Skip to content

OPA-GatekeeperπŸ“œ

OverviewπŸ“œ

Gatekeeper is an auditing tool that allows administrators to see what resources are currently violating any given policy.

Big Bang Touch PointsπŸ“œ

StorageπŸ“œ

Data from gatekeeper is not stored is provided via metrics.

DatabaseπŸ“œ

Gatekeeper doesn’t have a database.

Istio ConfigurationπŸ“œ

When deploying to k3d, istio-system should be added from excludedNamespaces under the allowedDockerRegistries violations. This can be done by modifying chart/values.yaml file or passing an override file with the values set as seen below. This is for development purposes only: production should not allow containers in the istio-system namespace to be pulled from outside of Registry1. 

gatekeeper:
  values:
    violations:
      allowedDockerRegistries:
        match:
          excludedNamespaces: 
            - istio-system # allows creation for loadbalancer pods for various ports and various vendor loadbalancers

High AvailabilityπŸ“œ

High availability is accomplished by ensuring the replicas in the values file of this helm chart are > 1. By default, this chart is configured for high availability with replicas: 3.

gatekeeper:
  values:
    replicas: 3

Single Sign on (SSO)πŸ“œ

None. This service doesn’t have a web interface.

LicensingπŸ“œ

Apache License

DependenciesπŸ“œ

None.

Last update: 2022-09-15 by brandt keller