open-policy-agent / Gatekeeper Library
Licence: apache-2.0
The OPA Gatekeeper policy library.
Stars: ✭ 132
Labels
Projects that are alternatives of or similar to Gatekeeper Library
Lifecycle
Reference implementation of the Cloud Native Buildpacks lifecycle
Stars: ✭ 109 (-17.42%)
Mutual labels: cncf
Falco Security Workshop
Container Security Workshop covering using Falco on Kubernetes.
Stars: ✭ 91 (-31.06%)
Mutual labels: cncf
Security Txt
A proposed standard that allows websites to define security policies.
Stars: ✭ 1,393 (+955.3%)
Mutual labels: policy
Fluentd
Fluentd: Unified Logging Layer (project under CNCF)
Stars: ✭ 10,807 (+8087.12%)
Mutual labels: cncf
Gatekeeper
Gatekeeper - Policy Controller for Kubernetes
Stars: ✭ 2,194 (+1562.12%)
Mutual labels: cncf
Cape Python
Collaborate on privacy-preserving policy for data science projects in Pandas and Apache Spark
Stars: ✭ 125 (-5.3%)
Mutual labels: policy
Tikv
Distributed transactional key-value database, originally created to complement TiDB
Stars: ✭ 10,403 (+7781.06%)
Mutual labels: cncf
Freeradius Server
FreeRADIUS - A multi-protocol policy server.
Stars: ✭ 1,379 (+944.7%)
Mutual labels: policy
Litmus
Litmus helps SREs and developers practice chaos engineering in a Cloud-native way. Chaos experiments are published at the ChaosHub (https://hub.litmuschaos.io). Community notes is at https://hackmd.io/a4Zu_sH4TZGeih-xCimi3Q
Stars: ✭ 2,377 (+1700.76%)
Mutual labels: cncf
Contribute
🙋🏿♀️🙋🏽♂️🙋🏻♀️Contribution guide to the CNCF ecosystem
Stars: ✭ 87 (-34.09%)
Mutual labels: cncf
User.api
集成网关、身份认证、Token授权、微服务、.netcore等的基于CQRS的微服务开发框架示例
Stars: ✭ 109 (-17.42%)
Mutual labels: policy
Balanced Employee Ip Agreement
GitHub's employee intellectual property agreement, open sourced and reusable
Stars: ✭ 1,750 (+1225.76%)
Mutual labels: policy
Backstage
Backstage is an open platform for building developer portals
Stars: ✭ 14,296 (+10730.3%)
Mutual labels: cncf
OPA Gatekeeper Library
A community-owned library of policies for the OPA Gatekeeper project.
Usage
Apply the template.yaml
and constraint.yaml
provided in each directory under library/
For example
cd library/general/httpsonly/
kubectl apply -f template.yaml
kubectl apply -f samples/ingress-https-only/constraint.yaml
kubectl apply -f library/general/httpsonly/sync.yaml # optional: when GK is running with OPA cache
How to contribute to the library
New policy
If you have a policy you would like to contribute, please submit a pull request. Each new policy should contain:
- A constraint template with a
description
annotation and the parameter structure, if any, defined inspec.crd.spec.validation.openAPIV3Schema
- One or more sample constraints, each with an example of an allowed (
example_allowed.yaml
) and disallowed (example_disallowed.yaml
) resource. - The rego source, as
src.rego
and unit tests assrc_test.rego
in the corresponding subdirectory undersrc/
Development
- policy code and tests are maintained in
src/
folder and then manually copied intolibrary/
- run all tests with
./test.sh
- run single test with
opa test src/<folder>/src.rego src/<folder>/src_test.rego --verbose
- print results with
trace(sprintf("%v", [thing]))
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].