{"id":19200886,"url":"https://github.com/fredrkl/gatekeeperdemo","last_synced_at":"2026-02-13T03:20:45.418Z","repository":{"id":96186006,"uuid":"343140263","full_name":"fredrkl/GatekeeperDemo","owner":"fredrkl","description":"Cloud Native Show demo of Gatekeeper and Open Policy Agent","archived":false,"fork":false,"pushed_at":"2021-03-03T06:27:01.000Z","size":155,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-02-15T06:54:54.529Z","etag":null,"topics":["aks","cncf","gatekeeper"],"latest_commit_sha":null,"homepage":"","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fredrkl.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-28T15:34:05.000Z","updated_at":"2022-10-24T16:20:11.000Z","dependencies_parsed_at":"2023-03-23T18:20:25.549Z","dependency_job_id":null,"html_url":"https://github.com/fredrkl/GatekeeperDemo","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fredrkl%2FGatekeeperDemo","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fredrkl%2FGatekeeperDemo/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fredrkl%2FGatekeeperDemo/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fredrkl%2FGatekeeperDemo/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fredrkl","download_url":"https://codeload.github.com/fredrkl/GatekeeperDemo/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240273298,"owners_count":19775230,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aks","cncf","gatekeeper"],"created_at":"2024-11-09T12:35:05.597Z","updated_at":"2026-02-13T03:20:45.390Z","avatar_url":"https://github.com/fredrkl.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# Introduction \nThis demo demonstrate how you can use the K8s admission controller to enforce policies with code.\n\nWhen you make a request to the K8s API server it goes through a series of steps. Some steps can be augmented. The steps are:\n![Pipeline](/Images/API-Server-pipeline.png). What Open Policy Agent (OPA) is doing is to register itself as a part of the validating admission webhook. When you send a request to the API server it will eventually get to the validating admission webhook and sendt to the endpoints that are registered as a query, the OPA will answer yes/no based on its rules and data.\n![OPA](/Images/OpenPolicyAgent.png)\n\n\nTo easily use OPA with its constraints and templates in K8s we can use the Gatekeeper project. It creates Custom Resource Definitions (CRDs) so you can create the constraints and templates just as you would create a regular K8s Deployment.\n\n# Install Gatekeeper\nTo install Gatekeeper you simply run the \n\n```\n\u003e kubectl apply -f ./10-Gatekeeper/installGatekeeper.yaml\n```\nWe also want a UI to be able to see the OPA policies and violations.\n\n```\n\u003e kubectl apply -f ./10-Gatekeeper/ui\n```\n\nIn this demo we will access the Gatekeeper ui tool with:\n````\n\u003e kubectl port-forward deployment/gatekeeper-policy-manager 8080:8080\n````\n\nAnd then you can see the UI if you go to: http://127.0.0.1:8080/\n\n# Demo\nIf you look in the policies folder you will find the templates for our 2 policies. The actual policies are using them with application spesific values, e.g, priorityClass.yaml which define the valid priority classes.\n\nRun the following commands to get the policies up and running:\n````\n\u003e kubectl apply -f 10-Gatekeeper/templates\n\u003e kubectl apply -f 10-Gatekeeper/policies\n````\n\nYou will hopefully see the templates and policies in the UI that we set up earlier.\n\nIf you now try to run\n````\n\u003e kubectl apply -f 10-Gatekeeper/demoapp\n````\nyou will get messages from the OPA letting you know how you are violating the policies and how you can correct it.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffredrkl%2Fgatekeeperdemo","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffredrkl%2Fgatekeeperdemo","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffredrkl%2Fgatekeeperdemo/lists"}