CODEWITHSUNDEEP
kubernetesgoogle-kubernetes-engineopen-policy-agent
Beembo
Beembo

Reputation: 317

How to use OPA Gatekeeper to change GKE deployments?

I am trying to use OPA Gatekeeper to modify certain Kubernetes deployments. In this example I want to change the display name of service accounts, regardless of what the user provided. So far I was following the documentation here: https://open-policy-agent.github.io/gatekeeper/website/docs/mutation/

I have created the following yaml file:

apiVersion: mutations.gatekeeper.sh/v1alpha1
kind: Assign
metadata:
  name: change-sa-name
spec:
  applyTo:
  - groups: [""]
    kinds: ["IAMServiceAccount"]
    versions: ["v1beta1"]
  location: "spec.displayName"
  parameters:
    assign:
      value: "New Name"

and used the following to deploy a service account:

apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
  labels:
    label-one: "value-one"
  name: iamserviceaccount-sample
spec:
  displayName: Example Service Account

However, upon deploying it the display name still shows up as Example Service Account and not New Name. What exactly am I doing wrong or what should I be looking at?

Upvotes: 0

Views: 193

Answers (1)

Hemanth Kumar
Hemanth Kumar

Reputation: 3774

As per the official docs you need to give the display name as you are wishing to give at row displayName. Find below yaml and try it, if you get errors paste it here.

apiVersion: iam.cnrm.cloud.google.com/v1beta1
kind: IAMServiceAccount
metadata:
  labels:
    label-one: "value-one"
  name: iamserviceaccount-sample
spec:
  displayName: <Give the display name that you are looking for>

Upvotes: 1

Related Questions