OPA Gatekeeper Policies
Kubernetes has around 30+ native admission controllers. Since OPA uses Rego as the policy language, writing policies are easier. In this course we'll learn how to set OPA Gatekeeper as the admission controller and implement different policies. Things we'll look at:
- Set OPA Gatekeeper as admission controller.
- Implement policies.
We have learned how to enforce policies in a Kubernetes cluster by using OPA Gatekeeper as the admission controller. More example use-cases are given in the next scenarios.
For more info on this scenario - Prohibit Host Path
For some cool cloud and container security articles - CloudSecOps
The first thing we have to do is to set OPA Gatekeeper as the admission controller. This can be easily done by using the pre-built image.
kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/release-3.2/deploy/gatekeeper.yaml
One way check to if the gatekeeper has been implemented by seeing if the "gatekeeper-system" namespace has been created and is active.
kubectl get namespaces