Need help: Constraint template for ensuring every namespace has at least one network policy #114
Unanswered
sureshgoli25
asked this question in
Gatekeeper
Replies: 2 comments 1 reply
-
Hi sureshgoli25, have you resolved this issue? I am looking for the solution for the same thing. |
Beta Was this translation helpful? Give feedback.
1 reply
-
I'm no Gatekeeper expert, but if you're looking to netpols := data.inventory.namespace[input.review.object.metadata.namespace]["networking.k8s.io"]["NetworkPolicy"][_].metadata.name If you wrap it in a comprehension you should be able to collect all of them instead: netpols := [netpol | netpol := data.inventory.namespace[input.review.object.metadata.namespace]["networking.k8s.io"]["NetworkPolicy"][_].metadata.name] And the |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi All,
[Need Help]
I am a new bee...
Summary: I am trying to create constraint template to find a way to ensure every namespace in a cluster has at least one network policy defined.
Having little bit of challenges to debug the expressions i have written. Might be completely wrong also ...:)
As per above rule. If the input kind is POD.
The next role brings the name of the network policies of that particular name using data sync of namespace.
The count checks if the value of the network policy is more than 0 or in other words namespace have the network policy defined. If network policy not existed then, put message back to user to say to define the network policy.
I am facing problem with regards to data inventory stuff. Somehow the condition is always matching and constraint is allowing to create pod in a namespace where network policy not defined also.
Beta Was this translation helpful? Give feedback.
All reactions