gatekeeper

gatekeeper copied to clipboard

gatekeeper continuously updating the constraint templates on openshift cluster

16

**What steps did you take and what happened:** [A clear and concise description of what the bug is.] Deployed gatekeeper release using prebuilt image with following command kubectl apply -f...

goyalv

Add an operation selector to constraints

7

I have these changes more or less ready to go but I was unsure about the best way to integrate with auditing, so I would appreciate any feedback on that....

ribbybibby

Constraints object in log contains empty field after k8s gke upgrade

6

1. Upgraded GKE K8S cluster from v1.19.15 to v1.20.12 2. Noticed logs were not being ingested into logstash due to an Invalid FieldReference on [log][constraints][]. 3. Tracked it down to...

andrewdmcleod

Mutation condition on value of subPath

3

**Describe the solution you'd like** We have an existing custom mutation that we would like to replace with a GateKeeper policy. The mutation adds spec.loadBalancerSourceRanges to a Service but *only*...

craigmunro

Check constraints in parallel when review a request

3

**Describe the solution you'd like** Support check constraints in parallel when review a request, use this way to speed up review when using External Data feature or using `http.send` in...

mozillazg

document exempt-namespace-prefix

1

**Describe the solution you'd like** Looks like we are missing docs for `exempt-namespace-prefix` https://open-policy-agent.github.io/gatekeeper/website/docs/v3.6.x/exempt-namespaces/ ref #1193

sozercan

Document reasoning behind avoiding non-convergent mutation systems.

1

**Describe the solution you'd like** [A clear and concise description of what you want to happen.] **Anything else you would like to add:** [Miscellaneous information that will assist in solving...

maxsmythe

Examples of needing richer features in Assign and AssignMetadata

4

From https://bugzilla.redhat.com/show_bug.cgi?id=2010219 (see for kyverno example using `preconditions`) Currently, it is not possible to truncate "unreasonably" large/short values in a mutation policy. In this way, the mutating webhook only truncates...

thomasmckay

Cleanup: Better metric reporting unit tests

1

The metrics reporting functions are found in a variety of locations as of the creation of this bug: ```shell ❯ find ./pkg -name "stats_reporter.go" ./pkg/controller/mutators/stats_reporter.go ./pkg/controller/constrainttemplate/stats_reporter.go ./pkg/controller/sync/stats_reporter.go ./pkg/controller/constraint/stats_reporter.go ./pkg/audit/stats_reporter.go ./pkg/mutation/stats_reporter.go...

julianKatz

when opting out of mutation, mutation crds should not be created

4

on v3.7.0 I'm using the helm value `disableMutation=true` but still get ``` ["CustomResourceDefinition", "assign.mutations.gatekeeper.sh"], ["CustomResourceDefinition", "assignmetadata.mutations.gatekeeper.sh"], ["CustomResourceDefinition", "modifyset.mutations.gatekeeper.sh"], ["CustomResourceDefinition", "mutatorpodstatuses.status.gatekeeper.sh"], ``` ... I think they should not be generated since...

grosser