docs: add config alpha state and exempt-namespace docs

open-policy-agent · Jul 19, 2023 · 5bdfa96 · 5bdfa96
1 parent 63fcbad
commit 5bdfa96
Showing 1 changed file with 6 additions and 0 deletions.
diff --git a/website/docs/exempt-namespaces.md b/website/docs/exempt-namespaces.md
@@ -3,6 +3,8 @@ id: exempt-namespaces
 title: Exempting Namespaces
 ---
 
+`Feature State`: The `Config` resource is currently alpha.
+
 ## Exempting Namespaces from Gatekeeper using config resource
 
 > The "Config" resource must be named `config` for it to be reconciled by Gatekeeper. Gatekeeper will ignore the resource if you do not name it `config`.
@@ -65,6 +67,10 @@ If it becomes necessary to exempt a namespace from Gatekeeper webhook entirely (
    3. Add the `admission.gatekeeper.sh/ignore` label to the namespace. The value attached
       to the label is ignored, so it can be used to annotate the reason for the exemption.
 
+Similarly, you can also exempt entire groups of namespaces using the `--exempt-namespace-prefix` and `--exempt-namespace-suffix` flags.
+
+As an example, if you wanted to exempt all namespaces ending with `system` such as `kube-system`, `gatekeeper-system`, etc. you could set the flag `--exempt-namespace-suffix=-system`
+
 ## Difference between exclusion using config resource and `--exempt-namespace` flag
 
 The difference is at what point in the admission process an exemption occurs.