jasonrichardsmith / sentry

Kubernetes Object Validating Admission Controller
GNU Lesser General Public License v3.0
41 stars 5 forks source link

Improve source module to have more robust text parsing #17

Open jasonrichardsmith opened 6 years ago

jasonrichardsmith commented 6 years ago

Do you wish to add functionality to an existing sentry module? Make more robust options for text matching strategies for source module.

towolf commented 6 years ago

We wrote this plugin for Docker itself, before ValidatingWebhooks were a thing.

We simply went with regex blacklists and whitelists, and an example config looks like this:

{
  "whitelist": [
    "^alpine:",
    "^docker\\.elastic\\.co/beats/filebeat:",
    "^gcr\\.io/google_containers",
    "^mysql:",
    "^nginx:",
    "^php:",
    "^apache:",
    "^quay\\.io/calico/cni",
    "^quay\\.io/calico/node",
    "^quay\\.io/coreos/flannel"
  ],
  "blacklist": [
    "^docker:"
  ],
  "defaultAllow": false
}

Anybody in this space can deal with regex and it is powerful enough.

jasonrichardsmith commented 6 years ago

@towolf thanks for your input, I am still weighing the options. Your solution is probably the strongest contender.