ack-policy-external-provider component introduction and release notes

更新时间:
复制 MD 格式

ack-policy-external-provider is an ACK extension component that enables Gatekeeper policies to query other Kubernetes resources in the cluster when making admission decisions.

Component introduction

By default, Gatekeeper evaluates each resource in isolation — it can only see the resource currently under review. This makes it difficult to enforce policies that depend on the state of other resources, such as checking whether a referenced ConfigMap exists or validating quota usage across namespaces.

ack-policy-external-provider follows the Gatekeeper community's Provider specification to address this limitation. By implementing the Provider interface, the component lets Gatekeeper query other Kubernetes resources in the cluster during policy evaluation, enabling:

  • Cross-resource validation (for example, checking related resources referenced in the object under review)

  • Richer policy scenarios that go beyond single-resource rules

  • More precise security controls based on cluster-wide state

To install the component, see Manage components. For usage instructions, see Use ack-policy-external-provider to implement cross-resource validation.

Change history

December 2025

Version number

Registry Address

Change time

Change description

Impact

0.1.0

registry-cn-hangzhou.ack.aliyuncs.com/acs/ack-policy-external-provider:0.1.0

December 10, 2025

Extends Gatekeeper policy capabilities. Gatekeeper can now access and use the state of other cluster resources when making admission decisions.

An abnormal component upgrade may cause cluster resource changes to fail. Upgrade the component during off-peak hours.