gatekeeper

gatekeeper copied to clipboard

User Scoped Mutations

2

Is it currently possible to scope mutations by username? Example: A mutation that adds a certain label to a pod if it was created by a certain user or list...

ldbecker-zz

Gatekeeper policy not working and getting error

7

**What steps did you take and what happened:** Hey Team Trying out to create runAsNonRoot PSP policy for Kubernetes cluster but policies are not getting applied. Please find manifest files...

om3171991

Question : Is it possible to use validate a container image contains a specific label?

9

I would like to OPA to allow only container images with certain labels (https://docs.docker.com/config/labels-custom-metadata/) such as "verified" to run on Kubernetes cluster. Does gatekeeper support this? Is there an example...

rubans

Optimize audit to list resources with namespaces if its defined by constraints

2

**Describe the solution you'd like** Today, we list resources in all namespaces when we audit: https://github.com/open-policy-agent/gatekeeper/blob/v3.6.0-beta.2/pkg/audit/manager.go#L359 Let's say a user is only interested in secrets in a particular namespace ("default")....

sozercan

templates deployed with chart not ready before constraints are delivered

5

**What steps did you take and what happened:** we currently split up deployment of gatekeeper in 3 charts, one after another: 1. operator 2. artifacts (includes `config.gatekeeper.sh/v1alpha1` and constraint templates)...

Morriz

Multiple locations under match

2

**Describe the solution you'd like** [A clear and concise description of what you want to happen.] Is it not possible to have multiple locations under same mutation object? Or maybe...

aliokaitis

Change Timezone

1

**What steps did you take and what happened:** [A clear and concise description of what the bug is.] Hello, Gatekeeper! I'm trying to change time zone setting, but does not...

futureCreator

Mutation `pathTest` condition doesn't work as expected

2

I use the following mutation to set an environment variable for a new pod if `imagePullPolicy` is not specified: ``` apiVersion: mutations.gatekeeper.sh/v1alpha1 kind: AssignMetadata metadata: name: add-custom-label spec: match: scope:...

emerdan

Sharing functions between constraint templates

5

Is there some way to share some basic functions between constraintTemplates? e.g a method to get nested field or even simple checks to identify the kind of a resource?

hamza3202

[Helm] Add labels to all k8s resources generated by helm

4

It should be possible to add labels to all k8s resources generated by helm chart. The user should atleast be able to specify one set of labels that should be...

hamza3202