Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-6399

Being Gatekeeper expert

XMLWordPrintable

    • Icon: Epic Epic
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • GRC
    • Being Gatekeeper expert
    • False
    • None
    • False
    • Not Selected
    • To Do
    • 0% To Do, 0% In Progress, 100% Done

      Ref: https://docs.google.com/document/d/1hsWWKEAdbgswQLzWjbEUc3e8x3x7wc9MgbsE0BddRe8/edithttps://docs.google.com/document/d/1hsWWKEAdbgswQLzWjbEUc3e8x3x7wc9MgbsE0BddRe8/edit

      Epic Goal

      • Becoming an expert Gatekeeper user

      Why is this important?

      1. A lot of customers need help from the gatekeeper

      Scenarios

      These Jira stories will be created

      Review policy collection that contain Gatekeeper policies. (ACM-6411)

      • JIRA: Should we keep them?
      • JIRA: Should we move them to stable?
      • JIRA: Should we convert these to ACM 2.8 native Gatekeeper integration policies?
      • JIRA SPIKE (not a priority for 2.9): Should we pull some from

      JIRA: Make a recommendation on whether to productize 3.12.0 or skip directly to 3.13.0 (ACM-6400)

      JIRA: Investigate if there is a way for the Gatekeeper operator to not override custom settings set by customers?

      (ACM-6401)

        • We want to avoid an operator code change for every new configuration we want to support. This would allow us to document the supported configuration changes.

      Lean code base

      JIRA: Learn how to run Gatekeeper locally and enable the debugger in VS Code (ACM-6402)

      JIRA: Review configuration options available and determine which ones should be exposed in the operator.

        • Especially around scale (caching, number of HTTP requests that can be handled, and etc.)
        • Limiting webhook scope
          • AI: There is a customer RFE for this
      • JIRA (not a priority for 2.9): File a ticket to automatically manage the scope with ConfigurationPolicy or the operator. This would be an opt-in. (ACM-6410)

      JIRA Doc Task: Learn the important pods to look at for logs (ACM-6407)

      JIRA Doc Task: How to disable Gatekeeper when there are issues  (ACM-6407)

      JIRA: This should be updated to exclude OpenShift and ACM namespaces by default in the operator. (ACM-6409)

      JIRA: General performance guidance in the RHACM documentation if not sufficiently covered in upstream documentation (ACM-6407)

      JIRA: Learning Rego and OPA (ACM-6406)

        • Learning how to have Rego perform referential lookups (e.g. a Pod constraint looks at the pod’s namespace for validation)
        • Community of practice a good reference point

      JIRA: Learn about mutation  (ACM-6408)

      ...

      Acceptance Criteria

      1. able to answer customer's questions
      2. able to give proper advices to customers 

       

       

              yikim@redhat.com Yi Rae Kim
              yikim@redhat.com Yi Rae Kim
              Dale Haiducek
              Derek Ho Derek Ho
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: