Compared to using OPA with its sidecar kube-mgmt (aka Gatekeeper v1.0), Gatekeeper introduces the following functionality:
- An extensible, parameterized policy library
- Native Kubernetes CRDs for instantiating the policy library (aka "constraints")
- Native Kubernetes CRDs for extending the policy library (aka "constraint templates")
- Audit functionality
Check out the installation instructions to deploy Gatekeeper components to your Kubernetes cluster.
Please see the docs for more in-depth information.
See the Gatekeeper policy library for a collection of constraint templates and sample constraints that you can use with Gatekeeper.
Join us to help define the direction and implementation of this project!
-
Join the
#kubernetes-policychannel on OPA Slack. -
Join weekly meetings to discuss development, issues, use cases, etc.
-
Use GitHub Issues to file bugs, request features, or ask questions asynchronously.
This project is governed by the CNCF Code of conduct.
Please report vulnerabilities by email to open-policy-agent-security. We will send a confirmation message to acknowledge that we have received the report and then we will send additional messages to follow up once the issue has been investigated.
For details on the security release process please refer to the open-policy-agent/opa/SECURITY.md file.