gatekeeper

gatekeeper copied to clipboard

Cross-resource comparison

2

**Describe the solution you'd like** Hello, I've been looking through the gatekeeper library, which demonstrate the power of gatekeeper at enforcing rules for individual resources. But from what I've seen...

neilharris123

No automated way to wait on constraint template CRD upgrades before updating constraints

3

Use case: I am using a tool like [flux](https://fluxcd.io/) or [argo](https://argoproj.github.io/argo-cd/) to manage deployments into a Kubernetes cluster. The Gatekeeper system is in one Helm deployment and the Gatekeeper constraints...

Boojapho

Enhance Helm chart labels by using helper scripts and standard keys

1

In the Helm chart, labels are hard to maintain because they are repeated everywhere and do not use [helm best practices](https://helm.sh/docs/chart_best_practices/labels/#standard-labels). This enhancement would do the following: 1. Create a...

Boojapho

Helm chart label for `chart` not using chart name

1

All throughout the Helm chart, the label for `chart` is using `gatekeeper.name` rather than `gatekeeper.chart`. This prevents can cause problems on selection during a rolling upgrade when a new chart...

Boojapho

OPA Gatekeeper brings the cluster to an inoperable state after upgrading/restarting nodes

3

**What steps did you take and what happened:** [A clear and concise description of what the bug is.] First of all, we decided to use OPA Gatekeeper in our company....

developer-guy

Example K8sRequiredLabels ConstraintTemplate no longer valid

8

**What steps did you take and what happened:** Applying the [`K8sRequiredLabels`](https://github.com/open-policy-agent/gatekeeper/blob/ed4e2827cf4b1bac09041574a622e6cd7e0f9c03/example/templates/k8srequiredlabels_template.yaml) ConstraintTemplate in the Gatekeeper repo results in an error due to an incomplete schema in the generated CRD: >...

shomron

Review logged events/log level to reduce noise

6

**Describe the solution you'd like** Currently Gatekeeper logs a lot of unnecessary information under log level `INFO`, e.g. it dumps constraint updates every 60s https://github.com/open-policy-agent/gatekeeper/blob/release-3.5/pkg/audit/manager.go#L679 It would be good to...

svenmueller

Ability to reference obj properties in mutation values

2

**Dynamic values for mutations** As far as I can see, the current implementation just picks up the assign value in Assign resource as is and places into the location specified...

mhumpula

kube audit logs show bursty discovery request pattern

8

**What steps did you take and what happened:** Observed kube audit logs show ~40 requests per API group+version over 20min intervals. **What did you expect to happen:** Given that my...

jdef

mutation pathTests for non-prefix locations

5

**What steps did you take and what happened:** User Pod Security Policy to set non-root user using `MustRunAsNonRoot` mutates a pod spec to include `runAsNonRoot: true`, unless `runAsNonRoot` or `runAsUser`...

sozercan