Skip to content

OPA Gatekeeper

Gatekeeper is an admission controller that validates requests to create and update Pods on Kubernetes clusters, using the Open Policy Agent (OPA). Using Gatekeeper allows administrators to define policies with a constraint, which is a set of conditions that permit or deny deployment behaviors in Kubernetes.

For complete project documentation, please visit the Gatekeeper. For reference templates refer Templates

Usage

Gatekeeper can be deployed by enabling the add-on via the following.

enable_gatekeeper = true

You can also customize the Helm chart that deploys gatekeeper via the following configuration:

  enable_gatekeeper = true

  gatekeeper = {
    name          = "gatekeeper"
    chart_version = "3.12.0"
    repository    = "https://open-policy-agent.github.io/gatekeeper/charts"
    namespace     = "gatekeeper-system"
    values        = [templatefile("${path.module}/values.yaml", {})]
  }