Ernest Wong

That's the intended behavior. If you try deploying the PDB with `minAvailable: 3` first, and then your deployment, Gatekeeper should deny the admission of the deployment. In [https://github.com/open-policy-agent/gatekeeper-library/blob/master/library/general/poddisruptionbudget/template.yaml#L46-L56](https://github.com/open-policy-agent/gatekeeper-library/blob/master/library/general/poddisruptionbudget/template.yaml?rgh-link-date=2022-07-08T14%3A44%3A07Z#L46-L56), `input.review.object` is...

> Mixing versioning conventions with 3.7 and 3.7.1 also led me to spend some time ensuring that this wasn't a simple versioning issue https://raw.githubusercontent.com/open-policy-agent/gatekeeper/release-3.7/deploy/gatekeeper.yaml contains the manifest for the latest...

The following rego should work: ```rego package k8sallowedcontainers violation[{"msg": msg}] { container := input.review.object.spec.containers[_] repo := input.parameters.privcontainers[_] startswith(container.name, repo) container.securityContext.runAsUser != 0 msg := sprintf("container is not running as root",...

Can you try the following YAML: ```yaml kind: K8sAllowedcontainers apiVersion: constraints.gatekeeper.sh/v1beta1 metadata: name: repo-is-container spec: match: kinds: - apiGroups: [""] kinds: ["Pod"] parameters: privcontainers: - "nginx" ```

Hi @joyrex2001, https://github.com/Azure/aad-pod-identity/issues/532#issuecomment-651995514 explained why we currently don't support this feature at the moment. However, since we have more and more people onboarding aad-pod-identity, we will seriously consider this feature...

I have never seen this error before but I suspected it's an SDK-related error. aad-pod-identity should work with all of the Azure SDKs that support [Managed Identity](https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/overview). [`DefaultAzureIdentity`](https://docs.microsoft.com/en-us/dotnet/api/azure.identity.defaultazurecredential?view=azure-dotnet) is a...

We are not adding any net new feature or breaking changes to this project as we are working on the next iteration of pod identity. We hope to open-source it...

It's going to be available and open-source soon. We will keep everyone posted in this repository's README.

The only workaround right now is to change the prometheusPort to be something other than 9090. We can look into disabling Prometheus if prometheusPort is empty.

What is your Go version (`go version`)?