open-policy-agent
Mutate pod spec with its namespace in dnsConfig.searches
I have a use case where I would like to mutate a pod spec with dnsConfig and dnsPolicy with following during creation or update when:
- It is not present on the pod spec (could be a part of deployment or statefulset).
- Or, it is set to something else on the pod spec.
dnsPolicy: "None"
dnsConfig:
nameservers:
- 192.0.2.1
searches:
- <namespace>.svc.cluster-domain.example
- svc.cluster-domain.example
- cluster-domain.example
options:
- name: ndots
value: "1"
I was able to achieve the following with current support provided by Assign and ModifySet as explained here.
dnsPolicy: "None"
dnsConfig:
nameservers:
- 192.0.2.1
searches:
- svc.cluster-domain.example
- cluster-domain.example
options:
- name: ndots
value: "1"
But I am unable to mutate <namespace>.svc.cluster.local , here is <namespace> would be pod's namespace on which mutation is going to be applied.
I was trying to search through the documentation and came to know that fetching namespace metadata dynamically is not possible with the existing support on Assign or ModifySet objects. Is there any other alternate I can use to implement this?
@prabhatsingh014 Curretnly this is not a usecase supported by GK mutations. However you should be able to satisfy this use case with MAP. We are currently tracking all MAP support and different mutations usecases here - https://github.com/open-policy-agent/gatekeeper/issues/3477. Feel free to upvote or leave any comments/feedback on there.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}