Comments (3)
garethahealy
commented on June 10, 2024
konstraint is just used to generate the template and constraint used by gatekeeper. If you look at one of the policies:
$ ls -lrt policy/ocp/bestpractices/common-k8s-labels-notset
total 16
-rw-r--r-- 1 gahealy 1438 Apr 8 2022 src.rego
drwxr-xr-x 4 gahealy 128 Apr 8 2022 test_data
There arent any gatekeeper CRs generated, running konstraint create --constraint-template-version v1 generates them:
$ ls -lrt policy/ocp/bestpractices/common-k8s-labels-notset
total 16
-rw-r--r-- 1 gahealy 1438 Apr 8 2022 src.rego
drwxr-xr-x 4 gahealy 128 Apr 8 2022 test_data
-rw-r--r-- 1 gahealy 5758 Dec 7 14:10 template.yaml
-rw-r--r-- 1 gahealy 582 Dec 7 14:10 constraint.yaml
The tool is nice and simple, but would I suggest a customer use konstraint? probably not. helm or kustomize can do the same job.
from rego-policies.
ch-stark
commented on June 10, 2024
@garethahealy thanks, I would not know how to generator Contraints from Rego via Kustomize, I assume I'd need to use some transformer
from rego-policies.
garethahealy
commented on June 10, 2024
added link to TESTING.md in README.md
from rego-policies.
Related Issues (20)
- Look into adding tests for inventory based via conftest --data
- Enforce a naming convention for resources
- create placeholder for tekton
- tekton: sar-demo HOT 2
- tekton: RBAC light HOT 1
- tekton: conftest task
- tekton: triggers policy: OpenID Connect authentication and authorization HOT 1
- k8s: podsecuritypolicy via OPA HOT 4
- improve gatekeeper tests
- cluster operators degraded HOT 1
- add schema validation to opa eval scripts HOT 11
- add an KinD action to ci
- doesn't work with List openshift object HOT 6
- ocp 4.8 operator.openshift.io/v1beta1 deprecated HOT 1
- deprek8ion repo is archived HOT 1
- OPA/Rego AND operator usage HOT 1
- Disable prow integration HOT 1
- konstraint create fails HOT 1
- Dependency Dashboard
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from rego-policies.