search

kubewarden / kubewarden-controller

Manage admission policies in your Kubernetes cluster with ease
https://kubewarden.io
Apache License 2.0
191 stars 33 forks source link

`ClusterAdmissionPolicy`: handle multiple Rules #31

Closed flavio closed 3 years ago

flavio commented 3 years ago

Right now, v1alpha1 of ClusterAdmissionPolicy allows to set only one matching rule per policy. This is a limitation compared to what a regular Webhook admission controller offers.

Admission criteria

Change the definition of ClusterAdmissionPolicy to allow multiple RuleWithOperations objects to be handled by a single policy.

After this change, a ClusterAdmissionPolicy declaration would look like that:

apiVersion: policies.kubewarden.io/v1alpha2
kind: ClusterAdmissionPolicy
metadata:
  name: generated-policy
spec:
  module: "file:///home/flavio/hacking/kubernetes/kubewarden/kwctl/annotated.wasm"
  settings: {}
  rules:
    - apiGroups:
        - ""
      apiVersions:
        - v1
      resources:
        - pod
      operations:
        - CREATE
        - UPDATE
  mutating: false
flavio commented 3 years ago

Done