![]() ![]() Gatekeeper is a customizable admission webhook for Kubernetes that dynamically enforces policies executed by the OPA. We will focus on OPA’s Kubernetes admission controller use case with Gatekeeper. For information on OPA and its use cases, please refer to the official documentation. You can essentially use OPA to enforce policies on any tool that takes JSON/YAML as input, such as Kubernetes, Terraform, CI/CD pipelines. OPA was designed to let us write policies over arbitrary JSON/YAML. It will ensure that no Deployments, Jobs, Pods, etc are scheduled without being compliant with your Constraints and rules. OPA lets us enforce custom policies on Kubernetes objects without manually reconfiguring the Kubernetes API server. ![]() Open Policy Agent is an open-source, general-purpose policy engine that enforces validation of objects during creation, updating, and deletion operations. In this blog post, we will go through everything necessary to set up “OPA(Open Policy Agent)”/Gatekeeper as your Kubernetes admission webhook, which enables you to enforce policies on your Kubernetes cluster. Doing so stops you from worrying about quarterly security reviews and a ton of issues in your backlog. For example, you can prevent deploying non-vetted pods to the production environment or disable usage of default passwords for databases. Enforcing organizational policies on a Kubernetes cluster allows you to be in control of the resources being deployed.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |