Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-16183

Create documentation for Gatekeeper exempt namespaces

XMLWordPrintable

    • 1
    • False
    • None
    • False
    • Hide

      Provide the required acceptance criteria using this template.
      * ...
      Show
      Provide the required acceptance criteria using this template. * ...
    • GRC Sprint 2024-23, GRC Sprint 2024-24, GRC Sprint 2024-25, GRC Sprint 2025-01
    • None

      Value Statement

      Add exempt namespace example below https://docs.redhat.com/en/documentation/red_hat_advanced_cluster_management_for_kubernetes/2.12/html/governance/gk-operator-overview#gatekeeper-custom-resource

       

      under spec
       

       config: 
   matches: 
     - excludedNamespaces: ["test-*", "my-namespace"] 
       processes: ["*"] 
   disableDefaultMatches: false

      config.matches will be added in gatekeeper config resources as excludedNamespaces  Ref: https://open-policy-agent.github.io/gatekeeper/website/docs/exempt-namespaces

       

      Gatekeeper operator is adding default excludedNamespaces in gatekeeper config like this:
       

       excludedNamespaces : ["kube-*", "multicluster-engine", "hypershift", "hive", "rhacs-operator", "open-cluster-*", "openshift-*"]   

      But if the user set disableDefaultMatches to true, Gatekeeper operator won't add these namespaces to excludedNamespaces in config CR

       

      Definition of Done for Engineering Story Owner (Checklist)

      • ...
      •  

       

          1.
          		 Add documenntation for Gatekeeper exempt namespace Sub-task Closed Normal Mikela Jackson

              mdockery@redhat.com Mikela Jackson
              yikim@redhat.com Yi Rae Kim
              Derek Ho Derek Ho
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: