Mac Chaffee
Mac Chaffee
In the original issue for creating reports (#4), it mentions that one of the intended use-cases is to have the report visible in Jenkins. That issue was filed in 2015,...
**NGINX Ingress controller version** 4.0.1 **Kubernetes version** 1.21 **Environment**: Baremetal, helm, with the following relevant values: ``` enable-modsecurity: "true" enable-owasp-modsecurity-crs: "true" modsecurity-snippet: | SecRuleEngine On ``` Also using cert-manager for...
As discovered in #642 , if you are using AUTH_LDAP_GROUP_SEARCH, you also need to specify AUTH_LDAP_GROUP_TYPE (since different LDAP providers have different ways of representing groups). However, AUTH_LDAP_GROUP_TYPE needs to...
This question is in relation to some troubles the downstream ingress-nginx project has with modsecurity: https://github.com/kubernetes/ingress-nginx/issues/8388 When conflicting modsecurity rules/settings are loaded, how is that conflict resolved? Is it always...
If you place peppermint behind some kind of loadbalancer or proxy where the BASE_URL might not be reachable from within the container, logins will fail with an error like this:...
**Describe the solution you'd like** Looks like gator Suites don't have a field for specifying parameters to pass to the template: https://github.com/open-policy-agent/gatekeeper/blob/8393e15b909cafe95dd745edfd8c6842cd64baee/pkg/gator/suite.go#L37-L54 The way this is worked around currently is...
In Kubernetes [v1.19](https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.19.md#seccomp-graduates-to-general-availability), seccomp graduated to GA which meant the seccomp annotations (`seccomp.security.alpha.kubernetes.io/pod: runtime/default`) were deprecated: ``` W0514 13:03:16.997735 41392 warnings.go:70] spec.template.metadata.annotations[container.seccomp.security.alpha.kubernetes.io/manager]: deprecated since v1.19; use the "seccompProfile" field instead...
Could we start doing versioned releases or tracking important changes in a changelog? Since we don't have versioning, I believe we're left with two bad options when it comes to...
Looks like maybe #109 has caused the following error if you install one of those modified constraint templates: ``` Error from server: error when applying patch: {...} to: Resource: "templates.gatekeeper.sh/v1beta1,...
The code is here: https://github.com/open-policy-agent/gatekeeper-library/blob/1da0facae99658accb73c291cb79f497fcddf641/library/general/uniqueingresshost/template.yaml#L21-L23 Looks like this will block ingress with the same host within the same namespace: https://play.openpolicyagent.org/p/7O2UVOvrbN But I think that is a valid use-case. For example,...