gatekeeper: No violations found with gatekeeper 3.8.0 although there are violations and they were found with 3.7.2.
What steps did you take and what happened: With gatekeeper 3.7.2 there are Total Violations: 4 found in my ns-must-have-label constraint. It’s similair to the all_ns_must_have_gatekeeper.yaml example under the demo examples… After update to 3.8.0 there are: Total Violations: 0.
I played a litte bit around. Fresh install with 3.8.0 without config (no excluded Namespaces) shows Total Violations: 8 After deploying the following config there are Total Violations: 0 again.
apiVersion: config.gatekeeper.sh/v1alpha1 kind: Config metadata: name: config namespace: '{{ .Release.Namespace }}' spec: match: - excludedNamespaces: ["kube-*", "gatekeeper-system"] processes: ["*"]
What did you expect to happen: Same amount of violations in 3.7.2 and 3.8.0
Anything else you would like to add: Same behavior with 3.9.0-beta.0.
Environment:
- Gatekeeper version: 3.7.2 and upgrade to 3.8.0
- Kubernetes version: v1.21.5
About this issue
- Original URL
- State: closed
- Created 2 years ago
- Reactions: 1
- Comments: 15 (9 by maintainers)
Commits related to this issue
- Fix no violations issue and dump error This fixes the issues uncovered in #2026 Signed-off-by: Max Smythe <smythe@google.com> — committed to maxsmythe/gatekeeper by maxsmythe 2 years ago
- Make sure that the Rego hook is well-behaved with no data cache Fixes https://github.com/open-policy-agent/gatekeeper/issues/2026 Signed-off-by: Max Smythe <smythe@google.com> — committed to maxsmythe/frameworks by maxsmythe 2 years ago
- Make sure that the Rego hook is well-behaved with no data cache Fixes https://github.com/open-policy-agent/gatekeeper/issues/2026 Signed-off-by: Max Smythe <smythe@google.com> — committed to maxsmythe/frameworks by maxsmythe 2 years ago
- Make sure that the Rego hook is well-behaved with no data cache Fixes https://github.com/open-policy-agent/gatekeeper/issues/2026 Signed-off-by: Max Smythe <smythe@google.com> — committed to maxsmythe/frameworks by maxsmythe 2 years ago
- Make sure that the Rego hook is well-behaved with no data cache Fixes https://github.com/open-policy-agent/gatekeeper/issues/2026 Signed-off-by: Max Smythe <smythe@google.com> — committed to maxsmythe/frameworks by maxsmythe 2 years ago
- Make sure that the Rego hook is well-behaved with no data cache (#222) Fixes https://github.com/open-policy-agent/gatekeeper/issues/2026 Signed-off-by: Max Smythe <smythe@google.com> — committed to open-policy-agent/frameworks by maxsmythe 2 years ago
- Make sure that the Rego hook is well-behaved with no data cache (#222) Fixes https://github.com/open-policy-agent/gatekeeper/issues/2026 Signed-off-by: Max Smythe <smythe@google.com> — committed to maxsmythe/frameworks by maxsmythe 2 years ago
- Make sure that the Rego hook is well-behaved with no data cache (#222) Fixes https://github.com/open-policy-agent/gatekeeper/issues/2026 Signed-off-by: Max Smythe <smythe@google.com> — committed to maxsmythe/frameworks by maxsmythe 2 years ago
- Cherry pick empty data cache fix into release 0.5 (#224) * Make sure that the Rego hook is well-behaved with no data cache (#222) Fixes https://github.com/open-policy-agent/gatekeeper/issues/2026 ... — committed to open-policy-agent/frameworks by maxsmythe 2 years ago
@sozercan @maxsmythe Thanks for the update! It is working as expected again. I appreciate the help on this!
Hello, v.3.8.1 works for me 😃. Thanks a lot for the fast fix.