History

胡天垚 34158042ad 新增learn-kubernetes（https://github.com/yyong-brs/learn-kubernetes）相关文件		2024-02-20 17:15:27 +08:00
..
solution	新增learn-kubernetes（https://github.com/yyong-brs/learn-kubernetes）相关文件	2024-02-20 17:15:27 +08:00
gatekeeper.yaml	新增learn-kubernetes（https://github.com/yyong-brs/learn-kubernetes）相关文件	2024-02-20 17:15:27 +08:00
README.md	新增learn-kubernetes（https://github.com/yyong-brs/learn-kubernetes）相关文件	2024-02-20 17:15:27 +08:00
restrictedPaths-template.yaml	新增learn-kubernetes（https://github.com/yyong-brs/learn-kubernetes）相关文件	2024-02-20 17:15:27 +08:00
sleep.yaml	新增learn-kubernetes（https://github.com/yyong-brs/learn-kubernetes）相关文件	2024-02-20 17:15:27 +08:00

Ch16 lab

Setup

Deploy OPA Gatekeeper:

kubectl apply -f lab/gatekeeper.yaml

And the constraint template:

kubectl apply -f lab/restrictedPaths-template.yaml

The constraint template uses a paths parameter to list restricted paths.

My constraint specifies paths and a label selector.

Deploy the constraint:

kubectl apply -f lab/solution/restrictedPaths-constraint.yaml

Try to deploy an app which uses restricted paths:

kubectl apply -f lab/sleep.yaml

kubectl get all -l app=sleep

kubectl describe rs -l app=sleep

You should see the ReplicaSet has zero Pods, and the detail shows the error message from the constraint

You can fix it with an updated sleep spec:

kubectl apply -f lab/solution/sleep.yaml

kubectl get all -l app=sleep

kubectl describe rs -l app=sleep

Delete all the resources:

kubectl delete -f lab/solution/sleep.yaml

kubectl delete RestrictedPaths,ConstraintTemplates --all

kubectl delete -f lab/gatekeeper.yaml