Max Smythe

It looks like "warn" was introduced in k8s 1.19, so it should be sending a warning: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#response @ritazh Do you know how the warning is supposed to appear in kubectl?...

The audit violation is being thrown against the v1beta1 version of Ingress: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#ingressbackend-v1beta1-networking-k8s-io The `v1` version of ingress (which is what you're kubectl-applying) doesn't have a field called `servicePort` (aside:...

Correct. Kubernetes generally doesn't care which representation version was used to create an object, beyond the fact that different versions may have different defaults for certain fields. Here is the...

Do you have a use case that is blocked by not having more sophisticated condition checking?

Thank you! That seems like an interesting use case, though the Kubernetes docs do [warn against it]:(https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#use-caution-when-authoring-and-installing-mutating-webhooks) > * Users may be confused when the objects they try to create...

@rblaine95 Could you do this with a labelselector? Or are there enough node roles that this doesn't scale? for example: ```yaml apiVersion: mutations.gatekeeper.sh/v1alpha1 kind: AssignMetadata metadata: name: demo-annotation-owner spec: match:...

It does, I was hoping to merge Davis's PR first to avoid the need to resolve a merge conflict on that PR

@julianKatz ready to merge after merge conflicts are resolved.

Thanks for the PR! Is the kustomize command including any constraints? It should only be referencing the library's constraint templates

It would be possible to do this with external data: https://open-policy-agent.github.io/gatekeeper/website/docs/externaldata#external-data-for-gatekeeper-mutating-webhook At that point, you'd be writing a webhook anyway, so hopefully you'd get some other value from using Gatekeeper,...