konstraint
policy-as-code-war
konstraint | policy-as-code-war | |
---|---|---|
3 | 3 | |
373 | 61 | |
-0.8% | - | |
8.1 | 0.0 | |
7 days ago | over 2 years ago | |
Go | ||
MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
konstraint
- Is OPA Gatekeeper the best solution for writing policies for k8s clusters?
- OPA Rego is ridiculously confusing - best way to learn it?
-
How would you write policies in .rego file and use them in OPA-Gatekeeper?
The konstraint tool is quite popular for this use case: https://github.com/plexsystems/konstraint
policy-as-code-war
-
First look to OPA(Open Policy Agent) - Beginner Level
I prepared a repository that shows the comparison between Kyverno and Gatekeeper behind the concept called "Policy as Code War" --> https://github.com/developer-guy/policy-as-code-war :)
- Policy as Code War: OPA Gatekeeper vs. Kyverno
- Policy as Code WAR - OPA Gatekeeper vs Kyverno
What are some alternatives?
k-rail - Kubernetes security tool for policy enforcement
checkov - Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.
jspolicy - jsPolicy - Easier & Faster Kubernetes Policies using JavaScript or TypeScript
magtape - MagTape Policy-as-Code for Kubernetes
bridgekeeper - Kubernetes policy enforcement using python
OPAL - Policy and data administration, distribution, and real-time updates on top of Policy Agents (OPA, Cedar, ...)
docker-security-checker - Dockerfile Security Checker using OPA Rego policies with Conftest
awesome-opa - A curated list of OPA related tools, frameworks and articles
regal - Regal is a linter for Rego, with the goal of making your Rego magnificent!
Kyverno - Kubernetes Native Policy Management
library - The Open Policy Agent project standard library.
admission-webhook-datree - Datree offers cluster integration that allows you to validate your resources against your configured policy upon pushing them into a cluster, by using an admission webhook.