We’re excited to announce the release of Kubewarden v1.19! This release brings a host of improvements focused on minor bug fixes, adding tests, and developer tech debt improvements.

Bug Fixes and Dependency Updates

As always, we’ve addressed bugs and updated dependencies to ensure a smooth and reliable experience. Notably, we’ve updated the dependencies for our major components. These updates contribute to the overall stability and security of the Kubewarden stack.

Fix to Policy-Server CI and SBOM file generation

In our previous release, v1.18, we achieved SLSA Lvl 3 compliance, a significant milestone in our commitment to supply chain security. However, we identified an issue where the SBOM (Software Bill of Materials) files for the policy server were being generated empty. This has been fixed in v1.19, ensuring accurate and complete SBOM generation.

Beyond that, we also changed our CI to allow Kubewarden users to use the slsactl CLI tool to verify the container images. This tool can find and verify both SBOM and provenance files attached to the container images. However, it was failing to verify the policy-server container image due to the unexpected subject generated by the Github workflows. This is now fixed, and users can use slsactl to verify all our container images. Let’s take a look at an example of how to do this. To verify the Kubewarden policy-server container image, the following command can be used:

slsactl verify ghcr.io/kubewarden/policy-server:v1.19.0

slsactl also allows users to download the files from the container image:

slsactl download provenance ghcr.io/kubewarden/policy-server:v1.19.0
slsactl download sbom ghcr.io/kubewarden/policy-server:v1.19.0

All the above commands can be used to verify the Kubewarden controller and audit scanner container images.

Removal of Old Post-Install Helm Chart Hooks

We’ve cleaned up some legacy code by removing old post-install Helm chart hooks that were necessary for older releases. This streamlines the installation process and reduces potential compatibility issues.

⚠️ IMPORTANT⚠️ If you are upgrading from a version older than v1.19, please ensure that you follow the upgrade instructions in the Kubewarden upgrade path. Notably, you should update without jumping minor versions."

Updated OpenTelemetry CRDs to Beta v1

We’ve updated the OpenTelemetry Custom Resource Definitions (CRDs) from alpha v1 to beta v1. This reflects the maturity of the OpenTelemetry project and ensures better compatibility with the latest versions of the OpenTelemetry Operator. Please note that the minimum required version of the OpenTelemetry Operator Helm chart is now 0.65.0.

Community shout out!

We also want to shout out to Anton Gilgur for the several improvements in our documentation and policies repositories. He has added missing information and fixed out-of-date information. Thanks, Anton!

Getting in touch

As always, we welcome your feedback and contributions. Feel free to reach out to us on Slack and GitHub discussions.