Open smarunich opened 1 year ago
Sample:
Gatekeeper Constraint Template: https://open-policy-agent.github.io/gatekeeper-library/website/validation/requiredannotations
Sample enforcement:
apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sRequiredAnnotations
metadata:
name: bookinfo-constraint
spec:
enforcementAction: deny
match:
namespaces:
- bookinfo
kinds:
- apiGroups: gateway.tsb.tetrate.io
kind: IngressGateway
- apiGroups: security.tsb.tetrate.io
kind: SecuritySetting
parameters:
message: "Must apply proper workspace annotation for namespace"
annotations:
- key: tsb.tetrate.io/workspace
allowedRegex: "bookinfo"
Provide an example of gatekeeper guarding
workspacesettings
- the specific collection of fields likesecuritysettings
or so.