Check if Kuberwarden has a equivalent policy to Neuvector policy to control user groups

kubewarden / kubewarden-controller

Manage admission policies in your Kubernetes cluster with ease

https://kubewarden.io

Apache License 2.0

191 stars 33 forks source link

Check if Kuberwarden has a equivalent policy to Neuvector policy to control user groups #309

Closed jvanz closed 2 years ago

jvanz commented 2 years ago

Compare the admission controller from Neuvector checking how its policy to control user groups works. The goal if to figure out if there is a Kubewarden policy equivalent to it.

jvanz commented 2 years ago

The rule from NueVector that refers to "user group" check which user group from the user info in the admission request. It's not related to the user group in the containers. Therefore, if we want a feature like that, we need to write a policy to do the same thing.

flavio commented 2 years ago

I suspected that was about the user and group info inside of the admission request object. Can you please elaborate more how the final policy would behave?

jvanz commented 2 years ago

@kubewarden/kubewarden-developers , I cannot think an a big benefit in adding a policy similar to the Neuvector one in the Kubewarden ecosystem now. So, I'm closing this.

However, if we decided to do it, it's possible. Our SDK already has the data needed