Difficulty: Intermediate
Estimated Time: 5 minutes

CloudSecOps

OPA Gatekeeper Policies

Kubernetes has around 30+ native admission controllers. Since OPA uses Rego as the policy language, writing policies are easier. In this course we'll learn how to set OPA Gatekeeper as the admission controller and implement different policies. Things we'll look at:

  • Set OPA Gatekeeper as admission controller.
  • Implement policies.

We have learned how to enforce policies in a Kubernetes cluster by using OPA Gatekeeper as the admission controller. More example use-cases are given in the next scenarios.

For more info on this scenario - Prohibit Host Path

For some cool cloud and container security articles - CloudSecOps

OPA Gatekeeper

Step 1 of 4

Step 1

The first thing we have to do is to set OPA Gatekeeper as the admission controller. This can be easily done by using the pre-built image.

kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/release-3.2/deploy/gatekeeper.yaml

One way check to if the gatekeeper has been implemented by seeing if the "gatekeeper-system" namespace has been created and is active.

kubectl get namespaces