apiVersion: operators.coreos.com/v1alpha1
kind: ClusterServiceVersion
metadata:
annotations:
alm-examples: |-
[
{
"apiVersion": "operator.gatekeeper.sh/v1alpha1",
"kind": "Gatekeeper",
"metadata": {
"name": "gatekeeper"
},
"spec": {
"audit": {
"logLevel": "INFO",
"replicas": 1
},
"image": {
"image": "docker.io/openpolicyagent/gatekeeper:v3.2.2"
},
"validatingWebhook": "Enabled",
"webhook": {
"logLevel": "INFO",
"replicas": 2
}
}
}
]
capabilities: Basic Install
olm.operatorGroup: gatekeeper-operator
olm.operatorNamespace: openshift-gatekeeper-operator
olm.targetNamespaces: ''
operators.operatorframework.io/builder: operator-sdk-v1.2.0
operators.operatorframework.io/project_layout: go.kubebuilder.io/v2
selfLink: >-
/apis/operators.coreos.com/v1alpha1/namespaces/openshift-gatekeeper-operator/clusterserviceversions/gatekeeper-operator.v0.0.1
resourceVersion: '126038'
name: gatekeeper-operator.v0.0.1
uid: 74ae41cc-dc64-480f-b2a4-20fb89efd2fe
creationTimestamp: '2021-01-06T00:40:14Z'
generation: 1
namespace: openshift-gatekeeper-operator
labels:
olm.api.f3883f973f52868e: provided
spec:
customresourcedefinitions:
owned:
- description: Gatekeeper is the Schema for the gatekeepers API
displayName: Gatekeeper
kind: Gatekeeper
name: gatekeepers.operator.gatekeeper.sh
version: v1alpha1
apiservicedefinitions: {}
keywords:
- Gatekeeper
displayName: Gatekeeper Operator
provider:
name: Red Hat
maturity: alpha
installModes:
- supported: false
type: OwnNamespace
- supported: false
type: SingleNamespace
- supported: false
type: MultiNamespace
- supported: true
type: AllNamespaces
version: 0.0.1
icon:
- base64data: ''
mediatype: ''
links:
- name: Gatekeeper Operator
url: 'https://github.com/gatekeeper/gatekeeper-operator'
install:
spec:
clusterPermissions:
- rules:
- apiGroups:
- '*'
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- admissionregistration.k8s.io
resources:
- validatingwebhookconfigurations
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- config.gatekeeper.sh
resources:
- configs
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- config.gatekeeper.sh
resources:
- configs/status
verbs:
- get
- patch
- update
- apiGroups:
- constraints.gatekeeper.sh
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- operator.gatekeeper.sh
resources:
- gatekeepers
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- operator.gatekeeper.sh
resources:
- gatekeepers/finalizers
verbs:
- delete
- get
- patch
- update
- apiGroups:
- operator.gatekeeper.sh
resources:
- gatekeepers/status
verbs:
- get
- patch
- update
- apiGroups:
- policy
resources:
- podsecuritypolicies
verbs:
- create
- delete
- update
- use
- apiGroups:
- rbac.authorization.k8s.io
resources:
- clusterrolebindings
- clusterroles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- status.gatekeeper.sh
resources:
- '*'
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- templates.gatekeeper.sh
resources:
- constrainttemplates
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- templates.gatekeeper.sh
resources:
- constrainttemplates/finalizers
verbs:
- delete
- get
- patch
- update
- apiGroups:
- templates.gatekeeper.sh
resources:
- constrainttemplates/status
verbs:
- get
- patch
- update
- apiGroups:
- ''
resources:
- namespaces
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- security.openshift.io
resourceNames:
- anyuid
resources:
- securitycontextconstraints
verbs:
- use
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- authorization.k8s.io
resources:
- subjectaccessreviews
verbs:
- create
serviceAccountName: default
deployments:
- name: gatekeeper-operator-controller-manager
spec:
replicas: 1
selector:
matchLabels:
control-plane: controller-manager
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
control-plane: controller-manager
spec:
containers:
- args:
- '--secure-listen-address=0.0.0.0:8443'
- '--upstream=http://127.0.0.1:8080/'
- '--logtostderr=true'
- '--v=10'
image: 'gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0'
name: kube-rbac-proxy
ports:
- containerPort: 8443
name: https
resources: {}
- args:
- '--metrics-addr=127.0.0.1:8080'
- '--enable-leader-election'
command:
- /manager
image: 'quay.io/gatekeeper/gatekeeper-operator:latest'
imagePullPolicy: Always
name: manager
resources:
limits:
cpu: 100m
memory: 30Mi
requests:
cpu: 100m
memory: 20Mi
terminationGracePeriodSeconds: 10
permissions:
- rules:
- apiGroups:
- ''
resources:
- configmaps
verbs:
- get
- list
- watch
- create
- update
- patch
- delete
- apiGroups:
- ''
resources:
- configmaps/status
verbs:
- get
- update
- patch
- apiGroups:
- ''
resources:
- events
verbs:
- create
- patch
- apiGroups:
- apps
resources:
- deployments
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- ''
resources:
- secrets
- serviceaccounts
- services
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- rolebindings
- roles
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
serviceAccountName: default
strategy: deployment
maintainers:
- email: [email protected]
name: Ivan Font
description: Operator for OPA Gatekeeper
status:
conditions:
- lastTransitionTime: '2021-01-06T00:40:14Z'
