v1.16

Contains release notes of N4K v1.16

The latest version of the 1.16 release of Enterprise Kyverno is v1.16.1-n4k.nirmata.4.

For a complete list of changes, refer to the upstream Changelog.

v1.16.0-n4k.nirmata.5

Introduced namespaced policy types: NamespacedValidatingPolicy, NamespacedImageValidatingPolicy, and NamespacedDeletingPolicy for namespace-scoped policy enforcement.
Added v1beta1 API versions for all CEL policy types (Validating, Mutating, Generating, Deleting, ImageValidating).
Support for fine-grained CEL exceptions, enabling precise and flexible policy exception handling.
Added new support for CEL performance metrics, CLI shell completion, and expanded policy reporting options.

Fixed CLI reporting issues and addressed multiple policy engine edge cases (including resource matching and panic handling).
Resolved reporting and queue handling issues in background scans for new policy types.
Patched bugs with namespace selector matching and improved log clarity.

Enhanced match logic by allowing CEL libraries to be used within matchConditions.
Added compatibility for Kubernetes v1.30–v1.32 podSecurity admission subrules.
Helm chart improvements, including CRDs and templating refinements.

Fixed nil namespace initialization for cluster-wide param resources to avoid unexpected issues.
Fixed registration of HTTP request types to prevent unintended behavior.
Enhanced namespace matching including wildcards and namespaceSelector handling.
Various controller and admission fixes (duplicate error handling, cleanup logic, and MatchConstraints handling).
Fixed issue to ensure GVK (GroupVersionKind) information is set when recording metrics.
Fixed missing execution of metrics for some controllers.

Added support to generate and copy CRDs to CLI for NamespacedValidatingPolicy and NamespacedDeletingPolicy.