Sertaç Özercan
Sertaç Özercan
@ctrought can you provide some examples of policies that would apply to OpenShift (but not general Kubernetes)?
I think we need a similar way to scope processes as we do in [config resource ](https://open-policy-agent.github.io/gatekeeper/website/docs/exempt-namespaces#exempting-namespaces-from-gatekeeper-using-config-resource) ``` - excludedNamespaces: ["kube-*", "my-namespace"] processes: ["webhook", "audit"] # this doesn't exist yet...
Should we create separate sections for validation and mutation?
Sounds good. I think we already have a potential design of this as part of config exclusion doc: https://docs.google.com/document/d/1yHuXFs_HQL5N9yT9QVi6AMyflWPtZS4Pg-uXczdqgZ8/edit
This is documented in https://github.com/open-policy-agent/frameworks/tree/master/constraint#rule-schema but it's a very obscure location. This should be reflected in Gatekeeper docs too.
@nilekhc looks like generate is failing
can we replace Qualys (since it doesn't exist) with `Other providers` or something?
https://github.com/hashicorp/terraform/pull/14426
I can't repro this, looks like the original YAML has a pod template spec instead of pod spec (`input.review.object.spec.template.spec.nodeSelector`) but apply to pod in constraint