Add GATEKEEPER.md for a guide on enforcing use of Kata Containers #432
+244
−0
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
- What I did
This commit adds GATEKEEPER.md to the docs directory and example yaml
manifests to config/sample/gatekeeper. The document
provides a step-by-step guide on using OpenShift Gatekeeper to enforce
policies that require privileged pods to use Kata Containers.
- Description of the problem which is fixed/What is the use case
Reasons to include this in the repository:
Kata Containers enhance isolation for sensitive workloads. This guide
helps users implement and enforce their use through Gatekeeper policies.
By including this, we aim to:
Structure
This document enhances the repository by providing practical guidance on
using Kata Containers with Gatekeeper.
- How to verify it
Read it and try it out.
Signed-off-by: Jens Freimann [email protected]