konstraint
admission-webhook-datree
konstraint | admission-webhook-datree | |
---|---|---|
3 | 2 | |
373 | 24 | |
-0.8% | - | |
8.1 | 8.6 | |
7 days ago | 10 months ago | |
Go | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
konstraint
- Is OPA Gatekeeper the best solution for writing policies for k8s clusters?
- OPA Rego is ridiculously confusing - best way to learn it?
-
How would you write policies in .rego file and use them in OPA-Gatekeeper?
The konstraint tool is quite popular for this use case: https://github.com/plexsystems/konstraint
admission-webhook-datree
-
OPA Rego is ridiculously confusing - best way to learn it?
Hey, Itamar from Datree here! Just wanted to point out that now Datree is not just a CLI but also offers an admission webhook: https://github.com/datreeio/admission-webhook-datree
-
Admission Controllers in Action: Datree's Approach
In brief, Datree's integration enables you to check your resources against the defined policy a moment before you put them into a cluster... by leveraging an admission webhook! 😎
What are some alternatives?
k-rail - Kubernetes security tool for policy enforcement
jspolicy - jsPolicy - Easier & Faster Kubernetes Policies using JavaScript or TypeScript
Kubewarden - Kubewarden is a policy engine for Kubernetes. It helps with keeping your Kubernetes clusters secure and compliant. Kubewarden policies can be written using regular programming languages or Domain Specific Languages (DSL) sugh as Rego. Policies are compiled into WebAssembly modules that are then distributed using traditional container registries.
bridgekeeper - Kubernetes policy enforcement using python
cloudformation-guard - Guard offers a policy-as-code domain-specific language (DSL) to write rules and validate JSON- and YAML-formatted data such as CloudFormation Templates, K8s configurations, and Terraform JSON plans/configurations against those rules. Take this survey to provide feedback about cfn-guard: https://amazonmr.au1.qualtrics.com/jfe/form/SV_bpyzpfoYGGuuUl0
docker-security-checker - Dockerfile Security Checker using OPA Rego policies with Conftest
kubernetes - Production-Grade Container Scheduling and Management [Moved to: https://github.com/kubernetes/kubernetes]
policy-as-code-war - OPA Gatekeeper vs Kyverno
gatekeeper-library - 📚 The OPA Gatekeeper policy library
regal - Regal is a linter for Rego, with the goal of making your Rego magnificent!
kubernetes - Production-Grade Container Scheduling and Management