Is OPA Gatekeeper the best solution for writing policies for k8s clusters?

1. checkov

   1 61 7,542 9.9 Python

   Prevent cloud misconfigurations and find vulnerabilities during build-time in infrastructure as code, container images and open source packages with Checkov by Bridgecrew.

   

   We’ve been using https://www.checkov.io/ for terraform and will be using this for yaml and helm. Lots of policies out of the box.

2. InfluxDB

   www.influxdata.com featured

   InfluxDB – Built for High-Performance Time Series Workloads. InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now.

   

3. trivy

   2 95 26,368 9.8 Go

   Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more

   

4. Kyverno

   3 42 6,326 9.9 Go

   Cloud Native Policy Management

   

5. datree

   4 34 6,402 5.2 Go

   Discontinued Prevent Kubernetes misconfigurations from reaching production (again 😤 )! From code to cloud, Datree provides an E2E policy enforcement solution to run automatic checks for rule violations. See our docs: https://hub.datree.io

   

6. polaris

   5 11 3,246 7.2 Go

   Validation of best practices in your Kubernetes clusters (by FairwindsOps)

   

7. gatekeeper

   6 27 3,873 9.5 Go

   🐊 Gatekeeper - Policy Controller for Kubernetes

   

8. Kubewarden

   7 4 146 9.6 Rust

   Kubewarden is a policy engine for Kubernetes. It helps with keeping your Kubernetes clusters secure and compliant. Kubewarden policies can be written using regular programming languages or Domain Specific Languages (DSL) sugh as Rego. Policies are compiled into WebAssembly modules that are then distributed using traditional container registries.

   

   I'm one of the developers of kubewarden, a CNCF sandbox project that operates in the same space as OPA/Gatekeeper and Kyverno.

9. SaaSHub

   www.saashub.com featured

   SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives

   

10. kubeval

    8 7 3,193 0.0 Go

    Validate your Kubernetes configuration files, supports multiple Kubernetes versions

    

11. k-rail

    9 3 448 0.0 Go

    Discontinued Kubernetes security tool for policy enforcement

    

12. konstraint

    10 3 386 8.4 Go

    A policy management tool for interacting with Gatekeeper

    

13. bridgekeeper

    11 1 28 4.6 Rust

    Kubernetes policy enforcement using python

    

14. jspolicy

    12 10 392 1.2 Go

    jsPolicy - Easier & Faster Kubernetes Policies using JavaScript or TypeScript

    

15. neuvector-helm

    13 2 126 8.3 Go

    HELM chart to install NeuVector container cluster

    

    You can test and have this up-and-running in less than 30 minutes... 1. deploy NeuVector into your cluster and login (~10 minutes via helm?) 2. login & change admin password - (2 minutes?) 3. Policy > Admission Control 4. click Add - select "Image Registry", "is one of", add your registries, click add - (2 minutes?) 5. click Add - select "Resource Limit Configuration (RLC) - set appropriate values, click add - (4 minutes?) 6. Click Status to "Enabled" & confirm Mode is set to "Monitor" so you can collect violation data without pissing someone off. (the Protect mode will block scheduling of image by kubernetes) - 2 minutes

Suggest a related project