circle-exclamation
This section is designed to be tested on a SAFE ENVIRONMENT such as minikube running locally
Install Gatekeeper
Copy kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/deploy/gatekeeper.yaml https://github.com/open-policy-agent/gatekeeper#installationarrow-up-right
Change log level
Edit the deployment.
Copy kubectl -n gatekeeper-system edit deployments gatekeeper-controller-manager Add --log-level=DEBUG parameter:
Copy ...
spec:
containers:
- args:
- --auditInterval=30
- --port=8443
- --logtostderr
- --log-level=DEBUG
... Find out what is your API user name
Method 01
Get the certificate from your kubeconfig file.
If the certificate is already embedded, base64 decode the certificate-authority-data field.
And decode the certificate using a tool such as https://www.sslshopper.com/certificate-decoder.htmlarrow-up-right
The "Common Name" is your user name.
If the certificate is not embedded, it means it is in an external file, just copy the client-certificate file content and decode the certificate and the the "Common Name".
Method 02
Create a Gatekeep ConstraintTemplate just to debug what is your user name.
Create a violation function and return the input.review.userInfo, for example:
Edit the config.
Edit the validation section.
Create a template.
Create a constraint.
Create a bad object.
Watch gatekeeper-controller-manager pod logs.
Watch template status section:
