Problem description
With the delivery of the Gatekeeper manifest function (#167) and a manifest structure for constraint templates and constraints (#174), we would like to demonstrate a policy implementation and auditing within treasuremap. As an initial example, we would like a policy that validates that all helm chart resources used within a site deployment are produced from the helm-chart-collator managed within treasuremap.
Proposed change
Create a Gatekeeper constraint template that allows for restricting HelmRelease sources to specified sources.
Create a Gatekeeper constraint to restrict HelmRelease source to the helm-chart-collator/collator HelmRepository. GitRepository and Bucket sources should also be disallowed.
Deliver the constraint template and constraint during the workload phase or some new gating phase.
Provide capability to report violations during treasuremap gating. See Gatekeeper audit.
Problem description With the delivery of the Gatekeeper manifest function (#167) and a manifest structure for constraint templates and constraints (#174), we would like to demonstrate a policy implementation and auditing within treasuremap. As an initial example, we would like a policy that validates that all helm chart resources used within a site deployment are produced from the helm-chart-collator managed within treasuremap.
Proposed change
HelmReleasesources to specified sources.HelmReleasesource to the helm-chart-collator/collatorHelmRepository.GitRepositoryandBucketsources should also be disallowed.