kube-mgmt icon indicating copy to clipboard operation
kube-mgmt copied to clipboard

Published 20 hours ago verified publisher icon open-policy-agent

Remove need for --replicate flags

Open tsandall opened this issue 6 years ago • 4 comments

The policies should be analyzed to determine which Kubernetes resources to replicate into OPA.

For example, given a policy like:

package kubernetes.admission

import data.kubernetes.resources.namespaces
import data.kubernetes.resources.pods

deny[msg] { ... }

We could establish a convention that Kubernetes data is inserted at a specific path (e.g., kubernetes.resources.) Then the policies could be analyzed to determine which resource kinds are required.

tsandall avatar Mar 09 '18 23:03 tsandall

This will be very cool. Any updates on this?

sandeepbhojwani avatar Oct 12 '18 20:10 sandeepbhojwani

There hasn't been any work done on this to date. We'll keep it mind as we prioritize things for the next few months.

tsandall avatar Oct 12 '18 20:10 tsandall

Do we still need this feature? Does gatekeeper support this already? @tsandall

shasti86 avatar Aug 24 '20 17:08 shasti86

@shasti86 it's not implemented in gatekeeper AFAIK. It would be nice to have however it's not a priority.

tsandall avatar Aug 24 '20 18:08 tsandall