Rita Zhang

icon indicating a website link https://ritazh.com

icon company Microsoft icon location San Francisco icon location Kubernetes SIG Auth co-chair | Kubernetes Security Response Committee | Maintainer of Secrets Store CSI Driver | Maintainer of OPA Gatekeeper

Results 273 comments of Rita Zhang

Deprecate control-plane labels

> Is it safe to remove the control-plane: controller-manager label from the gatekeeper-system namespace currently, if we have already applied the admission.gatekeeper.sh/ignore: no-self-managing label? If you already have the `admission.gatekeeper.sh/ignore:...

Deprecate control-plane labels

Thanks for the update @tspearconquest! I can dig into this a bit later and report back.

How to mock external_data

not stale

Mutation to replace image registry

> One thought would be to allow filtering (or other tests) on the container name, which would be immutable. Would this be a new field or reuse pathTests?

"ENFORCEMENT-ACTION" for Constraints is empty when not specified

@willbeason Thanks for raising this. A long time ago we made the decision to default to `deny` if there's no explicit enforcement action provided in the Constraint request. https://github.com/open-policy-agent/gatekeeper/blob/c6d6b8418ff90a01b34fc5df045b92ef01156412/pkg/util/enforcement_action.go#L50-L51 Do...

Should apparmor always view unconfined as complaint?

Thanks for raising this @fseldow! After looking at the docs, if this annotation is set to unconfined for a specific container, it means that the container will not be subject...

Set up VEX to eliminate false-positives from vulnerability scanning tool results

xref: https://github.com/kubernetes/sig-security/issues/116

Downtime after a caBundle until Secret propagation to pod

+1 on supporting multiple bundles.

add [email protected] to distributors-announce list

@enj PTAL

fix: refactoring to remove pubsub flags to improve experience

> > I'm confused as to how this improves UX. If a customer doesn't specify the flags, won't they get the default values, which is an equivalent effort on the...