configuration help aadpodidbinding, in deployment/statefullset

XenitAB / gatekeeper-library

Collection of OPA Gatekeeper policies that can be used in your Kubernetes cluster.

MIT License

14 stars 7 forks source link

configuration help aadpodidbinding, in deployment/statefullset #43

Open NissesSenap opened 3 years ago

NissesSenap commented 3 years ago

Recently I did a stupid error that was to label the deployment with: aadpodidbinding instead of the pod template. Let's create a warning that tells the user that you shouldn't do that :)

Bellow is not okay

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    aadpodidbinding: backend
  name: podinfo
spec:

This one is okay

apiVersion: apps/v1
kind: Deployment
metadata:
  name: podinfo
spec:
  template:
    metadata:
      labels:
        aadpodidbinding: backend
        app: podinfo

phillebaba commented 2 years ago

My suggestion is that this should be implemented in another medium. Gatekeeper does not give the best information to the end user.