-
Notifications
You must be signed in to change notification settings - Fork 763
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Gatekeeper Does not trigger on run pod #3538
Comments
@lir1ka what you are seeing is expected behavior in kubernetes webhooks, and if Gatekeeper controller deployments are not accessible. Please see https://open-policy-agent.github.io/gatekeeper/website/docs/failing-closed for further information |
@sozercan, hello! I Understood, that it is expected behavior (in situation with inability to create namespace). But still i dont understand why i can create pod |
@lir1ka You need to set The situation you are facing is caused by, |
@JaydipGabani, Hello! Thank you for your answer. Overall, could you please describe, what |
@lir1ka This webhook validates namespaces to make sure "only allowed namespaces are using |
What steps did you take and what happened:
[A clear and concise description of what the bug is.]
I am testing gatekeeper in testing cluster. I block access to gatekeeper pods to check what will happen in this situation.
When i try to create namespace:
So, it is normal behavior
But when i use command
kubectl run pod
:Gatekeeper did not block this operation and i created pod without any problems. Why?
What did you expect to happen:
Gatekeeper block creation of resource.
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
kubectl version
): v1.29.1The text was updated successfully, but these errors were encountered: