gatekeeper
gatekeeper copied to clipboard
open-policy-agent
🐊 Gatekeeper - Policy Controller for Kubernetes
**What this PR does / why we need it**: Add support for image digest for all used images. **Which issue(s) this PR fixes** *(optional, using `fixes #(, fixes #, ...)`...
During the refactoring of the Constraint Framework, the violating resource was removed from the pkg/types.Result struct. As this struct was returned in the public interface of Gatekeeper's pkg/gator/test.Test() function, consumers...
I have a need to inject a value into a configmap (which is mounted as a file into pods) as it is created and I'm attempting to use gatekeeper mutation...
**Describe the solution you'd like** The Gator command should be extended to make it easier to profile, debug, write, and trace constraint templates. Including the ability to see the expected...
**What this PR does / why we need it**: This PR implements the "gator expand" CLI command, and adds expansion functionality to audit and the validation webhook. Design Doc: https://docs.google.com/document/d/1wsTnP0IYNcwVxy7XVs8WRv4WUhJZPJl_RdVZaGd5LNc/edit...
**Describe the solution you'd like** Looks like gator Suites don't have a field for specifying parameters to pass to the template: https://github.com/open-policy-agent/gatekeeper/blob/8393e15b909cafe95dd745edfd8c6842cd64baee/pkg/gator/suite.go#L37-L54 The way this is worked around currently is...
Right now if something goes wrong when compiling ConstraintTemplates, users get an opaque `The request is invalid`. This doesn't help with debugging or give anything to go on. While users...
**Describe the solution you'd like** I would like to be able to control the audit functionality at the the constraint level. Currently, the settings described [here](https://open-policy-agent.github.io/gatekeeper/website/docs/audit/#configuring-audit) are system-wide settings. In...
I'm using basic example of gatekeeper policy and I'm trying to deploy them with flux My template: ``` apiVersion: templates.gatekeeper.sh/v1 kind: ConstraintTemplate metadata: name: k8srequiredlabels spec: crd: spec: names: kind:...
This issue is based on the conversation in Slack: https://openpolicyagent.slack.com/archives/CDTN970AX/p1628080547007600 Let's assume that I'm a Kubernetes Administrator and I want to enforce some organizational policies across Kubernetes environments. But before...
Metadata
Owner
Metadata
🐊 Gatekeeper - Policy Controller for Kubernetes