search

sigstore / policy-controller

Sigstore Policy Controller - an admission controller that can be used to enforce policy on a Kubernetes cluster based on verifiable supply-chain metadata from cosign
Other
123 stars 55 forks source link

Add annotations to objects admitted by policy-controller #611

Open jkjell opened 1 year ago

jkjell commented 1 year ago

Description

It would be awesome to see the results of policy-controller admissions recorded on affected objects.

There's a great example from Tekton Chains where they record helpful metadata:

kubectl get tr [TASKRUN_NAME] -o json | jq -r .metadata.annotations

{
  "chains.tekton.dev/signed": "true",
  ...
}

The things that seem most useful to me from the policy-controller side would be an annotation referencing the admitting or denying policy, the status, and ideally, enough details to understand the reasoning behind the policy decision.

elfotografo007 commented 1 year ago

I can take care of this one. What is our timeline for v1?

hectorj2f commented 1 year ago

@elfotografo007 We don't have a defined timeline yet.

hectorj2f commented 1 year ago

Feel free to assign it to yourself whenever you start working on this.

elfotografo007 commented 1 year ago

I don't have the right to assign it to me. Can you assign it?

hectorj2f commented 1 year ago

@elfotografo007 Done 👍!