-
Hello!
K-Rail policy **No Root User** allows me to run Pod only if **_runAsNonRoot: true_** is specified in Pod's AND Container's securityContext same time.
Is it correct behavior or should I be ab…
-
I want an [authorization webhook](https://kubernetes.io/docs/reference/access-authn-authz/webhook/) using OPA rules and engine. But for now, I found gatekeeper implement [admission webhook](https://ku…
-
Hi there, nice project!
I'm interested to know if anyone has thought about compatibility between the checks in `kube-score` and policy we might deploy into Gatekeeper?
I would much prefer the sa…
-
**Describe the solution you'd like**
We’re running OPA Gatekeeper on a huge cluster, and judging from logs audit run takes about two minutes to complete.
However, the largest bucket in gatekeeper_…
-
### Description
As the use of admission and security tools like OPA Gatekeeper, Twistlock, Aqua, etc... becomes more prevalent, there are frequently queries like:
- Does kuma (sidecar/init) need r…
-
Hi,
support for Read only root fs would be great. So far I've encountered two issues:
Mysql container init wants to use `/tmp` and `/var/run/mysqld`, emptyDir (or an option to add emptyDir) vol…
-
**Describe the solution you'd like**
It is currently not possible to limit the application of a Gatekeeper mutator to only instances of a resource that have certain attributes set. A prime example o…
-
**Existing capability:** Currently Gatekeeper uses [config](https://github.com/open-policy-agent/gatekeeper/blob/0481412e609845c6471fd544ec5c42f22582db0a/pkg/controller/config/config_controller.go) re…
-
We need docs that explain how people can extend Gatekeeper with their own templates. For example, we need to explain:
* Deny rule semantics
* The structure of the input document
* How to use JSON…
-
What's the reason for separating out ACP Standard services from ACP Architecture pattern?. Shouldn't they be combined into one?
Also to ACP standardized services I would recommend adding following
…