Open Policy Agent and Kubernetes

Playing with Open Policy Agent Policies for Kubernetes.

Installation

Please refer to Running OPA.

Kubernetes

You can use Gatekeeper to run OPA within Kubernetes.

Gatekeeper uses the OPA Constraint Framework to describe and enforce policy.

Testing

$ opa test -v *.rego           
data.kubernetes.validating.image.test_deny: PASS (1.538124ms)
data.kubernetes.validating.labels.test_bad_pod: PASS (1.335433ms)
data.kubernetes.validating.labels.test_good_pod: PASS (1.108388ms)
data.kubernetes.validating.resources.test_requests: PASS (1.4341ms)
data.kubernetes.validating.resources.test_limits: PASS (1.173867ms)
--------------------------------------------------------------------------------
PASS: 5/5

Coverage

$ opa test --coverage -v *.rego | jq 'to_entries | .[] |select(.key|test("coverage"))' 
{
  "key": "coverage",
  "value": 100
}

Name		Name	Last commit message	Last commit date
Latest commit History 9 Commits
gatekeeper		gatekeeper
.yamllint		.yamllint
README.md		README.md
validating_image.rego		validating_image.rego
validating_image_test.rego		validating_image_test.rego
validating_labels.rego		validating_labels.rego
validating_labels_test.rego		validating_labels_test.rego
validating_resources.rego		validating_resources.rego
validating_resources_test.rego		validating_resources_test.rego

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Open Policy Agent and Kubernetes

Installation

Kubernetes

Testing

Coverage

About

Releases

Packages

Languages

r3kzi/opa-policies-for-kubernetes

Folders and files

Latest commit

History

Repository files navigation

Open Policy Agent and Kubernetes

Installation

Kubernetes

Testing

Coverage

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages