Review gatekeepr-libary rules vs upstream

In https://github.com/open-policy-agent/gatekeeper-library/ there is a bunch of good rules that we should be using.

- Disallow PDB lower than deployment replicas: https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general/poddisruptionbudget
- unique serviceselectors: https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general/uniqueserviceselector (would this create any issues for us? This sound vey sound in general).
- Disable the option of changing SA on a pod https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general/noupdateserviceaccount (this might create issues for AKS/EKS but hopefully they shouldn't)
- No rule/clusterrolebinding towards anonymous users: https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general/disallowanonymous

There are probably more options. So check it out.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Review gatekeepr-libary rules vs upstream #78

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Uh oh!

Review gatekeepr-libary rules vs upstream #78

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions