Difference between revisions of "Gatekeeper (Kubernetes)"
Jump to navigation
Jump to search
(16 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
<code>[[Gatekeeper]]</code> [[policy library]] for Kubernetes | <code>[[Gatekeeper]]</code> [[policy library]] for Kubernetes | ||
* https://github.com/open-policy-agent/gatekeeper | * https://github.com/open-policy-agent/gatekeeper | ||
+ | * [[helm install gatekeeper]] | ||
== Errors == | == Errors == | ||
− | + | * <code>[[Internal error occurred: failed calling webhook]]</code> | |
+ | * <code>[[no endpoints available for service]]</code> | ||
− | + | [[Error: waiting for EKS Add-On]] (yourcluster:[[coredns]]) create: unexpected state 'CREATE_FAILED', wanted target 'ACTIVE'. last error: : | |
− | Error: waiting for EKS Add-On (yourcluster:coredns) create: unexpected state 'CREATE_FAILED', wanted target 'ACTIVE'. last error: : | + | AdmissionRequestDenied: Internal error occurred: failed calling webhook "[[check-ignore-label.gatekeeper.sh]]": failed to call webhook: |
− | AdmissionRequestDenied: Internal error occurred: failed calling webhook "check-ignore-label.gatekeeper.sh": failed to call webhook: | ||
Post | Post | ||
− | "https://gatekeeper-webhook-service.gatekeeper-system.svc:443/v1/admitlabel?timeout=3s": no endpoints available for service | + | "https://gatekeeper-webhook-service.gatekeeper-system.svc:443/v1/admitlabel?timeout=3s": [[no endpoints available for service]] |
− | "gatekeeper- | + | "[[gatekeeper-webhook-service]]" |
− | |||
│ | │ | ||
│ with module.downstream-clusters-EKS.module.eks.aws_eks_addon.this["coredns"], | │ with module.downstream-clusters-EKS.module.eks.aws_eks_addon.this["coredns"], | ||
− | │ on .terraform/modules/ | + | │ on .terraform/modules/EKS.eks/main.tf line 390, in resource "[[aws_eks_addon]]" "this": |
│ 390: resource "aws_eks_addon" "this" { | │ 390: resource "aws_eks_addon" "this" { | ||
Line 21: | Line 21: | ||
* [[Open Policy Agent (OPA)]] | * [[Open Policy Agent (OPA)]] | ||
* Helm: <code>[[ResourceQuota]], [[MutatingWebhookConfiguration]], [[ValidatingWebhookConfiguration]]</code> | * Helm: <code>[[ResourceQuota]], [[MutatingWebhookConfiguration]], [[ValidatingWebhookConfiguration]]</code> | ||
+ | * [[Constraints]] | ||
+ | * <code>[[gatekeeper-webhook-service]]</code> | ||
+ | * [[Gatekeeper]] | ||
+ | * [[Kubernetes Admission Controllers]] | ||
== See also == | == See also == | ||
+ | * {{gatekeeper.sh}} | ||
+ | * {{Gatekeeper}} | ||
* {{Kubernetes policies}} | * {{Kubernetes policies}} | ||
+ | * {{OPA}} | ||
+ | * {{K8s security}} | ||
[[Category:Kubernetes]] | [[Category:Kubernetes]] |
Latest revision as of 09:31, 5 March 2024
Gatekeeper
policy library for Kubernetes
Errors[edit]
Error: waiting for EKS Add-On (yourcluster:coredns) create: unexpected state 'CREATE_FAILED', wanted target 'ACTIVE'. last error: : AdmissionRequestDenied: Internal error occurred: failed calling webhook "check-ignore-label.gatekeeper.sh": failed to call webhook: Post "https://gatekeeper-webhook-service.gatekeeper-system.svc:443/v1/admitlabel?timeout=3s": no endpoints available for service "gatekeeper-webhook-service" │ │ with module.downstream-clusters-EKS.module.eks.aws_eks_addon.this["coredns"], │ on .terraform/modules/EKS.eks/main.tf line 390, in resource "aws_eks_addon" "this": │ 390: resource "aws_eks_addon" "this" {
Related[edit]
- CustomResourceDefinition (CRD)
- Open Policy Agent (OPA)
- Helm:
ResourceQuota, MutatingWebhookConfiguration, ValidatingWebhookConfiguration
- Constraints
gatekeeper-webhook-service
- Gatekeeper
- Kubernetes Admission Controllers
See also[edit]
gatekeeper.sh, config.gatekeeper.sh, mutation.gatekeeper.sh, validate.gatekeeper.sh, gatekeeper-webhook-service
- Gatekeeper, installation, XProtect, OPA,
gatekeeper.sh, config.gatekeeper.sh, gatekeeper-webhook-service
- Kubernetes policies, policy libraries, OPA, Gatekeeper (Kubernetes)
- Open Policy Agent (OPA), Gatekeeper
- Kubernetes security, OPA, EKS security, PSA, PSS, CKS,
SecurityContext
, Trivy, KubeBench, Kubernetes Admission Controllersadmissionregistration.k8s.io
, Hardeneks, Gatekeeper (Kubernetes),kubernetes.io/enforce-mountable-secrets
, Auditing
Advertising: