Sertaç Özercan
Sertaç Özercan
Allow images with valid image signature via notary v2 or sigstore/cosign Mutate image tag to use sha
@Anil-kattoju validation is work in progress for both. Cosign: https://github.com/sigstore/cosign/issues/655 Ratify/Notary v2: https://github.com/deislabs/ratify External data only work for validation right now. We'll be adding mutation support next for scenarios like...
can we add e2e tests and documentation?
seeing this in the logs (there's no `ExpansionTemplate.mutations.gatekeeper.sh`) `{"level":"error","ts":1660088328.3324754,"logger":"controller-runtime.source","msg":"if kind is a CRD, it should be installed before calling Start","kind":"ExpansionTemplate.mutations.gatekeeper.sh","error":"no matches for kind \"ExpansionTemplate\" in version \"mutations.gatekeeper.sh/v1alpha1\"","stacktrace":"sigs.k8s.io/controller-runtime/pkg/source.(*Kind).Start.func1.1\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/sigs.k8s.io/controller-runtime/pkg/source/source.go:139\nk8s.io/apimachinery/pkg/util/wait.runConditionWithCrashProtectionWithContext\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:233\nk8s.io/apimachinery/pkg/util/wait.WaitForWithContext\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:660\nk8s.io/apimachinery/pkg/util/wait.poll\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:594\nk8s.io/apimachinery/pkg/util/wait.PollImmediateUntilWithContext\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/k8s.io/apimachinery/pkg/util/wait/wait.go:545\nsigs.k8s.io/controller-runtime/pkg/source.(*Kind).Start.func1\n\t/go/src/github.com/open-policy-agent/gatekeeper/vendor/sigs.k8s.io/controller-runtime/pkg/source/source.go:132"}`
@davis-haba I think we talked about default `warn` enforcement action for MVP before. what are we defaulting here?
@davis-haba looks like there's a merge conflict now
waiting for @ritazh's review
@bj-1795 is this a new install or an upgrade?
@francRang Thanks for the PR! Helm chart is auto-generated in Gatekeeper, and these changes will get clobbered when we do a new release. Please see contributing changes for modifying the...
@francRang static components (like helm hooks) are available in https://github.com/open-policy-agent/gatekeeper/tree/master/cmd/build/helmify/static/templates