XML

Word

Printable

Type: Epic
Resolution: Unresolved
Priority: Major
Fix Version/s: Future
Affects Version/s: None
Component/s: GRC
Labels:
- RFE
- gatekeeper
- pm-slack

Epic Name:
Gatekeeper: Need a feature that allows to get clusterresources per namespace while executing rules
Blocked:
False
Blocked Reason:
None
Ready:
False
Color Status:
Not Selected
Epic Status:
To Do
Feature Link:
ACM-2707 - ACM Gatekeeper Enhancements
Parent Link:
ACM-2707ACM Gatekeeper Enhancements
Hierarchy Progress Bar:

0% To Do, 0% In Progress, 100% Done

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

PX Priority Data:
PX Impact Score:

Intelligence Requested:
Market:

Feature Overview

The RFE is about getting all related resources to a namespace without caching. This would reduce alot of mem and cpu consumption on our side and would enable us to use this kind of features in future. Currently we are not able to use the caching feature because our cluster is too big and the gatekeeper consumes a lot of cluster resources.

Goals

A user should be able to apply resources and the goal should be that we can check already existing resources with an opa policy without enabling the cache mode.
We only need namespace related resources. In this case we have to cross check if a pdb is still valid when a user change the replicas of an deployment. if not the rule should prevent that change.

Requirements

The only required things are an installed gatekeeper and a running kubernetes cluster.
A list of specific needs or objectives that a Feature must deliver to satisfy the Feature
This feature must provide a variable to get all namespace specific resources
No enabled cache mode
low resources consumption

Business Impact

The only business impact we currently have is that we cannot cross check already existing resources by adding new stuff.
This leads to an inconsistency by our rule because we cannot be sure that a pdb is valid when we change the deployment replicas.

Questions to answer

Out of Scope

Background, and strategic fit

This Section: What does the person writing code, testing, documenting
need to know? What context can be provided to frame this feature?

Assumptions

Customer Considerations

Documentation Considerations

Questions to be addressed:

What educational or reference material (docs) is required to support this
product feature? For users/admins? Other functions (security officers, etc)?
Does this feature have a doc impact?
New Content, Updates to existing content, Release Note, or No Doc Impact
If unsure and no Technical Writer is available, please contact Content
Strategy.
What concepts do customers need to understand to be successful in
[action]?
How do we expect customers will use the feature? For what purpose(s)?
What reference material might a customer want/need to complete [action]?
Is there source material that can be used as reference for the Technical
Writer in writing the content? If yes, please link if available.
What is the doc impact (New Content, Updates to existing content, or
Release Note)?

Assignee:: Sho Weimer

Reporter:: Gagan Mahto

Technical Lead:: Matthew Prahl

Contributors:: Dale Haiducek, Yi Rae Kim

QA Contact:: Derek Ho

Architect:: Gus Parvin

Product Manager:: Sho Weimer

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2023/08/29 4:52 PM

Updated:: 2024/05/14 1:08 PM

Details

Description