This repository contains a solution using Open Policy Agent (OPA) Gatekeeper to enforce policies in a Kubernetes cluster, specifically restricting the use of the latest image tag in both Pods and Deployments.
Follow these steps to create a Kubernetes cluster, install OPA Gatekeeper, and apply the policy:
kind create cluster --name opa-clusterhelm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
helm repo update
helm install gatekeeper/gatekeeper --name-template=gatekeeper --namespace gatekeeper-system --create-namespacekubectl apply -f constraint_template.yamlkubectl apply -f constraint.yamlkubectl apply -f nginx.yamlYou should get this error: Error from server (Forbidden): error when creating "nginx.yaml": admission webhook "validation.gatekeeper.sh" denied the request: [no-latest-image-tag] container nginx is using the latest tag