flavio
commented
1 year ago @adnanhashmi09 is interested in working on this RFC
Open flavio opened 1 year ago
flavio
commented
1 year ago @adnanhashmi09 is interested in working on this RFC
Many policies target the Pod resource, however, creating this resource in a direct way is considered a Kubernetes anti-pattern. Most of the time, Pod resources are created by higher-order resources like Deployment, DaemonSet, CronJob, ReplicaSet,...
Currently, our SDKs provide APIs that allow the policy author to make his policy work also against the most common Kubernetes resources that have Pod objects specified inside of them. However, this is extra work that has to be done on a per-policy basis.
On the other hand, Kyverno has the concept of auto-gen rules which makes the whole process simpler.
It would be useful to create a RFC that describes how we could create a Kubewarden feature similar to the auto-gen rules of Kyverno.