @dhaiducek in #222
• Sync CRDs by @acm-grc-security in #228

🛡️ Vulnerability Fixes

• Address oauth2 vuln by @dhaiducek in #201
• Update a go module impacted by a cve by @gparvin in #202
• Update helm.sh/helm/v3 to v3.18.5 by @JustinKuli in #215

⚙️ Other Notable Changes

• Bump to addon-framework v1.0.1 by @dhaiducek in #210
• Upgrade k8s to v0.33 by @dhaiducek in #220

✨ New Contributors

• @acm-grc-security made their first contribution in #228

Full Changelog: v0.16.0...v0.17.0

v0.16.0

governance-policy-addon-controller v0.16.0

• The released image is quay.io/open-cluster-management/governance-policy-addon-controller:v0.16.0

What's Changed

• Remove v1beta1 CRD by @dhaiducek in #184
• Remove the tech preview compliance history API by @mprahl in #183
• Update configuration CRD after objectSelector by @yiraeChristineKim in #186
• Update net and crypto pkgs by @dhaiducek in #189
• Seed name ManagedCluster label by @dhaiducek in #190
• Add governance-standalone-hub-templating addon by @JustinKuli in #194
• Pass context by @dhaiducek in #195
• Allow config-policy secrets access in hosted mode by @JustinKuli in #196
• Configure consistent logging using Zap by @dhaiducek in #166
• Add resourceRequirements to AddonDeploymentConfig by @dhaiducek in #197
• Fix: add missing resources key to values.yaml by @dhaiducek in #198
• Use informers for faster lookups by @JustinKuli in #199

Full Changelog: v0.15.0...v0.16.0

v0.15.0

governance-policy-addon-controller v0.15.0

• The released image is quay.io/open-cluster-management/governance-policy-addon-controller:v0.15.0

What's Changed

• Add the watch permission on policy-encryption-key on managed by @mprahl in #165
• Sync ConfigPolicy CRD by @dhaiducek in #167
• Remove kube-rbac-proxy YAML configurations by @zyjjay in #161
• Make CRD descriptions folded by @dhaiducek in #168
• Move ports and volumeMounts from deprecated kube-rbac-proxy sidecar to controller container by @zyjjay in #169
• Fix config policy controller deployment volumeMount by @zyjjay in #170
• Sync CRDs by @JustinKuli in #172
• Honor label for local-cluster, not just name by @JustinKuli in #173
• Check the hosting cluster vendor when in hosted mode by @mprahl in #174
• Update to Go v1.22 by @dhaiducek in #176
• Sync the Policy CRD by @mprahl in #177
• Sync common Makefile by @dhaiducek in #178
• Sync CRDs by @dhaiducek in #179
• Add open-cluster-management-policies namespace to the GRC watch names… by @yiraeChristineKim in #180
• Add the ocm-policies namespace to the uninstall by @JustinKuli in #181
• Update Route CRD by @dhaiducek in #182

Full Changelog: v0.14.0...v0.15.0

v0.14.0

governance-policy-addon-controller v0.14.0

• The released image is quay.io/open-cluster-management/governance-policy-addon-controller:v0.14.0

What's Changed

• Use the hosting cluster version when applicable by @mprahl in #142
• Sync common Makefile by @dhaiducek in #144
• Sync CRDs by @dhaiducek in #145
• Add a launch.json file for local development by @mprahl in #146
• Sync CRDs by @dhaiducek in #147
• Add the missing subresources section for the v1beta1 CRD by @mprahl in #148
• ✨ Support customizing install Namespace by @yiraeChristineKim in #149
• Update the addon-framework kind of to 0.9.2 by @mprahl in #150
• Sync the ConfigurationPolicy CRD to include recordDiff InStatus by @mprahl in #151
• Bump image to UBI9 by @dhaiducek in #152
• Update Go packages by @dhaiducek in #155
• Upgrade addon-framework to 0.9.3 by @xuezhaojun in #154
• Sync Config/Operator CRDs by @dhaiducek in #156
• Add the hosted mode permissions for OperatorPolicy by @mprahl in #157
• Upgrade addon-framework to fix a mca condition error. by @xuezhaojun in #158
• Sync OperatorPolicy CRD complianceConfig field by @dhaiducek in #159
• Sync ConfigPolicy CRD descriptions by @dhaiducek in #160
• Sync OperatorPolicy CRD by @JustinKuli in #162
• Sync the ConfigurationPolicy CRD by @mprahl in #164

