Max Smythe

I'm a maintainer, so I don't want to give too much weight to my personal opinion. I did find this AWS blog post comparing Gatekeeper and Pod Security Policy: https://aws.amazon.com/blogs/containers/using-gatekeeper-as-a-drop-in-pod-security-policy-replacement-in-amazon-eks/...

PSP's use of RBAC was one of the issues people had with it. There were actually two ways to satisfy the RBAC for PSPs... either via the requesting user, or...

Currently Gatekeeper would reject the pod. Such a state would show up as increased rejections via the Prometheus metrics or as an audit violation if a Pod creation were to...

+1, there is likely some happy medium between designing the infrastructure around the feature-set and vice versa. Namespaces are a pretty natural permissions boundary, but they don't necessarily work for...

Hi, thanks for the contribution! I have a couple of questions: 1) What is the difficulty with creating a PR? Is there anything we can do help with that? It's...

Closing, please re-open if there is more follow up.

Ah, WRT the PR, for GitHub what you do is fork the Gatekeeper repository, then push your PR to a branch on your personal fork, then the shell will print...

Sorry that broke your kpt pipeline :/ It should be possible to add metadata.name values to the Suites. @willbeason any reason this isn't the case?

Would we not benefit from suite names? For instance, for writing human-readable output in the case where we having multiple suites? FWIW breaking kpt is a fairly large issue, since...

We could just add `name` to the library suite yamls, but there is some value in making sure it's a universal standard.