GithubHelp home page GithubHelp logo

Comments (4)

AleixoLucas42 avatar AleixoLucas42 commented on May 27, 2024 1

Hi @AleixoLucas42 - In addition to @maxsmythe change to versions: ["v1"], I believe groups: [""] -> groups: ["apps"]

Unlike Pod which is part of core [""], Deployment is part of ["apps"]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#deployment-v1-apps

I can't belive! I swear i tried this before...... Thanks a lot, you guys saved me a lot of time creating a script to patch more than 800 deployments (:

I tried these two and worked:

apiVersion: mutations.gatekeeper.sh/v1
kind: Assign
metadata:
  name: gk-set-privileged-false-deployment
spec:
  applyTo:
  - groups: ["apps"]
    kinds: ["Deployment"]
    versions: ["v1"]
  match:
    scope: Namespaced
    kinds:
    - apiGroups: ["*"]
      kinds: ["Deployment"]
    namespaces: ["test"]
  location: "spec.template.spec.containers[name:*].securityContext.allowPrivilegeEscalation"
  parameters:
    pathTests:
    - subPath: "spec.template.spec.containers[name:*].securityContext.allowPrivilegeEscalation"
      condition: MustNotExist
    assign:
      value: false
---
apiVersion: mutations.gatekeeper.sh/v1
kind: Assign
metadata:
  name: gk-set-seccomp-profile-deployment
spec:
  applyTo:
  - groups: ["apps"]
    kinds: ["Deployment"]
    versions: ["v1"]
  match:
    scope: Namespaced
    kinds:
    - apiGroups: ["*"]
      kinds: ["Deployment"]
    namespaces: ["test"]
  location: "spec.template.spec.securityContext.seccompProfile"
  parameters:
    pathTests:
    - subPath: "spec.template.spec.securityContext.seccompProfile"
      condition: MustNotExist
    assign:
      value: 
        type: RuntimeDefault

from gatekeeper-library.

maxsmythe avatar maxsmythe commented on May 27, 2024

Does the replacement versions: ["apps/v1"] -> versions: ["v1"] fix things?

from gatekeeper-library.

AleixoLucas42 avatar AleixoLucas42 commented on May 27, 2024

Does the replacement versions: ["apps/v1"] -> versions: ["v1"] fix things?

Nope, I've probably tried this before, but I did rn and does not work anyways (I've tried so many things that for sure somebody will think i'm crazy lol)

from gatekeeper-library.

apeabody avatar apeabody commented on May 27, 2024

Hi @AleixoLucas42 - In addition to @maxsmythe change to versions: ["v1"], I believe groups: [""] -> groups: ["apps"]

Unlike Pod which is part of core [""], Deployment is part of ["apps"]: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.26/#deployment-v1-apps

from gatekeeper-library.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.