v1.15
Contains release notes of N4K v1.15
The latest version of the 1.15 release of Enterprise Kyverno is v1.15.1-n4k.nirmata.1.
For a complete list of changes, refer to the upstream Changelog.
v1.15.1-n4k.nirmata.1
New Policy Types
- MutatingAdmissionPolicy (MPOL) with admission flow integration, background reporting, mutate existing resources, and CLI support
- GeneratingPolicy (GPOL) with admission flow integration, background reporting, generate existing resources, and CLI support
- DeletingPolicy (DPOL) with in-cluster and off-cluster cleanup capabilities via CLI operations
OpenReports Integration (Alpha)
- Switched policy reports to OpenReports implementation
CLI Enhancements
- Multiple output formats (JSON, YAML, Markdown, JUnit) for test command
- Added
--cluster-wide-resourcesflag to apply command - Added
skipColorflag for CLI output - Support for cloning from private repositories in apply command
- Fixed YAML separator support in LoadTest with proper error handling
Changes
- ValidatingAdmissionPolicy generation enabled by default
- Renamed CEL operator
image()toparseImageReference - Removed deprecated CLI APIs
- Improved ValidatingAdmissionPolicy performance
Bug Fixes
- Fixed CVE-2025-47907 security vulnerability
- Fixed JSON logging format issues
- Fixed panic when resolving kinds fails for CEL-based policies
- Fixed GlobalContextEntry refresh interval updates
- Fixed reports controller wildcard resource matching
- Fixed shallow variable escaping during validation
- Updated OpenReports module references
Helm Chart Updates
- Added MutatingAdmissionPolicy and ValidatingAdmissionPolicy CRDs
- Enhanced ServiceMonitor annotations support
- Added PodDisruptionBudget configuration options
- Service account token automount configuration
- Support for Kubernetes 1.31+ traffic distribution
Dependencies
- Bumped Kubernetes dependencies to v1.33
- Updated security and tooling dependencies