kubectl get constrainttemplates -l="configmanagement.gke.io/configmanagement=config-management"Get the status of a particular constraint, including logged violations:
kubectl get k8sallowedrepos.constraints.gatekeeper.sh repo-is-gcrGet the policy controller logs:
kubectl logs -n gatekeeper-system -l gatekeeper.sh/system=yes
With docker changing its license and the general problem of running a super privileged daemon, I've been looking for alternatives. Here's what I've found to work.
Gcrane for interacting with registries:
go install github.com/google/go-containerregistry/cmd/gcrane@latest
export PATH="${HOME}/go/bin:$PATH"
gcrane pull ubuntu ubuntu.tar
gcrane push ubuntu.tar gcr.io/my-project/ubuntu
gcrane cp ubuntu gcr.io/my-project/ubuntu
Podman for building and pushing
sudo apt-get install podmanIf you get this warning:
Reading allowed ID mappings: reading subuid mappings for user "${USER}" and subgid mappings for group "${USER}": no subuid ranges found for user "${USER}" in /etc/subuidYou need to add some UIDs:
sudo usermod --add-subuids ${start_uid:=100000}-$(( ${start_uid:=100000} + "65535" )) $(whoami)
sudo usermod --add-subgids ${start_gid:=100000}-$(( ${start_gid:=100000} + "65535" )) $(whoami)
Then you can use it:
podman build -t ${IMG}:${TAG} .
# Auth to an artifact registry repo
gcloud auth print-access-token | podman login -u oauth2accesstoken --password-stdin ${REGION}-docker.pkg.dev
podman push ${REGION}-docker.pkg.dev/${PROJECT}/${REPO}/${IMG}:${TAG}
# Run a container
podman run --rm -it alpine:latest /bin/sh