gatekeeper
gatekeeper copied to clipboard
open-policy-agent
🐊 Gatekeeper - Policy Controller for Kubernetes
**Describe the solution you'd like** We have a few mutations changing immutable fields, this is particularly the case for Pods. For example: [mutation-mustRunAsNonRoot.yaml](https://github.com/open-policy-agent/gatekeeper-library/blob/fd2b020b7b65adb2cdd16ccd2c8f3d542ef66ddb/mutation/pod-security-policy/users/samples/mutation-mustRunAsNonRoot.yaml) This is preventing Pod deletions if the...
**Describe the solution you'd like** It is currently not possible to limit the application of a Gatekeeper mutator to only instances of a resource that have certain attributes set. A...
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.34.1 to 1.34.2. Release notes Sourced from github.com/onsi/gomega's releases. v1.34.2 1.34.2 Require Go 1.22+ Maintenance bump ginkgo as well [c59c6dc] bump to go 1.22 - remove x/exp...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Getting this error after installation gatekeeper per docs: https://open-policy-agent.github.io/gatekeeper/website/docs/install https://open-policy-agent.github.io/gatekeeper-library/website/validation/uniqueingresshost ``` {"level":"error","ts":1728065179.7270658,"logger":"controller","msg":"error adding template to watch registry","kind":"ConstraintTemplate","process":"constraint_template_controller","name":"k8suniqueingresshost","crdName":"k8suniqueingresshost.constraints.gatekeeper.sh","error":"getting informer for kind: constraints.gatekeeper.sh/v1beta1, Kind=K8sUniqueIngressHost no matches for kind \"K8sUniqueIngressHost\" in version \"constraints.gatekeeper.sh/v1beta1\"","stacktrace":"github.com/open-policy-agent/gatekeeper/v3/pkg/controller/constrainttemplate.(*ReconcileConstraintTemplate).handleUpdate\n\t/go/src/github.com/open-policy-agent/gatekeeper/pkg/controller/constrainttemplate/constrainttemplate_controller.go:476\ngithub.com/open-policy-agent/gatekeeper/v3/pkg/controller/constrainttemplate.(*ReconcileConstraintTemplate).Reconcile\n\t/go/src/github.com/open-policy-agent/gatekeeper/pkg/controller/constrainttemplate/constrainttemplate_controller.go:387\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:114\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:311\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:261\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:222"}...
**Describe the solution you'd like** Similar to how templates can [import a library package](https://github.com/open-policy-agent/gatekeeper-library/blob/master/library/pod-security-policy/apparmor/template.yaml#L136) [defined within the template](https://github.com/open-policy-agent/gatekeeper-library/blob/master/library/pod-security-policy/apparmor/template.yaml#L197), allow the template to import a rego package defined **_outside_** the template....
Bumps [oras.land/oras-go](https://github.com/oras-project/oras-go) from 1.2.5 to 1.2.6. Release notes Sourced from oras.land/oras-go's releases. v1.2.6 [!IMPORTANT] v1.2.6 now requires Go 1.22.4 due to updated dependencies. What's Changed build(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc6...
> TODO(ritazh): default for now until the feature is safe to fail close > TODO(ritazh): default for now until we can safely expose these to users
Bumps [cloud.google.com/go/trace](https://github.com/googleapis/google-cloud-go) from 1.10.11 to 1.10.12. Release notes Sourced from cloud.google.com/go/trace's releases. memcache: v1.10.12 1.10.12 (2024-08-08) Bug Fixes memcache: Update google.golang.org/api to v0.191.0 (5b32644) trace: v1.10.12 1.10.12 (2024-08-08) Bug Fixes...
**What steps did you take and what happened:** With gator a null initContainers combined with securityContext MustNotExist pathTest triggers this error: $ gator expand <
**Describe the solution you'd like** In order for #3308 to take affect, we need to add support for users to set a retry limit when fetching expectations. This involves creating...
Metadata
Owner
Metadata
🐊 Gatekeeper - Policy Controller for Kubernetes