search

tetratelabs / tetrate-service-bridge-sandbox

Deploy Tetrate Service Bridge Demo on Azure Kubernetes Service (AKS), Google Kubernetes Engine (GKE) and/or Elastic Kubernetes Service (EKS) using Terraform
Apache License 2.0
12 stars 10 forks source link

gatekeeper `workspacesettings` validation example within gitops example #263

Open smarunich opened 1 year ago

smarunich commented 1 year ago

Provide an example of gatekeeper guarding workspacesettings - the specific collection of fields like securitysettings or so.

shamusx commented 1 year ago

Sample:

Gatekeeper Constraint Template: https://open-policy-agent.github.io/gatekeeper-library/website/validation/requiredannotations

Sample enforcement:

apiVersion: constraints.gatekeeper.sh/v1beta1
kind: K8sRequiredAnnotations
metadata:
  name: bookinfo-constraint
spec:
  enforcementAction: deny
  match:
    namespaces:
      - bookinfo
    kinds:
      - apiGroups: gateway.tsb.tetrate.io
        kind: IngressGateway
      - apiGroups: security.tsb.tetrate.io
        kind: SecuritySetting
  parameters:
    message: "Must apply proper workspace annotation for namespace"
    annotations:
      - key: tsb.tetrate.io/workspace
        allowedRegex: "bookinfo"