/fury-kubernetes-opa

Fury Kubernetes OPA. Policy enforcement for your Kubernetes Cluster

Primary LanguageShellBSD 3-Clause "New" or "Revised" LicenseBSD-3-Clause

Fury Kubernetes OPA

Fury Kubernetes OPA provides a policy engine based on OPA Gatekeeper to enable custom policy enforcement in a Kubernetes Cluster.

OPA Packages

The following packages are included in the Fury Kubernetes OPA module:

  • Gatekeeper: Ready to use gatekeeper deployment plus a set of rules. Version: v3.5.1
    • Gatekeeper Core: Gatekeeper deployment, ready to apply rules. Version: v3.5.1
    • Gatekeeper Rules: Gatekeeper rules:
      • deny of docker images with the latest tag
      • deny of pods that have no limit declared (both CPU and memory)
      • deny of pods that allow privilege escalation explicitly
      • deny of pods that run as root
      • deny of pods that don't declare livenessProbe and readinessProbe
      • deny of duplicated ingresses
      • Unique service selector
    • Gatekeeper Policy Manager: Gatekeeper Policy Manager, a simple to use web-ui for Gatekeeper. Version: v0.4.2

You can click on each package to see its documentation.

Requirements

All packages in this repository have the following dependencies, for package specific dependencies please visit the single package's documentation:

You can comment out the service monitor in the kustomization.yaml file if you don't want to install the monitoring module.

Compatibility

Module Version / Kubernetes Version 1.14.X 1.15.X 1.16.X 1.17.X 1.18.X 1.19.X 1.20.X 1.21.X
v1.0.0
v1.0.1
v1.0.2
v1.1.0
v1.2.0 ⚠️
v1.2.1 ⚠️
v1.3.0 ⚠️
v1.3.1 ⚠️
v1.4.0 ⚠️

Warning

  • ⚠️ : module version: v1.3.0 along with Kubernetes Version: 1.20.x. It works as expected. Marked as a warning because it is not officially supported by SIGHUP.
  • ⚠️ : module version: v1.4.0 along with Kubernetes Version: 1.21.x. It works as expected. Marked as a warning because it is not officially supported by SIGHUP.

License

For license details please see LICENSE