OPA-Gatekeeperπ
DEPRECATED: Kyverno is the preferred method to enforce policies within Big Bang as of version >=2.0.0π
Overviewπ
Gatekeeper is an auditing tool that allows administrators to see what resources are currently violating any given policy.
Big Bang Touch Pointsπ
Storageπ
Data from gatekeeper is not stored is provided via metrics.
Databaseπ
Gatekeeper doesnβt have a database.
Istio Configurationπ
When deploying to k3d, istio-system should be added from excludedNamespaces under the allowedDockerRegistries violations. This can be done by modifying chart/values.yaml file or passing an override file with the values set as seen below. This is for development purposes only: production should not allow containers in the istio-system namespace to be pulled from outside of Registry1.
gatekeeper:
values:
violations:
allowedDockerRegistries:
match:
excludedNamespaces:
- istio-system # allows creation for loadbalancer pods for various ports and various vendor loadbalancers
High Availabilityπ
High availability is accomplished by ensuring the replicas in the values file of this helm chart are > 1. By default, this chart is configured for high availability with replicas: 3.
gatekeeper:
values:
replicas: 3
Single Sign on (SSO)π
None. This service doesnβt have a web interface.
Licensingπ
Dependenciesπ
None.