OPA Gatekeeper: Enforce Kubernetes Policies as Code
OPA Gatekeeper is a Kubernetes admission controller using OPA to enforce policies on resources. Use it to mandate labels or block insecure images. The footgun is thinking it's just OPA; Gatekeeper adds K8s-native CRDs, auditing, and mutation capabilities.
OPA Gatekeeper is a Kubernetes validating webhook that uses Open Policy Agent (OPA) to enforce custom policies as code, acting as a bouncer for your cluster. It's used to ensure compliance by requiring specific labels or preventing `:latest` tags. The main footgun is confusing it with raw OPA; Gatekeeper provides the crucial Kubernetes-native integration, using CRDs for policies (`ConstraintTemplates` and `Constraints`), auditing existing resources, and even mutating objects to enforce standards.
Read the original → open-policy-agent.github.io
- #kubernetes
- #policy-as-code
- #opa
- #security
Get five bites like this every day.
Tezvyn delivers a daily feed of 60-second tech bites with quizzes to lock in what you learn.