New Contributors

• @xuezhaojun made their first contribution in #154

Full Changelog: v0.13.0...v0.14.0

v0.13.0

governance-policy-addon-controller v0.13.0

• The released image is quay.io/open-cluster-management/governance-policy-addon-controller:v0.13.0

What's Changed

• Enable concurrency reconcile, QPS, and burst configurations by @zyjjay in #107
• Allow configuring to emit error logs only by @JustinKuli in #108
• Update packages by @dhaiducek in #109
• Use the service account for instrumented E2E tests by @mprahl in #111
• Upgrade otelgrpc by @dhaiducek in #112
• Update framework permissions on listing secrets by @zyjjay in #113
• Sync common Makefile by @dhaiducek in #115
• Update ConfigurationPolicy CRD by @dhaiducek in #114
• Use the correct kubeconfig for hosted mode tests by @mprahl in #116
• Bump addon framework by @dhaiducek in #110
• Update the addon-framework to fix uninstalls by @mprahl in #118
• Sync common Makefile by @dhaiducek in #120
• Update the addon-framework to fix hosted mode predelete hook leaks by @mprahl in #121
• Add recordDiff to ConfigPolicy by @dhaiducek in #122
• Add CRD and enable OperatorPolicy by @JustinKuli in #123
• Update to Go v1.21 by @dhaiducek in #124
• Synchronize OperatorPolicy CRD by @JustinKuli in #125
• Sync common Makefile by @dhaiducek in #126
• Sync common Makefile and Dependabot by @dhaiducek in #127
• Bump the github-actions group with 2 updates by @dependabot in #128
• Add support for the compliance history API by @mprahl in #129
• Sync common makefile by @dhaiducek in #131
• Create a real service account for auth with the compliance history API by @mprahl in #133
• Set OperatorPolicy default namespace option by @JustinKuli in #130
• Bump Helm by @dhaiducek in #134
• Fix CRD sync by @dhaiducek in #135
• Address Helm CVE by @dhaiducek in #136
• Simplify actions; Upgrade controller-gen by @dhaiducek in #132
• Fix field name of default operator namespace by @JustinKuli in #137
• Replace unmaintained release action by @dhaiducek in #138
• Add missing clustermanagementaddons/status patch permissions by @mprahl in #139
• Fix OCM label check by @dhaiducek in #140
• Address CVE-2024-24786 by @dhaiducek in #141
• Fix the addon controller on non-OCP clusters by @mprahl in #143

New Contributors

• @zyjjay made their first contribution in #107
• @dependabot made their first contribution in #128

Full Changelog: v0.12.0...v0.13.0

v0.12.0

governance-policy-addon-controller v0.12.0

• The released image is quay.io/open-cluster-management/governance-policy-addon-controller:v0.12.0

What's Changed

• Add deletecollection permissions for policies by @dhaiducek in #85
• Disable framework pre-delete hook on self-managed hub by @dhaiducek in #86
• Use the ocm repo instead of the registration-operator by @mprahl in #87
• Explicitly enable CGO by @mprahl in #90
• Adjust permissions by @dhaiducek in #91
• Allow TLS 1.2 connections for compatibility with older OpenShift versions by @mprahl in #92
• Use ManagedCluster metadata for k8s distro type by @JustinKuli in #93
• Update client-go to v0.26.4 by @mprahl in #95
• Sync ConfigurationPolicy CRD by @JustinKuli in #96
• Bug: delete all policies when management + hub hosted mode by @yiraeChristineKim in #94
• Set the uninstallation annotation in the chart by @JustinKuli in #97
• Fix flaky Kind test minimum issue by @yiraeChristineKim in #99
• Add support for explicitly enabling the spec sync controller by @mprahl in #100
• Use the controller's namespace for ServiceMonitor definitions by @mprahl in #101
• Bump ManagedClusterAddon removal timeout by @dhaiducek in #102
• Create the cluster namespace when a hub is imported by a global hub by @mprahl in #104
• Manage the addon namespace for OpenShift monitoring configuration by @mprahl in #103
• Make the ManifestWork check more specific by @mprahl in #106

