This repository is a collection of open policy agent(OPA) policies. The policies are packed into helm charts and support the opa gatekeeper.
-
OPA gatekeeper is installed.
helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts helm repo update helm install gatekeeper/gatekeeper --generate-name
-
Add helm chart repository
helm repo add opa-policies https://datadrivers.github.io/opa-policies helm repo update
-
Install template via opa-policy chart
helm install probes-policy opa-policies/opa-constraint-template-probes
-
Use opa constrainttemplate in dryrun mode
kubectl apply -f - <<EOF apiVersion: constraints.gatekeeper.sh/v1beta1 kind: ProbesPolicy metadata: name: probes-required spec: enforcementAction: dryrun match: kinds: - apiGroups: ["apps"] kinds: ["Deployment", "StatefulSet", "DaemonSet"] - apiGroups: ["batch"] kinds: ["Job", "CronJob"] - apiGroups: [""] kinds: ["Pod"] excludedNamespaces: - kube-system parameters: excludedDeployments: [] excludedDaemonSets: [] excludedStatefulSets: [] excludedCronJobs: [] excludedJobs: [] excludedPods: [] EOF
opa test charts/*/opa -v