Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Constraint Template naming requirement #92

Open
t12g opened this issue Jun 7, 2019 · 3 comments
Open

Constraint Template naming requirement #92

t12g opened this issue Jun 7, 2019 · 3 comments

Comments

@t12g
Copy link
Contributor

t12g commented Jun 7, 2019

When trying to feed the template yaml files to a Kubernetes cluster with Gatekeeper installed, it got denied by the Gatekeeper admission controller.

Sample error message:

Error from server (Template's name gcp-always-violates-v1 is not equal to the CRD's plural name: gcpalwaysviolatesconstraintsv1): error when creating "config-validator/dev/policy-library/policies/templates/gcp_always_violates_v1.yaml": admission webhook "validation.gatekeeper.sh" denied the request: Template's name gcp-always-violates-v1 is not equal to the CRD's plural name: gcpalwaysviolatesconstraintsv1

Looks like Gatekeeper is requiring that the constraint template's name (under metadata) needs to be the same as the CRD's plural name. This convention is not enforced in policy library today.
@t12g
Copy link
Contributor Author

t12g commented Jun 7, 2019

@maxsmythe Is this naming convention expected to stay going forward?

@maxsmythe
Copy link

I think it's nice to enforce some consistency. Ideally I'd like to automate the naming

@yunus
Copy link
Member

yunus commented Nov 18, 2019

I have a pull request at least to create starting point.
#193

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@yunus @maxsmythe @t12g