Spike | Same policy with different configurations in the same cluster

Question

Spike | Same policy with different configurations in the same cluster

MostafaMegahid opened this issue 2 years ago · 1 comments

Background

Currently, if we want to use the same policy with two different configurations (Parameters, Targets, .etc), we assume that's possible using Kustomization layers. However, that will only work if we want different configs for different clusters, but not on the same cluster, which makes it impossible to enforce same policy on different applications/namespaces with different configurations.

Objective

The objective of the spike is to explore ways to enforce the same policy on different applications/namespaces.

Remarks

We should explore using the policyConfig concept.

Answer 1 · 2022-10-11T14:30:41.000Z

Progress

implement CRD in policy agent & define new API
Modify validator to use config and override policy parameters
Implement controller to restrict creating multiple configs for the same target
Testing