Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Create Gatekeeper function #167

Open
eak13 opened this issue Jun 4, 2021 · 4 comments
Open

Create Gatekeeper function #167

eak13 opened this issue Jun 4, 2021 · 4 comments
Labels
2-Manifests Relates to manifest/document set related issues enhancement New feature or request priority/medium Default priority for items size m 2-5 days [moderate complexity, generic code, or enhancement to existing feature]]
Milestone
Future

Comments

@eak13
Copy link

eak13 commented Jun 4, 2021
edited
Loading

With pod security policies being deprecated in k8s v1.21, there is a need for a replacement to apply & manage policies. Gatekeeper provides the means for policy application & enforcement.

Information on PSP deprecation:
https://kubernetes.io/blog/2021/04/06/podsecuritypolicy-deprecation-past-present-and-future/

Information for Gatekeeper can be found here:
https://kubernetes.io/blog/2019/08/06/opa-gatekeeper-policy-and-governance-for-kubernetes/
https://github.com/open-policy-agent/gatekeeper
https://open-policy-agent.github.io/gatekeeper/website/docs/howto/

Tasks for this issue:

  • Create a function that deploys gatekeeper
  • Define a phase to deliver gatekeeper
  • Associate gatekeeper deployment with the multi-tenant type

This will be part of the #86 epic & will provide the initial functionality to deploy gatekeeper. Subsequent issues will be created to define & apply policies.
@eak13 eak13 added enhancement New feature or request triage labels Jun 4, 2021
@drewwalters96 drewwalters96 self-assigned this Jun 8, 2021
@jezogwza jezogwza added 2-Manifests Relates to manifest/document set related issues and removed triage labels Jun 9, 2021
@jezogwza jezogwza modified the milestones: v2.1, Future Jun 9, 2021
@jezogwza jezogwza added the priority/medium Default priority for items label Jun 9, 2021
This was referenced Jun 11, 2021
Open
Closed
@drewwalters96 drewwalters96 added size s <=1 days [refactor, 1 function, documentation] size m 2-5 days [moderate complexity, generic code, or enhancement to existing feature]] and removed size s <=1 days [refactor, 1 function, documentation] labels Jun 14, 2021
@lb4368
Copy link

lb4368 commented Jun 17, 2021

PS: https://review.opendev.org/c/airship/treasuremap/+/795601

@lb4368
Copy link

lb4368 commented Jun 17, 2021

Per design discussion 6/17/21, the Gatekeeper function should be included in the multi-tenant type and applied during the initinfra phase.

@lb4368 lb4368 mentioned this issue Jun 17, 2021
Open
@shon-phand
Copy link
Contributor

Please assign this one to me, I can start working on this issue.

@shon-phand
Copy link
Contributor

per discussion on 11/16/2021, Gatekeeper functionality does not require in upstream.

@shon-phand shon-phand removed their assignment Nov 18, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2-Manifests Relates to manifest/document set related issues enhancement New feature or request priority/medium Default priority for items size m 2-5 days [moderate complexity, generic code, or enhancement to existing feature]]
Projects
None yet
Milestone
Future
Development

No branches or pull requests
5 participants
@lb4368 @eak13 @jezogwza @drewwalters96 @shon-phand