Add assign-oauth-image gatekeeper policy

This allows the rhods oauth container to pull oauth image from internal registry rather than externally. Relevant issue: nerc-project/operations#506 Signed-off-by: Isaiah Stapleton <[email protected]>
OCP-on-NERC · Jun 11, 2024 · ed2c660 · ed2c660
1 parent 0efab41
commit ed2c660
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/policy/overlays/nerc-ocp-prod/internal-oauth.yaml b/policy/overlays/nerc-ocp-prod/internal-oauth.yaml
@@ -0,0 +1,22 @@
+apiVersion: mutations.gatekeeper.sh/v1alpha1
+kind: AssignImage
+metadata:
+  name: assign-oauth-image
+spec:
+  applyTo:
+  - groups: [""]
+    kinds: ["Pod"]
+    versions: ["v1"]
+  location: "spec.containers[name:oauth-proxy].image"
+  parameters:
+    assignDomain: "image-registry.openshift-image-registry.svc:5000"
+    assignPath: "redhat-ods-applications/oauth-proxy"
+    assignTag: ":latest"
+  match:
+    source: "All"
+    scope: Namespaced
+    kinds:
+    - apiGroups: ["*"]
+      kinds: ["Pod"]
+    namespaces: ["rhods-notebooks"]
+    name: jupyter-nb*