https://github.com/developer-guy/monitor-opa-gatekeeper

🖥️ 👓 Monitor your OPA Gatekeeper via Grafana Dashboard
https://github.com/developer-guy/monitor-opa-gatekeeper

dashboard gatekeeper grafana metrics opa

Last synced: about 1 month ago
JSON representation

🖥️ 👓 Monitor your OPA Gatekeeper via Grafana Dashboard

• Host: GitHub
• URL: https://github.com/developer-guy/monitor-opa-gatekeeper
• Owner: developer-guy
• License: apache-2.0
• Created: 2020-12-16T18:33:32.000Z (over 4 years ago)
• Default Branch: main
• Last Pushed: 2020-12-17T09:39:22.000Z (over 4 years ago)
• Last Synced: 2025-02-25T19:09:14.078Z (about 2 months ago)
• Topics: dashboard, gatekeeper, grafana, metrics, opa
• Homepage: https://sysdig.com/blog/monitor-gatekeeper-prometheus/
• Size: 121 KB
• Stars: 14
• Watchers: 2
• Forks: 2
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

• awesome-opa - Monitor OPA Gatekeeper - Monitoring implementation guide for OPA Gatekeeper ([blog](https://sysdig.com/blog/monitor-gatekeeper-prometheus/)) (Tools and Utilities / Testing Blogs and Articles)

README

        
# 🖥️ 👓 Monitor your OPA Gatekeeper via Grafana Dashboard

# Setup Cluster

You can start your local kubernetes cluster via KinD or minikube

```bash

$ minikube start

```

# Deploy Gatekeeper via Helm

You can deploy OPA Gatekeeper via plain YAML or Helm chart, in this guide we are going to use Helm to deploy OPA Gatekeeper

```bash

$ helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts

$ helm install gatekeeper gatekeeper/gatekeeper

```

# Install Prometheus Operator via Helm

```bash

$ kubectl create namespace monitoring

$ helm repo add prometheus-community https://prometheus-community.github.io/helm-charts

$ helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack --namespace monitoring

```

# Intall ServiceMonitor

You need to scrape gatekeeper metrics, in order to do that you need a resource which is kind ServiceMonitor and you need a new port which is "metrics" in this case to the gatekeeper service like the following:

```yaml

ports:

- name: https

  port: 443

  targetPort: 8443

- name: metrics                                                                

  port: 8888

```

After you edit the service , create the ServiceMonitor resource

```bash

$ kubectl apply -f monitoring/servicemonitor.yaml

```

# Apply Sample Policies

```bash

$ kubectl apply -f policies/privileged-containers-contraints-template.yaml

$ kubectl apply -f policies/privileged-containers-constraint.yaml

```

# Test

```bash

$ kubectl apply -f samples/

```

# Open Dashboard

```bash

$ kubectl port-forward -n monitoring svc/kube-prometheus-stack-grafana 3000:80

$ open localhost:3000 # username: admin password: prom-operator

```

After you opened the Grafana in the browser, you need to import the your json file, in order to do that copy your [dashoard.json](monitoring/dashboard.json) add paste to the import section of the grafana dashboard, then vola !

> Credit: https://promcat.io/apps/open-policy-agent 

![dashboard](dashboard.png)