Bump Kyverno to v1.10.3

.github/workflows/release.yml

@@ -18,6 +18,6 @@ jobs:
       registry-server: ghcr.io
       registry-username: ${{ github.actor }}
       image: ${{ github.repository }}
-      version: 1.9.2+kadras.1
+      version: 1.10.3
     secrets:
       pull-request-token: ${{ secrets.GH_ORG_PAT }}

.github/workflows/test.yml

@@ -14,7 +14,7 @@ jobs:
     name: Integration Tests
     strategy:
       matrix:
-        k8s_version: [v1.24, v1.25, v1.26]
+        k8s_version: [v1.25, v1.26, v1.27]
     permissions:
       contents: read
     uses: kadras-io/github-reusable-workflows/.github/workflows/carvel-package-test-integration.yml@main

Makefile

@@ -1,4 +1,4 @@
-K8S_VERSION=v1.26
+K8S_VERSION=v1.27
 
 # Build package configuration
 build: package
@@ -26,6 +26,10 @@ ytt:
 schema:
 	ytt -f package/config/values-schema.yml --data-values-schema-inspect -o openapi-v3 > schema-openapi.yml
 
+# Use kbld to resolve the OCI images referenced within the manifests
+kbld:
+	rm -f package/.imgpkg/images.yml && mkdir -p package/.imgpkg && kbld --file package/config --imgpkg-lock-output package/.imgpkg/images.yml 1>> /dev/null
+
 # Check the ytt-annotated Kubernetes configuration and its validation
 test-config:
 	ytt -f package/config | kubeconform -ignore-missing-schemas -summary

README.md

@@ -2,7 +2,7 @@
 
 ![Test Workflow](https://github.com/kadras-io/package-for-kyverno/actions/workflows/test.yml/badge.svg)
 ![Release Workflow](https://github.com/kadras-io/package-for-kyverno/actions/workflows/release.yml/badge.svg)
-[![The SLSA Level 3 badge](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev/spec/v0.1/levels)
+[![The SLSA Level 3 badge](https://slsa.dev/images/gh-badge-level3.svg)](https://slsa.dev/spec/v1.0/levels)
 [![The Apache 2.0 license badge](https://img.shields.io/badge/License-Apache_2.0-blue.svg)](https://opensource.org/licenses/Apache-2.0)
 [![Follow us on Twitter](https://img.shields.io/static/v1?label=Twitter&message=Follow&color=1DA1F2)](https://twitter.com/kadrasIO)
 
@@ -12,7 +12,7 @@ A Carvel package for [Kyverno](https://kyverno.io), a policy engine designed for
 
 ### Prerequisites
 
-* Kubernetes 1.24+
+* Kubernetes 1.25+
 * Carvel [`kctrl`](https://carvel.dev/kapp-controller/docs/latest/install/#installing-kapp-controller-cli-kctrl) CLI.
 * Carvel [kapp-controller](https://carvel.dev/kapp-controller) deployed in your Kubernetes cluster. You can install it with Carvel [`kapp`](https://carvel.dev/kapp/docs/latest/install) (recommended choice) or `kubectl`.
 
@@ -26,10 +26,9 @@ A Carvel package for [Kyverno](https://kyverno.io), a policy engine designed for
 Add the Kadras [package repository](https://github.com/kadras-io/kadras-packages) to your Kubernetes cluster:
 
   ```shell
-  kubectl create namespace kadras-packages
   kctrl package repository add -r kadras-packages \
     --url ghcr.io/kadras-io/kadras-packages \
-    -n kadras-packages
+    -n kadras-packages --create-namespace
   ```
 
 <details><summary>Installation without package repository</summary>

package/config/overlays/registry-credentials.yml

@@ -6,9 +6,7 @@
 #! Use cases: private registries or air-gapped scenarios.
 
 #@ image_pull_secret_name = "canonical-registry-credentials"
-#@ image_pull_secret_namespaces = ["tekton-pipelines", "tekton-pipelines-resolvers"]
 
-#@ for namespace in image_pull_secret_namespaces:
 ---
 apiVersion: v1
 kind: Secret
@@ -20,7 +18,6 @@ metadata:
 type: kubernetes.io/dockerconfigjson
 data:
   .dockerconfigjson: e30K
-#@ end
 
 #@overlay/match by=overlay.subset({"kind":"Deployment"}), expects="2+"
 ---