Difference between revisions of "Gatekeeper (Kubernetes)"
Jump to navigation
Jump to search
| (28 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | <code>Gatekeeper</code> [[policy library]] for Kubernetes | + | <code>[[Gatekeeper]]</code> [[policy library]] for Kubernetes |
* https://github.com/open-policy-agent/gatekeeper | * https://github.com/open-policy-agent/gatekeeper | ||
| + | * [[helm install gatekeeper]] | ||
| + | |||
| + | == Errors == | ||
| + | * <code>[[Internal error occurred: failed calling webhook]]</code> | ||
| + | * <code>[[no endpoints available for service]]</code> | ||
| + | |||
| + | [[Error: waiting for EKS Add-On]] (yourcluster:[[coredns]]) create: unexpected state 'CREATE_FAILED', wanted target 'ACTIVE'. last error: : | ||
| + | AdmissionRequestDenied: Internal error occurred: failed calling webhook "[[check-ignore-label.gatekeeper.sh]]": failed to call webhook: | ||
| + | Post | ||
| + | "https://gatekeeper-webhook-service.gatekeeper-system.svc:443/v1/admitlabel?timeout=3s": [[no endpoints available for service]] | ||
| + | "[[gatekeeper-webhook-service]]" | ||
| + | │ | ||
| + | │ with module.downstream-clusters-EKS.module.eks.aws_eks_addon.this["coredns"], | ||
| + | │ on .terraform/modules/EKS.eks/main.tf line 390, in resource "[[aws_eks_addon]]" "this": | ||
| + | │ 390: resource "aws_eks_addon" "this" { | ||
== Related == | == Related == | ||
* [[CustomResourceDefinition (CRD)]] | * [[CustomResourceDefinition (CRD)]] | ||
| + | * [[Open Policy Agent (OPA)]] | ||
| + | * Helm: <code>[[ResourceQuota]], [[MutatingWebhookConfiguration]], [[ValidatingWebhookConfiguration]]</code> | ||
| + | * [[Constraints]] | ||
| + | * <code>[[gatekeeper-webhook-service]]</code> | ||
| + | * [[Gatekeeper]] | ||
| + | * [[Kubernetes Admission Controllers]] | ||
== See also == | == See also == | ||
| − | * {{Kubernetes}} | + | * {{gatekeeper.sh}} |
| + | * {{Gatekeeper}} | ||
| + | * {{Kubernetes policies}} | ||
| + | * {{OPA}} | ||
| + | * {{K8s security}} | ||
[[Category:Kubernetes]] | [[Category:Kubernetes]] | ||
Latest revision as of 09:31, 5 March 2024
Gatekeeper policy library for Kubernetes
Errors[edit]
Error: waiting for EKS Add-On (yourcluster:coredns) create: unexpected state 'CREATE_FAILED', wanted target 'ACTIVE'. last error: : AdmissionRequestDenied: Internal error occurred: failed calling webhook "check-ignore-label.gatekeeper.sh": failed to call webhook: Post "https://gatekeeper-webhook-service.gatekeeper-system.svc:443/v1/admitlabel?timeout=3s": no endpoints available for service "gatekeeper-webhook-service" │ │ with module.downstream-clusters-EKS.module.eks.aws_eks_addon.this["coredns"], │ on .terraform/modules/EKS.eks/main.tf line 390, in resource "aws_eks_addon" "this": │ 390: resource "aws_eks_addon" "this" {
Related[edit]
- CustomResourceDefinition (CRD)
- Open Policy Agent (OPA)
- Helm:
ResourceQuota, MutatingWebhookConfiguration, ValidatingWebhookConfiguration - Constraints
gatekeeper-webhook-service- Gatekeeper
- Kubernetes Admission Controllers
See also[edit]
gatekeeper.sh, config.gatekeeper.sh, mutation.gatekeeper.sh, validate.gatekeeper.sh, gatekeeper-webhook-service- Gatekeeper, installation, XProtect, OPA,
gatekeeper.sh, config.gatekeeper.sh, gatekeeper-webhook-service - Kubernetes policies, policy libraries, OPA, Gatekeeper (Kubernetes)
- Open Policy Agent (OPA), Gatekeeper
- Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io, Hardeneks, Gatekeeper (Kubernetes)
Advertising:
