Comments (4)
Hi @AleixoLucas42 - In addition to @maxsmythe change to
versions: ["v1"]
, I believegroups: [""]
->groups: ["apps"]
Unlike
Pod
which is part of core[""]
,Deployment
is part of["apps"]
: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#deployment-v1-apps
I can't belive! I swear i tried this before...... Thanks a lot, you guys saved me a lot of time creating a script to patch more than 800 deployments (:
I tried these two and worked:
apiVersion: mutations.gatekeeper.sh/v1
kind: Assign
metadata:
name: gk-set-privileged-false-deployment
spec:
applyTo:
- groups: ["apps"]
kinds: ["Deployment"]
versions: ["v1"]
match:
scope: Namespaced
kinds:
- apiGroups: ["*"]
kinds: ["Deployment"]
namespaces: ["test"]
location: "spec.template.spec.containers[name:*].securityContext.allowPrivilegeEscalation"
parameters:
pathTests:
- subPath: "spec.template.spec.containers[name:*].securityContext.allowPrivilegeEscalation"
condition: MustNotExist
assign:
value: false
---
apiVersion: mutations.gatekeeper.sh/v1
kind: Assign
metadata:
name: gk-set-seccomp-profile-deployment
spec:
applyTo:
- groups: ["apps"]
kinds: ["Deployment"]
versions: ["v1"]
match:
scope: Namespaced
kinds:
- apiGroups: ["*"]
kinds: ["Deployment"]
namespaces: ["test"]
location: "spec.template.spec.securityContext.seccompProfile"
parameters:
pathTests:
- subPath: "spec.template.spec.securityContext.seccompProfile"
condition: MustNotExist
assign:
value:
type: RuntimeDefault
from gatekeeper-library.
Does the replacement versions: ["apps/v1"]
-> versions: ["v1"]
fix things?
from gatekeeper-library.
Does the replacement
versions: ["apps/v1"]
->versions: ["v1"]
fix things?
Nope, I've probably tried this before, but I did rn and does not work anyways (I've tried so many things that for sure somebody will think i'm crazy lol)
from gatekeeper-library.
Hi @AleixoLucas42 - In addition to @maxsmythe change to versions: ["v1"]
, I believe groups: [""]
-> groups: ["apps"]
Unlike Pod
which is part of core [""]
, Deployment
is part of ["apps"]
: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#deployment-v1-apps
from gatekeeper-library.
Related Issues (20)
- Update Privileged Container Policy HOT 3
- Host networking constraint template does not respect exempt images HOT 2
- Refresh the content in Artifact-hub whenever any of the files within the policy are modified HOT 2
- docs: explicitly call out samples are provided as an example
- add cel-based policies HOT 4
- Match everything in a constraint HOT 2
- Docs exclude kind: AdmissionReview
- replicalimits unit tests do not include checks for Scale resources HOT 4
- Consider validating pod generic ephemerals in K8sStorageClass HOT 2
- Consolidating Kubernetes PSP-related ConstraintTemplates into a Single Template for Streamlined Migration HOT 1
- bump mutate assign api version from alpha to v1
- Website generator appears to only retain the final mutation sample per directory HOT 2
- Any interest in policies/constraints that apply to custom resources? HOT 3
- Workflow Upload artifacts: overwrites the matrixed job logs HOT 1
- k8spsphostnetworkingports exemptImages does not allow hostNetwork HOT 4
- automount-serviceaccount-token ConstraintTemplate does not reflect ServiceAccount settings HOT 1
- Not able to create statefulset without storageclass with policy k8sallowedstorageclas is used HOT 1
- Should apparmor always view unconfined as complaint? HOT 3
- The example of disallowed/allowed ingress resources in the unique ingress host example has incorrect hostnames HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gatekeeper-library.