Max Smythe

Gatekeeper doesn't currently use OPA bundles for anything. What are you looking to use bundles for?

One option would be to cache the set of valid teams on the API server. Writing a script that keeps a constraint up-to-date is a great approach, IMO. You would...

That makes sense, I think you can avoid the overhead by creating the dedicated `Team` CRD above, but that's only if the benefit's worth the cost. You could also put...

Nice! Yeah, it's probably worth having a section that mentions other projects that integrate. We don't want to embed external projects too deeply into the docs b/c we'd risk things...

We could also then tag certain log lines with "alpha" or similar to indicate that these log lines are meant to be machine-readable, but are still in development.

This may be complicated by us not knowing where the library will actually live in the long term. Moving them out of this Repo would be harder if we rely...

My concern is flakiness. Currently we are running into timeouts b/c presumably the VM Travis CI provides has low enough resources that it takes a while for initialization to happen....

That's a good question and one we've started working on answering! The draft design for building a constraint template build/test workflow is here: https://docs.google.com/document/d/1uQlkIBQcgNNyth8o9ufYaVSfUq_JLJGy9fcuW3VB7vU/edit Definitely interested in feedback and help...

Is there an error on the `status` field of the mutator? Do you have multiple mutators modifying volume mounts? If so, you can only use one field as the key...

Can you confirm that your situation is accurately described by my questions on March 1st?