-
we summed up the kinds our rules use and applied them as `resources` ... traffic and cpu usaged dropped substantially :)
issue is here: https://github.com/open-policy-agent/gatekeeper/blob/176f…
-
- OPA chart installs few built-in constrainttemplates.
- Rancher should block edit/delete of these built-in templates
- Explore if this can be done using another builtin OPA policy itself.
-
Opa upgrade now comes from framework. Can you try latest commit in master? that is referencing framework that’s using opa v0.35 https://github.com/open-policy-agent/frameworks/pull/167/files#diff-4583…
-
**Description**
If the reconcilation of a collector is blocked by some restrictions on the cluster like an OPA gatekeeper policy, then the status of the pipeline indicates that the deployment is not r…
-
### What's wrong?
When using this chart (we use it as subcjart of k8s-monitoring) the deployment type must be specified in lowercase, eg. 'statefulset' for it to actually render the sts, dp or ds, ho…
-
This is a rough idea.
I'm thinking the similar things with Open Policy Agent, Conftest, and GateKeeper.
Conftest and GateKeeper are interfaces of OPA and OPA itself are separated with user interface…
-
When running `trivy k8s compliance=nsa report summary` command
The scores seem to go down "significantly" once we deploy OPA Gatekeeper with restrictive enforcement policies.
We are unable to exp…
-
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the…
-
From xsk created by [alexkuklin](https://github.com/alexkuklin): SAP/xsk#1204
Any kind of automatic or semi-automatic deployment to production environment may pose security risks if there's no imag…
-
Not able to prevent namespace deletion. Below are my OPA Gatekeeper version and constrainttemplate.
OPA gatekeeper version : `v3.15.1`
# Rego Template
```
apiVersion: templates.gatekeeper.sh/v1…