Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-9263

Add default exempting namespace for gatekeeper

XMLWordPrintable

    • 3
    • False
    • None
    • False
    • Hide

      Provide the required acceptance criteria using this template.
      * ...
      Show
      Provide the required acceptance criteria using this template. * ...
    • ACM-2707 - ACM Gatekeeper Enhancements
    • GRC Sprint 2023-23, GRC Sprint 2024-01, GRC Sprint 2024-04, GRC Sprint 2024-05
    • No

      Feature Overview

      Goal:

      As a user, I want to have a default exempting namespace list

      Requirements

      1. First, we should collect namespaces that most users want to exclude.
      2. Add this idea to the gatekeeper operator 

       

      Criteria

       
       the proposal based on option 1: # Add a new field of matches to the Gatekeeper CRD which is of the same type as the Gatekeeper Config object. All new non-default excluded namespaces must go here.

      1. Add a new field of disableDefaultMatches if the user wants to opt out of the Gatekeeper operator appending the default exclude namespaces to the matches value on the Gatekeeper CR.
      2. On upgrades, when an existing Config object has the matches field set, the Gatekeeper operator does not manage that field until the matches field is set on the Gatekeeper CR. Note that an empty array is different than nil /not set in this case.

      For users that configured the excluded namespaces with the policy collection configuration policy, they would delete the policy and either set matches on the Gatekeeper CR to [] or some other value. This causes the Gatekeeper operator to take ownership.
       

              yikim@redhat.com Yi Rae Kim
              yikim@redhat.com Yi Rae Kim
              Dale Haiducek Dale Haiducek
              ACM GRC & Gatekeeper
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: