policy-controller icon indicating copy to clipboard operation
policy-controller copied to clipboard

Published 20 hours ago verified publisher icon sigstore

Namespaced image policy

Open Horiodino opened this issue 9 months ago • 6 comments

Summary

CIP is verified against namespace policies. If deployed in the correct namespace, validation passes; otherwise, an error is returned. Namespaces not defined in policies are ignored.

fixes: https://github.com/sigstore/policy-controller/issues/810

Release Note

Documentation

Horiodino avatar Feb 02 '25 12:02 Horiodino

can anyone review this please .

Horiodino avatar Feb 27 '25 16:02 Horiodino

@Horiodino We should discuss on the issue whether this is intended behaviour or not.

hectorj2f avatar Feb 27 '25 16:02 hectorj2f

😅 I noticed the issue was open, so I went ahead and worked on it. I did ask before starting but didn’t receive a response. I’m here for any discussion if there’s a need to revisit this.

Horiodino avatar Feb 27 '25 17:02 Horiodino

I think this would be a great feature to support. My specific need is a I have multiple different teams deploying to the same cluster, it would be great to make sure images sourced from a specific GitHub repository are only deployable to the assigned namespace.

michaelst avatar Mar 02 '25 05:03 michaelst

I think this would be a great feature to support. My specific need is a I have multiple different teams deploying to the same cluster, it would be great to make sure images sourced from a specific GitHub repository are only deployable to the assigned namespace.

Yeah, I agree. It makes sense since certain teams often have access to specific namespaces, and having these restrictions in place adds an extra layer of control.

Horiodino avatar Mar 02 '25 06:03 Horiodino

I also strongly agree with the addition of this feature. It is a necessary feature for clusters used by multiple teams.

0xiso avatar Mar 10 '25 21:03 0xiso