Gatekeeper
How is Gatekeeper different from OPA?
Compared to using OPA with its sidecar kube-mgmt (aka Gatekeeper v1.0), Gatekeeper introduces the following functionality:
- An extensible, parameterized policy library
- Native Kubernetes CRDs for instantiating the policy library (aka "constraints")
- Native Kubernetes CRDs for extending the policy library (aka "constraint templates")
- Audit functionality
Getting started
Check out the installation instructions to deploy Gatekeeper components to your Kubernetes cluster.
Documentation
Please see the docs for more in-depth information.
Policy Library
See the Gatekeeper policy library for a collection of constraint templates and sample constraints that you can use with Gatekeeper.
Community
Join us to help define the direction and implementation of this project!
-
Join the
#kubernetes-policychannel on OPA Slack. -
Join weekly meetings to discuss development, issues, use cases, etc.
-
Use GitHub Issues to file bugs, request features, or ask questions asynchronously.
Code of conduct
This project is governed by the CNCF Code of conduct.
Security
Please report vulnerabilities by email to open-policy-agent-security. We will send a confirmation message to acknowledge that we have received the report and then we will send additional messages to follow up once the issue has been investigated.
For details on the security release process please refer to the open-policy-agent/opa/SECURITY.md file.