Sertaç Özercan
Sertaç Özercan
Kubernetes recently added built-in [Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) In PSA, restrictions are applied on a namespace level. PSA works fine if the namespace is created as part of the chart. I...
**Describe the solution you'd like** Today, we list resources in all namespaces when we audit: https://github.com/open-policy-agent/gatekeeper/blob/v3.6.0-beta.2/pkg/audit/manager.go#L359 Let's say a user is only interested in secrets in a particular namespace ("default")....
**What steps did you take and what happened:** User Pod Security Policy to set non-root user using `MustRunAsNonRoot` mutates a pod spec to include `runAsNonRoot: true`, unless `runAsNonRoot` or `runAsUser`...
**Describe the solution you'd like** Looks like we are missing docs for `exempt-namespace-prefix` https://open-policy-agent.github.io/gatekeeper/website/docs/v3.6.x/exempt-namespaces/ ref #1193
We need a discussion to evaluate different proposals for how to organize CT/Constraint, mutation, external data. Looking for someone to help drive this.
**Describe the solution you'd like** There are quite a few PSP policies in the library. It might be confusing to users which ones to deploy and what constraints parameters to...
Provide docs on how users can adopt GK PSP equivalent policies
**Describe the solution you'd like** Seen a few questions in Slack that users are trying to use `Deployment` kind (for allowed replica count for example) but not using `apps` api...
https://github.com/Azure/AKS/issues/1480#issuecomment-1062691872 ``` is azwi supported in china region .I was getting 404 error No subscription provided, using selected subscription from Azure CLI: xxxxxxxxxxxxxxxxx Error: Unexpected response from Get Subscription: 404...