gatekeeper
gatekeeper copied to clipboard
🐊 Gatekeeper - Policy Controller for Kubernetes
**Describe the solution you'd like** Hello, I've been looking through the gatekeeper library, which demonstrate the power of gatekeeper at enforcing rules for individual resources. But from what I've seen...
Use case: I am using a tool like [flux](https://fluxcd.io/) or [argo](https://argoproj.github.io/argo-cd/) to manage deployments into a Kubernetes cluster. The Gatekeeper system is in one Helm deployment and the Gatekeeper constraints...
In the Helm chart, labels are hard to maintain because they are repeated everywhere and do not use [helm best practices](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). This enhancement would do the following: 1. Create a...
All throughout the Helm chart, the label for `chart` is using `gatekeeper.name` rather than `gatekeeper.chart`. This prevents can cause problems on selection during a rolling upgrade when a new chart...
**What steps did you take and what happened:** [A clear and concise description of what the bug is.] First of all, we decided to use OPA Gatekeeper in our company....
**What steps did you take and what happened:** Applying the [`K8sRequiredLabels`](https://github.com/open-policy-agent/gatekeeper/blob/ed4e2827cf4b1bac09041574a622e6cd7e0f9c03/example/templates/k8srequiredlabels_template.yaml) ConstraintTemplate in the Gatekeeper repo results in an error due to an incomplete schema in the generated CRD: >...
**Describe the solution you'd like** Currently Gatekeeper logs a lot of unnecessary information under log level `INFO`, e.g. it dumps constraint updates every 60s https://github.com/open-policy-agent/gatekeeper/blob/release-3.5/pkg/audit/manager.go#L679 It would be good to...
**Dynamic values for mutations** As far as I can see, the current implementation just picks up the assign value in Assign resource as is and places into the location specified...
**What steps did you take and what happened:** Observed kube audit logs show ~40 requests per API group+version over 20min intervals. **What did you expect to happen:** Given that my...
**What steps did you take and what happened:** User Pod Security Policy to set non-root user using `MustRunAsNonRoot` mutates a pod spec to include `runAsNonRoot: true`, unless `runAsNonRoot` or `runAsUser`...