ack-policy-external-provider is an ACK extension component that enables Gatekeeper policies to query other Kubernetes resources in the cluster when making admission decisions.
Component introduction
By default, Gatekeeper evaluates each resource in isolation — it can only see the resource currently under review. This makes it difficult to enforce policies that depend on the state of other resources, such as checking whether a referenced ConfigMap exists or validating quota usage across namespaces.
ack-policy-external-provider follows the Gatekeeper community's Provider specification to address this limitation. By implementing the Provider interface, the component lets Gatekeeper query other Kubernetes resources in the cluster during policy evaluation, enabling:
Cross-resource validation (for example, checking related resources referenced in the object under review)
Richer policy scenarios that go beyond single-resource rules
More precise security controls based on cluster-wide state
To install the component, see Manage components. For usage instructions, see Use ack-policy-external-provider to implement cross-resource validation.
Change history
December 2025
Version number | Registry Address | Change time | Change description | Impact |
0.1.0 |
| December 10, 2025 | Extends Gatekeeper policy capabilities. Gatekeeper can now access and use the state of other cluster resources when making admission decisions. | An abnormal component upgrade may cause cluster resource changes to fail. Upgrade the component during off-peak hours. |