Gatekeeper policy compatibility
mafrosis opened this issue · comments
Hi there, nice project!
I'm interested to know if anyone has thought about compatibility between the checks in kube-score
and policy we might deploy into Gatekeeper?
I would much prefer the same exact same policy to by applied in both my pipeline during development, and in the cluster at deploy time. If we could somehow derive/export Rego code from kube-score then I think this could work.
Thanks!
@mafrosis , to be honest, I haven't thought much about it, but your question piqued my interest, but first I need to educate myself about Gatekeeper and OPA's Rego language.
@mafrosis, having read through the Gatekeeper/OPA documentation -- I'm wondering a bit more about your use case. If one applied gating criteria to the desired policies via a pipeline during development ... why would one need the same policies enforced at runtime? One could simply block a created artifact from being deployable.