SUSE Support

Here When You Need Us

Admission Control - User Criterion - Add a long user list

This document (000021230) is provided subject to the disclaimer at the end of this document.

Environment

NeuVector v5.2.0+

Situation

Admission Control is a feature that can control Image / Container deployments to your cluster. NeuVector supports many different criteria for creating an Admission Control Rule. 

In this document, we want to highlight the "User" criteria, which allows or disallows users to deploy new applications to the Kubernetes cluster. The user field has limited simultaneous users to be configured in a single rule. This field limit is set in bytes, and the maximum size is 524,288 bytes. This means that the limit will depend on the length of the user string and the number of users. Starting on version 5.2, a new feature has been implemented, permitting users to add a long list of users to a single rule.

Resolution

1. Create the Regex

This feature will use a regex to add a user range. Several websites can help you in creating the regex for a user range. Let`s suppose we want to create an Admission Control Rule with a range of 65,000 users.  The first user will be 25000, and the last user will be 90000.

Accessing a Regex Range website, we can add the minimum and maximum values to generate the regex.
In this case, the regex will be: 
(2500[0-9]|250[1-9][0-9]|25[1-9][0-9]{2}|2[6-9][0-9]{3}|[3-5][0-9]{4}|6[0-4][0-9]{3}|65000)

 

2. Create the Admission Control Rule using the regex expression.

Access the NeuVector WebUI, and in the left menu, expand Policy and select the Admission Control option.
To create the rule, click the Add button, choose User under the Criterion dropdown menu, choose the desired operator, and paste the regex. Click the + button to add the criteria and select Add to finish the rule creation.

For more information about Admission Control Rules, please access the link below.
https://open-docs.neuvector.com/policy/admission
 

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:000021230
  • Creation Date: 09-Oct-2023
  • Modified Date:22-Dec-2023
    • SUSE NeuVector

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

tick icon

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community
tick icon

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ
tick icon

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center