This repository has been archived by the owner on Jan 12, 2023. It is now read-only.
[FR] Immutable resource policy #50
Comments
|
Interesting idea How would you identify these immutable NetworkPolicies for the policy? For example we could have an annotation set and use it for other resources as well. |
|
I was originally thinking it would just be a NetworkPolicy by name in any namespace, but I prefer your approach, so it can apply for any resource by any name. The exemptions already allow whitelisting accounts that can modify the resource too. |
dustin-decker
changed the title
|
👋 The k-rail project has been deprecated and is no longer under active development. We recommend taking a look at OPA Gatekeeper to see if it might meet your needs going forward. Thanks for your contribution(s) to the project! |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
When operating clusters for tenants, it may be desirable to enforce a default namespace NetworkPolicy.
As useful default NetworkPolicy would be one that prevents traffic ingress from outside of the namespace (and the Ingress controller).
In this scenario, preventing modifications to this default NetworkPolicy would ensure that tenants add additional NetworkPolicies if they need to allow additional ingress into their namespace.
The text was updated successfully, but these errors were encountered: