Add readme how to use Gatekeeper
ch-stark opened this issue · 3 comments
ch-stark commented
I see some references to konstraint, is the way to go the use this tool to create the constraints/constrainttemplates from rego?
garethahealy commented
konstraint
is just used to generate the template and constraint used by gatekeeper
. If you look at one of the policies:
$ ls -lrt policy/ocp/bestpractices/common-k8s-labels-notset
total 16
-rw-r--r-- 1 gahealy 1438 Apr 8 2022 src.rego
drwxr-xr-x 4 gahealy 128 Apr 8 2022 test_data
There arent any gatekeeper
CRs generated, running konstraint create --constraint-template-version v1
generates them:
$ ls -lrt policy/ocp/bestpractices/common-k8s-labels-notset
total 16
-rw-r--r-- 1 gahealy 1438 Apr 8 2022 src.rego
drwxr-xr-x 4 gahealy 128 Apr 8 2022 test_data
-rw-r--r-- 1 gahealy 5758 Dec 7 14:10 template.yaml
-rw-r--r-- 1 gahealy 582 Dec 7 14:10 constraint.yaml
The tool is nice and simple, but would I suggest a customer use konstraint
? probably not. helm
or kustomize
can do the same job.
ch-stark commented
@garethahealy thanks, I would not know how to generator Contraints from Rego via Kustomize, I assume I'd need to use some transformer
garethahealy commented
added link to TESTING.md in README.md