OPA-Gatekeeperπ£
Overviewπ£
Gatekeeper is an auditing tool that allows administrators to see what resources are currently violating any given policy.
Big Bang Touch Pointsπ£
Storageπ£
Data from gatekeeper is not stored is provided via metrics.
Databaseπ£
Gatekeeper doesnβt have a database.
Istio Configurationπ£
When deploying to k3d, istio-system should be added from excludedNamespaces under the allowedDockerRegistries violations. This can be done by modifying chart/values.yaml file or passing an override file with the values set as seen below. This is for development purposes only: production should not allow containers in the istio-system namespace to be pulled from outside of Registry1.
gatekeeper:
values:
violations:
allowedDockerRegistries:
match:
excludedNamespaces:
- istio-system # allows creation for loadbalancer pods for various ports and various vendor loadbalancers
High Availabilityπ£
High availability is accomplished by ensuring the replicas in the values file of this helm chart are > 1. By default, this chart is configured for high availability with replicas: 3.
gatekeeper:
values:
replicas: 3
Single Sign on (SSO)π£
None. This service doesnβt have a web interface.
Licensingπ£
Dependenciesπ£
None.