gatekeeper-library
helm
Our great sponsors
gatekeeper-library | helm | |
---|---|---|
8 | 206 | |
603 | 26,013 | |
1.3% | 1.1% | |
8.8 | 9.0 | |
10 days ago | 5 days ago | |
Open Policy Agent | Go | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gatekeeper-library
-
Multi-tenancy in Kubernetes
Here is a library or rules for the Open Policy Agent.
- open-policy-agent/gatekeeper-library: The OPA Gatekeeper policy library.
-
Security scanning of k8s manifest files vs running cluster
https://github.com/open-policy-agent/gatekeeper-library is the library of OPA Gatekeeper policies.
- OPA Rego is ridiculously confusing - best way to learn it?
-
Container security best practices: Comprehensive guide
Many more examples are available in the OPA Gatekeeper library project!
-
Expose Open Policy Agent/Gatekeeper Constraint Violations for Kubernetes Applications with Prometheus and Grafana
by default and exposes metrics on path ```/metrics``` . It can run locally on your development box as long as you have a valid Kubernetes configuration in your home folder (i.e. if you can run kubectl and have the right permissions). When running on the cluster a ```incluster``` parameter is passed in so that it knows where to look up for the cluster credentials. Exporter program connects to Kubernetes API every 10 seconds to scrape data from Kubernetes API. We've used [this](https://medium.com/teamzerolabs/15-steps-to-write-an-application-prometheus-exporter-in-go-9746b4520e26) blog post as the base for the code. ## Demo Let's go ahead and prepare our components so that we have a Grafana dashboard to show us which constraints have been violated and how the number of violations evolve over time. ### 0) Required tools - [Git](https://git-scm.com/downloads): A git cli is required to checkout the repo and - [Kubectl](https://kubernetes.io/docs/tasks/tools/) and a working K8S cluster - [Ytt](https://carvel.dev/ytt/): This is a very powerful yaml templating tool, in our setup it's used for dynamically overlaying a key/value pair in all constraints. It's similar to Kustomize, it's more flexibel than Kustomize and heavily used in some [Tanzu](https://tanzu.vmware.com/tanzu) products. - [Kustomize](https://kustomize.io/): Gatekeeper-library relies on Kustomize, so we need it too. - [Helm](https://helm.sh/): We will install Prometheus and Grafana using helm - Optional: [Docker](https://www.docker.com/products/docker-desktop): Docker is only optional as we already publish the required image on dockerhub. ### 1) Git submodule update Run ```git submodule update --init``` to download gatekeeper-library dependency. This command will download the [gatekeeper-library](https://github.com/open-policy-agent/gatekeeper-library) dependency into folder ```gatekeeper-library/library``` . ### 2) Install OPA/Gatekeeper If your K8S cluster does not come with Gatekeeper preinstalled, you can use install it as explained [here](https://open-policy-agent.github.io/gatekeeper/website/docs/install/). If you are familiar with helm, the easiest way to install is as follows: ```bash helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts helm install gatekeeper/gatekeeper --generate-name
-
Who is doing image scanning on an admission controller? (Open source)
Gatekeeper library has example policies for restricting image repositories: https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/general
-
Mental models for understanding Kubernetes Pod Security Policy PSP
You should check out the Gatekeeper project. There's plenty of templates available for use without having to write a single line of rego for most use cases (e.g https://github.com/open-policy-agent/gatekeeper-library)
helm
-
Kubernetes CI/CD Pipelines
Applying Kubernetes manifests individually is problematic because files can get overlooked. Packaging your applications as Helm charts lets you version your manifests and easily repeat deployments into different environments. Helm tracks the state of each deployment as a "release" in your cluster.
-
deploying a minio service to kubernetes
helm
-
How to take down production with a single Helm command
Explanation here: https://github.com/helm/helm/issues/12681#issuecomment-19593...
Looks like it's a bug in Helm, but actually isn't Helm's fault, the issue was introduced by Fedora Linux.
-
Building a VoIP Network with Routr on DigitalOcean Kubernetes: Part I
Helm (Get from here https://helm.sh/)
-
The 2024 Web Hosting Report
It’s also well understood that having a k8s cluster is not enough to make developers able to host their services - you need a devops team to work with them, using tools like delivery pipelines, Helm, kustomize, infra as code, service mesh, ingress, secrets management, key management - the list goes on! Developer Portals like Backstage, Port and Cortex have started to emerge to help manage some of this complexity.
-
Deploying a Web Service on a Cloud VPS Using Kubernetes MicroK8s: A Comprehensive Guide
Kubernetes orchestrates deployments and manages resources through yaml configuration files. While Kubernetes supports a wide array of resources and configurations, our aim in this tutorial is to maintain simplicity. For the sake of clarity and ease of understanding, we will use yaml configurations with hardcoded values. This method simplifies the learning process but isn’t ideal for production environments due to the need for manual updates with each new deployment. Although there are methods to streamline and automate this process, such as using Helm charts or bash scripts, we’ll not delve into those techniques to keep the tutorial manageable and avoid fatigue — you might be quite tired by that point!
-
Deploy Kubernetes in Minutes: Effortless Infrastructure Creation and Application Deployment with Cluster.dev and Helm Charts
Helm is a package manager that automates Kubernetes applications' creation, packaging, configuration, and deployment by combining your configuration files into a single reusable package. This eliminates the requirement to create the mentioned Kubernetes resources by ourselves since they have been implemented within the Helm chart. All we need to do is configure it as needed to match our requirements. From the public Helm chart repository, we can get the charts for common software packages like Consul, Jenkins SonarQube, etc. We can also create our own Helm charts for our custom applications so that we don’t need to repeat ourselves and simplify deployments.
-
Kubernets Helm Chart
We can search for charts https://helm.sh/ . Charts can be pulled(downloaded) and optionally unpacked(untar).
-
Introduction to Helm: Comparison to its less-scary cousin APT
Generally I felt as if I was diving in the deepest of waters without the correct equipement and that was horrifying. Unfortunately to me, I had to dive even deeper before getting equiped with tools like ArgoCD, and k8slens. I had to start working with... HELM.
-
🎀 Five tools to make your K8s experience more enjoyable 🎀
Within the architecture of Cyclops, a central component is the Helm engine. Helm is very popular within the Kubernetes community; chances are you have already run into it. The popularity of Helm plays to Cyclops's strength because of its straightforward integration.
What are some alternatives?
OPA (Open Policy Agent) - Open Policy Agent (OPA) is an open source, general-purpose policy engine.
crossplane - The Cloud Native Control Plane
helm-charts - Prometheus community Helm charts
kubespray - Deploy a Production Ready Kubernetes Cluster
opa-scorecard
Packer - Packer is a tool for creating identical machine images for multiple platforms from a single source configuration.
conftest - Write tests against structured configuration data using the Open Policy Agent Rego query language
krew - 📦 Find and install kubectl plugins
tfsec - Security scanner for your Terraform code
skaffold - Easy and Repeatable Kubernetes Development
opa-image-scanner - Kubernetes Admission Controller for Image Scanning using OPA
dapr-demo - Distributed application runtime demo with ASP.NET Core, Apache Kafka and Redis on Kubernetes cluster.