-
Certain "host side" OPA functions should not have a hard coded implementation, but rather allow the end user to specify what has to be done when the function is invoked.
These functions should have…
-
Right now policy-evaluator has to runtimes: waPC (the original one) and burrego (the one that handles OPA and Gatekeeper policies).
The current codebase deals with that by using some `match` statem…
-
Each Policy Server listens over https, the certificate used is provided via a Secret that is mounted by the Deployment definition.
This certificate is signed by the root CA as described [here](http…
-
The deployment settings of the policy-server Deployment object are stored inside of the `policy-server` ConfigMap.
This ConfigMap is written/updated by the user via helm or even manually.
Unfortun…
-
OpenEBS cStor and Jiva projects involve managing K8s custom resources via the engine operators.
OpenEBS currently uses:
- webhook admission controller for performing custom validations
- PSP f…
kmova updated
3 years ago
-
Given an OPA-based policy, figure out what arguments it takes, and how they should be provided to it by `burrego`, and by extension, the `policy-evaluator`.
## Acceptance criteria
* We know and …
-
Given an OPA-based policy, figure out how it produces the policy evaluation result, and how they will be provided by it to `burrego`, and by extension, the `policy-evaluator`.
## Acceptance criteri…
-
The project should be created with a `metadata.yml` file that looks like:
```yaml
rules:
- apiGroups: [""]
apiVersions: ["v1"]
resources: ["pods"]
operations: ["CREATE", "UPDATE"]
mutat…
-
The waPC host should expose a host callback function that receives logging information from the guest.
This is needed to implement https://github.com/kubewarden/policy-server/issues/73
-
The Wasm file containing the policy must be enriched with metadata.
This is just an example of the metadata.yaml file:
```yaml
rules:
- apiGroups: [""]
apiVersions: ["v1"]
resources: ["p…