Skip to content
/ opa-gatekeeper-examples Public

Policy examples for admission control using OPA and Gatekeeper

3 stars 4 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

bikram20/opa-gatekeeper-examples

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
constraints
constraints
 
 
templates
templates
 
 
testyaml
testyaml
 
 
README.md
README.md
 
 

Repository files navigation

Sample policies for OPA using Gatekeeper

https://medium.com/@bikramgupta/using-opa-and-gatekeeper-for-admission-control-policies-709c749c76ff

Every pod/namespace must have a set of labels

Make it mandatory for every pod/namespace to be deployed with a set of labels.

Control a specific pod/namespace label

Enable a set of users to assign a specific label to the pods/namespaces in the cluster. Prevent others from using that label.

How to use

$ git clone

$ kubectl apply -f templates/ constrainttemplate.templates.gatekeeper.sh/mandatorylabels configured constrainttemplate.templates.gatekeeper.sh/privilegedlabels configured $ kubectl get constrainttemplate NAME AGE mandatorylabels 38m privilegedlabels 19m $

Then apply one constraint (in the constraints folder) at a time and test the admission control enforcement.

TBD

  • Calico Policy attributes enforcement
  • Calico Policy order constraints for different users

References

About

Policy examples for admission control using OPA and Gatekeeper

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

4 forks
Report repository

Releases

No releases published

Packages

No packages published