Feature Overview

Gatekeeper and Kubernetes ValidatingAdmissionPolicy both follow a similar pattern of having a CRD that acts as a "template" for the policy behavior (ConstraintTemplate and VAP respectively).  The applying or "binding" of those policy templates is done through a Gatekeeper "Constraint" or a ValidatingAdmissionPolicyBinding.  The Discovered policies UI/UX is keyed off of the "Constraint" and VAPB rather than the originating policy template.  Similarly, Gatekeeper and Kyverno both can integrate or delegate the admission control behaviors to VAP.

Because the behavior is expressed in the policy template resource, it is currently hard for a user to understand the behavior of applied policies from the UI because the originating template is not accessible from the UX.

Goals

This Section: Provide high-level goal statement, providing user context
and expected user outcome(s) for this feature

• Make the originating policy templates easier to access from the UI/UX to understand the behavior of the policies

Requirements

This Section: A list of specific needs or objectives that a Feature must
deliver to satisfy the Feature.. Some requirements will be flagged as MVP.
If an MVP gets shifted, the feature shifts. If a non MVP requirement slips,
it does not shift the feature.

(Optional) Use Cases

This Section:

• Gatekeeper:
  • From policy details page (cluster instance), the user should be able to view the ConstraintTemplate YAML
  • From the policy details page (cluster instance), the user should be able to view the originating VAP and VAPB YAML if using CEL integration
• VAPB
  • From policy details page (cluster instance), the user should be able to view the VAP YAML
• Kyverno
  • From the policy details page (cluster instance), the user should be able to view the originating VAP and VAPB YAML if using CEL integration

Questions to answer

• ...

Out of Scope

• …

Background, and strategic fit

This Section: What does the person writing code, testing, documenting
need to know? What context can be provided to frame this feature?

Assumptions

• ...

Customer Considerations

• ...

Documentation Considerations

Questions to be addressed:

• What educational or reference material (docs) is required to support this
  product feature? For users/admins? Other functions (security officers, etc)?
• Does this feature have a doc impact?
• New Content, Updates to existing content, Release Note, or No Doc Impact
• If unsure and no Technical Writer is available, please contact Content
  Strategy.
• What concepts do customers need to understand to be successful in
  [action]?
• How do we expect customers will use the feature? For what purpose(s)?
• What reference material might a customer want/need to complete [action]?
• Is there source material that can be used as reference for the Technical
  Writer in writing the content? If yes, please link if available.
• What is the doc impact (New Content, Updates to existing content, or
  Release Note)?