lastUpdateTime: '2021-01-06T00:40:14Z'
message: requirements not yet checked
phase: Pending
reason: RequirementsUnknown
- lastTransitionTime: '2021-01-06T00:40:14Z'
lastUpdateTime: '2021-01-06T00:40:14Z'
message: one or more requirements couldn't be found
phase: Pending
reason: RequirementsNotMet
lastTransitionTime: '2021-01-06T00:40:14Z'
lastUpdateTime: '2021-01-06T00:40:14Z'
message: one or more requirements couldn't be found
phase: Pending
reason: RequirementsNotMet
requirementStatus:
- group: apiextensions.k8s.io
kind: CustomResourceDefinition
message: CRD is not present
name: gatekeepers.operator.gatekeeper.sh
status: NotPresent
version: v1beta1
- dependents:
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
namespaced
rule:{"verbs":["get","list","watch","create","update","patch","delete"],"apiGroups":[""],"resources":["configmaps"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
namespaced
rule:{"verbs":["get","update","patch"],"apiGroups":[""],"resources":["configmaps/status"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
namespaced
rule:{"verbs":["create","patch"],"apiGroups":[""],"resources":["events"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
namespaced
rule:{"verbs":["create","delete","get","list","patch","update","watch"],"apiGroups":["apps"],"resources":["deployments"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
namespaced
rule:{"verbs":["create","delete","get","list","patch","update","watch"],"apiGroups":[""],"resources":["secrets","serviceaccounts","services"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
namespaced
rule:{"verbs":["create","delete","get","list","patch","update","watch"],"apiGroups":["rbac.authorization.k8s.io"],"resources":["rolebindings","roles"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["get","list","watch"],"apiGroups":["*"],"resources":["*"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["create","delete","get","list","patch","update","watch"],"apiGroups":["admissionregistration.k8s.io"],"resources":["validatingwebhookconfigurations"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["create","delete","get","list","patch","update","watch"],"apiGroups":["apiextensions.k8s.io"],"resources":["customresourcedefinitions"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["create","delete","get","list","patch","update","watch"],"apiGroups":["config.gatekeeper.sh"],"resources":["configs"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["get","patch","update"],"apiGroups":["config.gatekeeper.sh"],"resources":["configs/status"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["create","delete","get","list","patch","update","watch"],"apiGroups":["constraints.gatekeeper.sh"],"resources":["*"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["create","delete","get","list","patch","update","watch"],"apiGroups":["operator.gatekeeper.sh"],"resources":["gatekeepers"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["delete","get","patch","update"],"apiGroups":["operator.gatekeeper.sh"],"resources":["gatekeepers/finalizers"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["get","patch","update"],"apiGroups":["operator.gatekeeper.sh"],"resources":["gatekeepers/status"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["create","delete","update","use"],"apiGroups":["policy"],"resources":["podsecuritypolicies"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["create","delete","get","list","patch","update","watch"],"apiGroups":["rbac.authorization.k8s.io"],"resources":["clusterrolebindings","clusterroles"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["create","delete","get","list","patch","update","watch"],"apiGroups":["status.gatekeeper.sh"],"resources":["*"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["create","delete","get","list","patch","update","watch"],"apiGroups":["templates.gatekeeper.sh"],"resources":["constrainttemplates"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["delete","get","patch","update"],"apiGroups":["templates.gatekeeper.sh"],"resources":["constrainttemplates/finalizers"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["get","patch","update"],"apiGroups":["templates.gatekeeper.sh"],"resources":["constrainttemplates/status"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["create","delete","get","list","patch","update","watch"],"apiGroups":[""],"resources":["namespaces"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["use"],"apiGroups":["security.openshift.io"],"resources":["securitycontextconstraints"],"resourceNames":["anyuid"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["create"],"apiGroups":["authentication.k8s.io"],"resources":["tokenreviews"]}
status: NotSatisfied
version: v1beta1
- group: rbac.authorization.k8s.io
kind: PolicyRule
message: >-
cluster
rule:{"verbs":["create"],"apiGroups":["authorization.k8s.io"],"resources":["subjectaccessreviews"]}
status: NotSatisfied
version: v1beta1
group: ''
kind: ServiceAccount
message: Policy rule not satisfied for service account
name: default
status: PresentNotSatisfied
version: v1