Open Kaezon opened 2 years ago
Now that I'm thinking about it, maybe blocking the mutation of DELETE operations at a more global level would be a better approach. That would at least prevent future policies and plugins from causing this problem again.
I added a guard around the patch list append which prevents mutations from being collected for DELETE requests. This should effectively prevent future policies and plugins from mutating DELETE requests without interfering with other enforcement actions.
👋 The k-rail project has been deprecated and is no longer under active development. We recommend taking a look at OPA Gatekeeper to see if it might meet your needs going forward.
Thanks for your contribution(s) to the project!
The Default Seccomp policy was mutating DELETE operations, which the k8s API does not accept. This was preventing the normal deletion of pods as long as this policy was enabled.
By adding an early return to the policy which avoids the processing of DELETE requests, #122 should be resolved.