Difference between revisions of "Gatekeeper (Kubernetes)"
Jump to navigation
Jump to search
(26 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
<code>[[Gatekeeper]]</code> [[policy library]] for Kubernetes | <code>[[Gatekeeper]]</code> [[policy library]] for Kubernetes | ||
* https://github.com/open-policy-agent/gatekeeper | * https://github.com/open-policy-agent/gatekeeper | ||
+ | * [[helm install gatekeeper]] | ||
+ | |||
+ | == Errors == | ||
+ | * <code>[[Internal error occurred: failed calling webhook]]</code> | ||
+ | * <code>[[no endpoints available for service]]</code> | ||
+ | |||
+ | [[Error: waiting for EKS Add-On]] (yourcluster:[[coredns]]) create: unexpected state 'CREATE_FAILED', wanted target 'ACTIVE'. last error: : | ||
+ | AdmissionRequestDenied: Internal error occurred: failed calling webhook "[[check-ignore-label.gatekeeper.sh]]": failed to call webhook: | ||
+ | Post | ||
+ | "https://gatekeeper-webhook-service.gatekeeper-system.svc:443/v1/admitlabel?timeout=3s": [[no endpoints available for service]] | ||
+ | "[[gatekeeper-webhook-service]]" | ||
+ | │ | ||
+ | │ with module.downstream-clusters-EKS.module.eks.aws_eks_addon.this["coredns"], | ||
+ | │ on .terraform/modules/EKS.eks/main.tf line 390, in resource "[[aws_eks_addon]]" "this": | ||
+ | │ 390: resource "aws_eks_addon" "this" { | ||
== Related == | == Related == | ||
* [[CustomResourceDefinition (CRD)]] | * [[CustomResourceDefinition (CRD)]] | ||
− | * [[OPA]] | + | * [[Open Policy Agent (OPA)]] |
+ | * Helm: <code>[[ResourceQuota]], [[MutatingWebhookConfiguration]], [[ValidatingWebhookConfiguration]]</code> | ||
+ | * [[Constraints]] | ||
+ | * <code>[[gatekeeper-webhook-service]]</code> | ||
+ | * [[Gatekeeper]] | ||
+ | * [[Kubernetes Admission Controllers]] | ||
== See also == | == See also == | ||
− | * {{Kubernetes}} | + | * {{gatekeeper.sh}} |
+ | * {{Gatekeeper}} | ||
+ | * {{Kubernetes policies}} | ||
+ | * {{OPA}} | ||
+ | * {{K8s security}} | ||
[[Category:Kubernetes]] | [[Category:Kubernetes]] |
Latest revision as of 09:31, 5 March 2024
Gatekeeper
policy library for Kubernetes
Errors[edit]
Error: waiting for EKS Add-On (yourcluster:coredns) create: unexpected state 'CREATE_FAILED', wanted target 'ACTIVE'. last error: : AdmissionRequestDenied: Internal error occurred: failed calling webhook "check-ignore-label.gatekeeper.sh": failed to call webhook: Post "https://gatekeeper-webhook-service.gatekeeper-system.svc:443/v1/admitlabel?timeout=3s": no endpoints available for service "gatekeeper-webhook-service" │ │ with module.downstream-clusters-EKS.module.eks.aws_eks_addon.this["coredns"], │ on .terraform/modules/EKS.eks/main.tf line 390, in resource "aws_eks_addon" "this": │ 390: resource "aws_eks_addon" "this" {
Related[edit]
- CustomResourceDefinition (CRD)
- Open Policy Agent (OPA)
- Helm:
ResourceQuota, MutatingWebhookConfiguration, ValidatingWebhookConfiguration
- Constraints
gatekeeper-webhook-service
- Gatekeeper
- Kubernetes Admission Controllers
See also[edit]
gatekeeper.sh, config.gatekeeper.sh, mutation.gatekeeper.sh, validate.gatekeeper.sh, gatekeeper-webhook-service
- Gatekeeper, installation, XProtect, OPA,
gatekeeper.sh, config.gatekeeper.sh, gatekeeper-webhook-service
- Kubernetes policies, policy libraries, OPA, Gatekeeper (Kubernetes)
- Open Policy Agent (OPA), Gatekeeper
- Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext
, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io
, Hardeneks, Gatekeeper (Kubernetes),kubernetes.io/enforce-mountable-secrets
, Auditing
Advertising: