Comments (2)
ritazh
commented on June 18, 2024
-
mutator controller tracking - though it may help with infinite mutation cycles for GK mutations. it won't address mutations that can happen outside of GK, e.g. another mutating webhook
-
Allow for more than
MustExistandMustNotExistconditionsin the path tests, like=, >, <,- I think this could be useful.
@maxsmythe @sozercan thoughts?
from gatekeeper.
maxsmythe
commented on June 18, 2024
Allow for more than MustExist and MustNotExistconditions in the path tests, like =, >, <, - I think this could be useful.
This would definitely allow for infinite cycles:
- Mutator A: if field X = 2 set to 5
- Mutator B: if field X = 1 set to 2
- Mutator C: if field X = 5 set to 1
Cycle: 1 -> 2 -> 1 -> 2 -> 1 -> 2 -> .....
Given that K8s is looking at embedded mutation (e.g. validating admission policy, but for mutation), I'd be hesitant to make too many fundamental changes to mutation until we know what (if any) stance they have on the safety issue.
from gatekeeper.
Related Issues (20)
- [feat][expansion template] one disable annotation in constraint template to allow policy bypass expansion template HOT 2
- Resource violates rule but is created HOT 5
- Improve consistency in gator usage HOT 2
- Policy is being flagged in the log but it is allowed to be created HOT 1
- fix insecure configurations HOT 3
- Rename branch 'master' to 'main'
- Excluded namespaces do not appear in inventory HOT 4
- Run CI checks with loglevel set to DEBUG for gatekeeper
- Validatingwebhookconfiguration scope: * can cause cluster instability.
- Helm Upgrade Failing HOT 8
- Yaml fails to render podLabels properly since version 3.14.0 HOT 1
- Constraint status content is non-deterministic HOT 5
- Update unit test for vap generation once the feature is more stable in k/k
- Update test suites when vap is GAed in k/k HOT 1
- Include images' digests in the release of the Gatekeeper Helm chart HOT 2
- Add helm chart values for vap generation
- Handle race condition with vap generation
- document constraint match source
- Gatekeeper Mutator doesn't re-apply mutations to rescheduled pods HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gatekeeper.