OPA Gatekeeper Issue #3928 Playground

What You Can Do

Deployment files for reference:

No defect observations for Gatkeeper 3.15:

Support running seprate operations for each webhook, one for validating and one for mutation.
Does not have an operation=generate for the audit webhook.
All mutation and valdation policies work as expected.

Open the playground in a separate browser tab
Start playground with kind.version set to 1.29.12 under the Playground Parameters section above.
Once the playground fully starts, you control the deployment of the Gatekeeper environement by using make targets under the home directory of the playground.

Ensure you are in the home directory of the playground and run the following make targets in this order:

Deploy Gatekeeper version 3.15.1.
```
make deploy-gk-3-15-1
```
Apply all Gatekeeper policies (mutation and validation).
```
make apply-policy
```
Apply all example resources.
```
make apply-example-resources
```
Review the running gatekeeper instances and their configured operations.
- The gatekeeper mutation webhook is configured with only mutation-webhook operation.
- The gatekeeper validating webhook is configured with only webhook operation.
- The gatekeeper audit webhook is configured with audit, status, mutation-status operations.

Deployment files for reference:

Defect observations for Gatekeeper 3.18

Cannot run seprate operations for each webhook, one for validating and one for mutation.
- As a potential workaround: Add the webhook operation to the mutation gatekeeper webhook in addition to the mutation-webhook operation.
The audit gatekeeper webhook MUST add the generate operation.
All mutation and valdation policies seem to work as expected.

Open the playground in a separate browser tab
Start the playground with kind.version set to 1.32.3 under the Playground Parameters section above.
Once the playground fully starts, you control the deployment of the Gatekeeper environement by using make targets under the home directory of the playground.

Ensure you are in the home directory of the playground and run the following make targets in this order:

Deploy Gatekeeper version 3.18.3:
```
make deploy-gk-3-18-3
```
- The gatekeeper-mutating-controller-manager will fail to start due to Gatekeeper issue #3928.
- A potential workaround is to add the operation=webhook to the gatekeeper-mutating-controller-manager deployment manifest.
- Update the deployment manifest by running the following command:
```
sed -i '/- --operation=mutation-webhook/ a\        - --operation=webhook' deployment/mutating-gatekeeper-3-18-3.yaml
```
- Re-run the make deploy-gk-3-18-3 target command
Apply all Gatekeeper policies (mutation and validation):
```
make apply-policy
```
Apply all example resources:
```
make apply-example-resources
```
Review the running gatekeeper instances and their configured operations.
- The gatekeeper mutation webhook is configured with the potential workaround of mutation-webhook and webhook operations.
- The gatekeeper validating webhook is configured with only webhook operation.
- The gatekeeper audit webhook is configured with audit, status, mutation-status, generate operations.