How to use OPA Gatekeeper to change GKE deployments?
Question
I am trying to use OPA Gatekeeper to modify certain Kubernetes deployments. In this example I want to change the display name of service accounts, regardless of what the user provided. So far I was following the documentation here: https://open-policy-agent.github.io/gatekeeper/website/docs/mutation/
I have created the following yaml file:
apiVersion: mutations.gatekeeper.sh/v1alpha1
kind: Assign
metadata:
name: change-sa-name
spec:
applyTo:
- groups: [""]
kinds: ["IAMServiceAccount"]
versions: ["v1beta1"]
location: "spec.displayName"
parameters:
assign:
value: "New Name"
and used the following to deploy a service account:
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
labels:
label-one: "value-one"
name: iamserviceaccount-sample
spec:
displayName: Example Service Account
However, upon deploying it the display name still shows up as Example Service Account and not New Name. What exactly am I doing wrong or what should I be looking at?
1 answers
solution1
0 2022-09-23 12:20:07
As per the official docs you need to give the display name as you are wishing to give at row displayName. Find below yaml and try it, if you get errors paste it here.
apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
labels:
label-one: "value-one"
name: iamserviceaccount-sample
spec:
displayName: <Give the display name that you are looking for>
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.