gatekeeper
gatekeeper copied to clipboard
open-policy-agent
CRDs selector
Describe the solution you'd like We're running a very complex K8s clusters and we want to have 2 gatekeepers in parallel, managed by 2 different teams. The problem is that both Gatekeepers are looking at each other CRDs (constrains). Is it possible to include CRDs by a label selector or something like that?
Environment: Every K8s environment: AKS, EKS, GKE and on-prem as well.
- Gatekeeper version: latest
- Kubernetes version: (use
kubectl version): 1.28
Currently there is no way to define intent for constraint template or constraint in terms of relating it to particular gatekeeper instance in case of running multiple gatekeeper. It may be better to have only one GK instance and have different teams manage their own policies. Can you share the need of installing 2 gatekeepers in parallel if you can to see if your use case can be satisfied with one global GK or not? Also, what is the problem if gatekeeper is looking at each other CRDs?
Additionally, running multiple gatekeeper instances with audit enabled may consume redendent unnecessary resources while auditing the cluster and put additional stress on api-server.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}