Create Gatekeeper Policy to Verify All Helm Chart Resources are Produced from Helm Chart Collator #179

lb4368 · 2021-06-17T21:53:02Z

Problem description
With the delivery of the Gatekeeper manifest function (#167) and a manifest structure for constraint templates and constraints (#174), we would like to demonstrate a policy implementation and auditing within treasuremap. As an initial example, we would like a policy that validates that all helm chart resources used within a site deployment are produced from the helm-chart-collator managed within treasuremap.

Proposed change

Create a Gatekeeper constraint template that allows for restricting HelmRelease sources to specified sources.
Create a Gatekeeper constraint to restrict HelmRelease source to the helm-chart-collator/collator HelmRepository. GitRepository and Bucket sources should also be disallowed.
Deliver the constraint template and constraint during the workload phase or some new gating phase.
Provide capability to report violations during treasuremap gating. See Gatekeeper audit.

The text was updated successfully, but these errors were encountered:

lb4368 added enhancement New feature or request triage labels Jun 17, 2021

jezogwza added this to the Future milestone Jun 23, 2021

jezogwza added priority/medium Default priority for items and removed triage labels Jun 23, 2021

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Create Gatekeeper Policy to Verify All Helm Chart Resources are Produced from Helm Chart Collator #179

Create Gatekeeper Policy to Verify All Helm Chart Resources are Produced from Helm Chart Collator #179

lb4368 commented Jun 17, 2021

Create Gatekeeper Policy to Verify All Helm Chart Resources are Produced from Helm Chart Collator #179

Create Gatekeeper Policy to Verify All Helm Chart Resources are Produced from Helm Chart Collator #179

Comments

lb4368 commented Jun 17, 2021