Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Read external data from a ConfigMap #3105

Closed
mrueg opened this issue Oct 23, 2023 · 10 comments
Closed

Read external data from a ConfigMap #3105

mrueg opened this issue Oct 23, 2023 · 10 comments
Labels
enhancement New feature or request stale

Comments

@mrueg
Copy link
Contributor

mrueg commented Oct 23, 2023

Describe the solution you'd like
[A clear and concise description of what you want to happen.]

As a user I would like to have the option for gatekeeper to read external data similar to how conftest reads from a config file.

I would like to avoid creating a separate provider and instead have OPA support reading data from a ConfigMap (this configmap contains json or yaml data that the user adds externally). Stale data can be prevented via https://github.com/stakater/Reloader to reload Gatekeeper on change of the ConfigMap.

Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]

Environment:

  • Gatekeeper version: v3.13.3
  • Kubernetes version: (use kubectl version): v1.28.3
@mrueg mrueg added the enhancement New feature or request label Oct 23, 2023
@maxsmythe
Copy link
Contributor

Can this be done by syncing a config map?

https://open-policy-agent.github.io/gatekeeper/website/docs/sync

One concern with this approach may be that clusters often have very large config maps (and quite a few of them), so it may be expensive. You could get around this by creating a custom resource intended to hold this external data.

@skaven81
Copy link

+1 for just syncing a resource instead. Creating a CRD is a very low complexity threshold and would not require adding any new code to Gatekeeper.

@stale Stale
Copy link

stale bot commented Dec 30, 2023

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Dec 30, 2023
@mrueg
Copy link
Contributor Author

mrueg commented Dec 30, 2023

Not stale

@stale stale bot removed the stale label Dec 30, 2023
@stale Stale
Copy link

stale bot commented Feb 29, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Feb 29, 2024
@skaven81
Copy link

skaven81 commented Mar 1, 2024

not stale

@stale stale bot removed the stale label Mar 1, 2024
@stale Stale
Copy link

stale bot commented May 2, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label May 2, 2024
@mrueg
Copy link
Contributor Author

mrueg commented May 2, 2024

not stale

@stale stale bot removed the stale label May 2, 2024
@ritazh
Copy link
Member

ritazh commented May 2, 2024

Can this be done by syncing a config map?

https://open-policy-agent.github.io/gatekeeper/website/docs/sync

One concern with this approach may be that clusters often have very large config maps (and quite a few of them), so it may be expensive. You could get around this by creating a custom resource intended to hold this external data.

@mrueg Have you tried this suggestion of syncing config map resources or a custom resource?

@stale Stale
Copy link

stale bot commented Jul 2, 2024

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 14 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Jul 2, 2024
@stale stale bot closed this as completed Jul 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mrueg @ritazh @skaven81 @maxsmythe