Max Smythe

@srenatus it looks like the solution we're going with here is #4709 . You mentioned adopting the change on the next release cycle. Do you know what the timeline for...

Thanks!

Thanks!

Would this function only modify files in-place, or could it redirect the output to a separate directory, leaving the original YAML untouched?

Also, at what granularity could/does this operate? If I point it to a directory tree, will it perform all substitutions in that directory tree? If I'm not modifying the file...

Thanks for the feedback! This sounds like it may be similar to the functionality mentioned in #1348

Thank you for the detailed writeup! One thing I want to highlight: please be careful if you are using mutation in production. It's an alpha feature and may not be...

Not 100% sure what you're looking for here? Can you use the controller-runtime client library? Here is an example of it being used by the constraint template controller: https://github.com/open-policy-agent/gatekeeper/blob/0ff57f637f00bd233e07fe53f8c3fd6587d0876b/pkg/controller/constrainttemplate/constrainttemplate_controller.go#L268-L279

Ah, I'm not sure non-core K8s stuff uses that style of client. If you are really wanting to run inside the cluster, that is essentially a controller, I'd consider following...

I don't think this is currently possible with the PSP constraint templates as currently written. You would need to modify their Rego to check for which containers you specifically want...