gatekeeper
helm-charts
Our great sponsors
gatekeeper | helm-charts | |
---|---|---|
22 | 98 | |
3,465 | 4,637 | |
2.0% | 2.6% | |
9.3 | 9.7 | |
1 day ago | 5 days ago | |
Go | Mustache | |
Apache License 2.0 | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
gatekeeper
- Shrink to Secure: Kubernetes and Secure Compact Containers
-
Long, detailed post mortem on a reddit failed k8s upgrade
When the Gatekeeper validatingwebhook came up, I was really worried that'd be the issue! Regardless I'd recommend anyone who cares about their cluster not collapsing to change the gatekeeper webhook to only intercept resources you care about: https://github.com/open-policy-agent/gatekeeper/pull/1806
- Is OPA Gatekeeper the best solution for writing policies for k8s clusters?
-
Implement DevSecOps to Secure your CI/CD pipeline
Kyverno adds an extra layer of security where only the allowed type of manifest is deployed onto kubernetes, otherwise, it will reject or we can set validationFailureAction to audit which only logs the policy violation message for reporting. Kubewarden and Gatekeeper are alternative tools available to enforce policies on Kubernetes CRD.
-
Gatekeeper with Istio
Now, we have the hardest part resolved and let's turn our attention to the OPA Gatekeeper. Gatekeeper uses the OPA Constraint Framework to describe and enforce policy. Right now there are mainly 3 parts we should pay attention:
-
10 Essentials For Kubernetes Multi-Tenancy
They enable you to establish the policies and regulations that govern cluster deployments and applications. Using predefined policies, policy engines can dynamically modify or create configurations. Policy engines such as Gatekeeper and Kyverno can be leveraged to meet legal and compliance requirements while maintaining operational flexibility and development speed.
- Gatekeeper - Policy Controller for Kubernetes
-
Kubernetes for Startups: Practical Considerations for Your App
Setup policy around what resource requirements can be requested by an app per environment. OPA and gatekeeper or kyverno can help. Setup access control for who can create or modify apps.
-
Kubernetes policy management: I - Introduction
OPA Gatekeeper is an open source, general purpose policy engine. OPA decouples policy decisions from other responsibilities of an application, like those commonly referred to as business logic. OPA works equally well making decisions for Kubernetes, Microservices, functional application authorization and more, thanks to its single unified policy language.
- Gatekeeper
helm-charts
-
You get what you Measure: Understanding your applications health with Grafana, Loki and Prometheus
Prometheus can be deployed using the Prometheus Helm Chart. This helm chart contains a lot of features such as the already mentioned Push Gateway, Alert Manager and so on. For simplicity reasons of this tutorial I will not show all the Helm chart configuration but you can see a real example used by me here.
-
Multi-Cluster Prometheus: Scaling Metrics Across Kubernetes Clusters
Building upon BartÅomiej PÅotka's insightful blog on Prometheus and its passthrough agent mode, this post dives into implementing multi-cluster Prometheus support. Notably, the official inclusion of support in the widely-used kube-prometheus-stack came with the release in July 2023, making it easier to extend Prometheus monitoring across clusters.
-
Hands On: Pull metrics into Kubernetes from anywhere and treat them generically with the Keptn Metrics Server
The first thing you'll need, of course, is at least one backend to store metrics. So install Prometheus now:
-
Kubernetes Ingress Visibility
For the request following, something like jeager https://www.jaegertracing.io/, because you are talking more about tracing than necessarily logging. For just monitoring, https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack would be the starting point, then it depends. Nginx gives metrics out of the box, then you can pull in the dashboard like https://grafana.com/grafana/dashboards/14314-kubernetes-nginx-ingress-controller-nextgen-devops-nirvana/ , or full metal with something like service mesh monitoring which would provably fulfil most of the requirements
-
Smart-Cash project -Adding monitoring to EKS using Prometheus operator
kube-prometheus-stack is a Helm chart that contains several components to monitor the Kubernetes cluster, along with Grafana dashboards Grafana Dashboards to visualize the data. This option will be used in this article.
-
K8s Monitoring Per Namespace
This one I highly recommend: https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack
- Is Prometheus the right tool for my use case here?
-
Do we have any Prometheus metric to get the kubernetes cluster-level CPU/Memory requests/limits?
We use kube-prometheus-stack for metrics and have added the K8s views dashboards from grafana-dashboards-kubernetes. You should check out the k8s-views-global dashboard. I believe it's just what you are looking for.
-
Alertmanager SMTP configuration
You should take a look at "kube-prometheus-stack". It not only includes prometheus, node-exporter and Grafana but also a ton of preconfigured alerts and dashboards. Will save you a lot of work!
-
How do I find / edit Prometheus configuration after deploying it on Kubernetes ?
Since their are different ways to install what exactly did you install? Vanilla charts , stack, operator? https://github.com/prometheus-community/helm-charts/tree/main/charts
What are some alternatives?
Kyverno - Kubernetes Native Policy Management
tanka - Flexible, reusable and concise configuration for Kubernetes
falco - Cloud Native Runtime Security
kube-thanos - Kubernetes specific configuration for deploying Thanos.
cloud-custodian - Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources
kube-prometheus - Use Prometheus to monitor Kubernetes and applications running on Kubernetes
k-rail - Kubernetes security tool for policy enforcement
kustomize - Customization of kubernetes YAML configurations
connaisseur - An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
pihole-kubernetes - PiHole on kubernetes
opa-envoy-plugin - A plugin to enforce OPA policies with Envoy
pack - CLI for building apps using Cloud Native Buildpacks