Full Changelog: v0.11.0...v0.12.0

v0.11.0

governance-policy-addon-controller v0.11.0

• The released image is quay.io/open-cluster-management/governance-policy-addon-controller:v0.11.0

What's Changed

• Add CRD list permission for framework by @willkutler in #62
• Use the proper tags when deploying the controller locally by @mprahl in #63
• kustomize version to v5.0.0 by @yiraeChristineKim in #64
• Use org/branch fallbacks for sync script by @dhaiducek in #65
• Double the framework-addon's default resources by @JustinKuli in #66
• Add Gatekeeper permissions to framework by @dhaiducek in #67
• Add the permission to view the Gatekeeper webhooks by @mprahl in #69
• Fix empty kind version check by @dhaiducek in #68
• Use a unique ClusterRoleBinding name to account for hosted mode by @mprahl in #70
• 3329 framework addon cleanup by @JustinKuli in #71
• Disable Gatekeeper syncing in hosted mode by @dhaiducek in #72
• Add client QPS and Burst customization to cfg-pol by @JustinKuli in #74
• Forbid leader election on older Kubernetes clusters by @dhaiducek in #73
• Stop incorrectly managing the Policy CRD on the hub cluster by @JustinKuli in #76
• Add IsOldKubernetes function by @dhaiducek in #77
• Add gosec check and bump version by @dhaiducek in #78
• Set seccomp profile for cfg-policy by @JustinKuli in #79
• 4917 policy crd management attempt 2 by @JustinKuli in #80
• Rename the framework's ClusterRoleBinding by @JustinKuli in #82
• Sec context updates by @JustinKuli in #83
• Enhance crd-sync to add labels and annotations by @JustinKuli in #81

New Contributors

• @yiraeChristineKim made their first contribution in #64

Full Changelog: v0.10.0...v0.11.0

v0.10.0

governance-policy-addon-controller v0.10.0

• The released image is quay.io/open-cluster-management/governance-policy-addon-controller:v0.10.0

What's Changed

• Update CRD specs by @JustinKuli in #28
• add pending to compliance enum by @willkutler in #30
• Disable leader election when the replicas are set to 1 by @mprahl in #32
• Sync the crd changes to the addon by @gparvin in #33
• Add support for AddOnDeploymentConfig placement configurations by @mprahl in #34
• Set "oldest" tag in Makefile by @dhaiducek in #35
• Addon enhancements for Hosted mode by @ckandag in #37
• Sync policy CRD by @JustinKuli in #38
• Update monitoring role for config policy by @gparvin in #40
• ACM-2290 Update annotation for typo fix by @dhaiducek in #39
• Upgrade failed with missing permissions by @gparvin in #42
• ACM-2366: Hosted instances cannot share the ServiceMonitor by @gparvin in #43
• Add Prometheus monitoring to the policy framework by @JustinKuli in #41
• Reduce permissions required by service monitor by @gparvin in #44
• Address the flaky nodeSelector test by @mprahl in #45
• Grant the policy framework kube-rbac-proxy access by @mprahl in #46
• Set default container for kubectl by @dhaiducek in #47
• Grant the hosted mode service account read access to CRDs by @mprahl in #48
• Use enum for dependency compliance by @willkutler in #49
• Sync enum order/formatting by @dhaiducek in #50
• Update CRDs by @dhaiducek in #51
• Allow multiple managed clusters in hosted mode in local environment by @mprahl in #54
• Update config policy CRD with new object-templates-raw field by @willkutler in #55
• Grant the hosted mode SA access to manage the the deployment by @mprahl in #56
• Fix the CRD read permissions on hosted config-policy-controllers by @mprahl in #57
• Sync copyPolicyMetadata to CRD by @dhaiducek in #58
• Use a predelete hook to cleanly uninstall the config-policy-controller by @mprahl in #60
• Update config policy CRD with template field by @willkutler in #61

New Contributors

• @ckandag made their first contribution in #37

Full Changelog: v0.9.0...v0.10.0

v0.9.0

governance-policy-addon-controller v0.9.0

• See the CHANGELOG for more details.
• The released image is quay.io/open-cluster-management/governance-policy-addon-controller:v0.9.0

v0.8.0

governance-policy-addon-controller v0.8.0

• See the CHANGELOG for more details.
• The released image is quay.io/open-cluster-management/governance-policy-addon-controller:v0.8.0