kubewarden-controller icon indicating copy to clipboard operation
kubewarden-controller copied to clipboard

Published 20 hours ago verified publisher icon kubewarden

Feature Request: allow policy enforcement mode to be configurable with a selector

Open flavio opened this issue 11 months ago • 0 comments

Is your feature request related to a problem?

As an operator, I'm managing a large kubernetes cluster that is shared by different teams. Each team has a series of Namespace associated.

As an operator, I want to rollout the same set of policies across all the Namespaces. I want to go tenant-by-tenant, and start by having these policies in monitor mode. Once the tenant has fixed all his issues, the policies will be switched to protect mode.

Currently, the only way to achieve that is by having the same set of policies deployed into multiple namespaces, with different enforcement modes. This leads to a lot of duplication (in terms of yaml).

Solution you'd like

It would be nice to deploy a ClusterAdmissionPolicy and be able to say something like: by default this policy operates in protect mode, except for the namespaces that match the selector tenant=foo

Alternatives you've considered

No response

Anything else?

No response

flavio avatar Feb 29 '24 13:02 flavio