As an operator, I'm managing a large kubernetes cluster that is shared by different teams. Each team has a series of Namespace associated.
As an operator, I want to rollout the same set of policies across all the Namespaces. I want to go tenant-by-tenant, and start by having these policies in monitor mode. Once the tenant has fixed all his issues, the policies will be switched to protect mode.
Currently, the only way to achieve that is by having the same set of policies deployed into multiple namespaces, with different enforcement modes. This leads to a lot of duplication (in terms of yaml).
Solution you'd like
It would be nice to deploy a ClusterAdmissionPolicy and be able to say something like: by default this policy operates in protect mode, except for the namespaces that match the selector tenant=foo
Is your feature request related to a problem?
As an operator, I'm managing a large kubernetes cluster that is shared by different teams. Each team has a series of Namespace associated.
As an operator, I want to rollout the same set of policies across all the Namespaces. I want to go tenant-by-tenant, and start by having these policies in monitor mode. Once the tenant has fixed all his issues, the policies will be switched to protect mode.
Currently, the only way to achieve that is by having the same set of policies deployed into multiple namespaces, with different enforcement modes. This leads to a lot of duplication (in terms of yaml).
Solution you'd like
It would be nice to deploy a ClusterAdmissionPolicy and be able to say something like: by default this policy operates in protect mode, except for the namespaces that match the selector
tenant=fooAlternatives you've considered
No response
Anything else?
No response