trevorbox/gatekeeper-pod-imagepullpolicy-always.yaml

## gatekeeper-pod-imagepullpolicy-always.yaml
---
apiVersion: operator.gatekeeper.sh/v1alpha1
kind: Gatekeeper
metadata:
  name: gatekeeper
spec:
  audit:
    logLevel: INFO
    replicas: 1
  image:
    image: >-
      registry.redhat.io/rhacm2/gatekeeper-rhel8@sha256:63bd1bbb6f825fc45f2c7dc71f5f2bf118621a6b5dad8de4ad4e50eb5c720118
  mutatingWebhook: Enabled
  validatingWebhook: Disabled
  webhook:
    emitAdmissionEvents: Enabled
    failurePolicy: Ignore
    logLevel: INFO
    namespaceSelector:
      matchExpressions:
        - key: foo
          operator: Exists
    replicas: 1
...
---
apiVersion: mutations.gatekeeper.sh/v1alpha1
kind: Assign
metadata:
  name: pod-imagepullpolicy-always
spec:
  location: 'spec.containers[name:*].imagePullPolicy'
  match:
    kinds:
      - apiGroups:
          - ''
        kinds:
          - Pod
    scope: Cluster
  parameters:
    assign:
      value: Always
...
	---
	apiVersion: operator.gatekeeper.sh/v1alpha1
	kind: Gatekeeper
	metadata:
	name: gatekeeper
	spec:
	audit:
	logLevel: INFO
	replicas: 1
	image:
	image: >-
	registry.redhat.io/rhacm2/gatekeeper-rhel8@sha256:63bd1bbb6f825fc45f2c7dc71f5f2bf118621a6b5dad8de4ad4e50eb5c720118
	mutatingWebhook: Enabled
	validatingWebhook: Disabled
	webhook:
	emitAdmissionEvents: Enabled
	failurePolicy: Ignore
	logLevel: INFO
	namespaceSelector:
	matchExpressions:
	- key: foo
	operator: Exists
	replicas: 1
	...
	---
	apiVersion: mutations.gatekeeper.sh/v1alpha1
	kind: Assign
	metadata:
	name: pod-imagepullpolicy-always
	spec:
	location: 'spec.containers[name:*].imagePullPolicy'
	match:
	kinds:
	- apiGroups:
	- ''
	kinds:
	- Pod
	scope: Cluster
	parameters:
	assign:
	value: Always
	...