support - mutation or validation for custom policies? #3186
Comments
|
What are you trying to achieve? Can you provide an example resource and describe what you would like to happen to it? |
|
id like to rephrase: there is a missing piece in the documentation here. the source of the issue above... the importance of third party policies as the ones from google is not emphasized enough. the fact that the gatekeeper does NOT mutate policies within the cluster but relays the whole policy command chain is not clearly stated from the beginning. the documentation on "how to use gatekeeper" should include, be appended after a document stating on
ps: i am still venting |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions. |
ive read,
#3001
tried using a assign mutation to mutate the baseline profile, for inclusion of the net_raw and the net_admin capabilities
but maybe this is to manage capabilities from a central point and assigns them based on a ruleset
tried using constraints based on a constraint template to make certain capabilities valid against the baseline profile
but maybe this is create your own custom little profiles
tried using modifyset mutation to "modify" the existing baseline profile
but maybe this instead of overrides capabilities is a merge behaviour and complementary to the assign mutation behaviour
is this an attempt at reinventing the whole concept of policies. are there presets i have to include in every resource because i have to manually adapt policies because of it.
The text was updated successfully, but these errors were encountered: