Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/weaveworks/policy-agent

Weaveworks Policy Agent
https://github.com/weaveworks/policy-agent

Last synced: 3 months ago
JSON representation

Weaveworks Policy Agent

Host: GitHub
URL: https://github.com/weaveworks/policy-agent
Owner: weaveworks
License: mpl-2.0
Created: 2022-01-13T09:04:18.000Z (almost 3 years ago)
Default Branch: dev
Last Pushed: 2024-04-19T14:15:50.000Z (7 months ago)
Last Synced: 2024-06-22T08:31:04.342Z (5 months ago)
Language: Go
Homepage:
Size: 2.54 MB
Stars: 31
Watchers: 8
Forks: 13
Open Issues: 13
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md

Awesome Lists containing this project

awesome-repositories - weaveworks/policy-agent - Weaveworks Policy Agent (Go)

README

[![codecov](https://codecov.io/gh/weaveworks/policy-agent/branch/dev/graph/badge.svg?token=5HALYBWEIQ)](https://codecov.io/gh/weaveworks/policy-agent) ![build](https://github.com/weaveworks/policy-agent/actions/workflows/build.yml/badge.svg?branch=dev) [![Contributors](https://img.shields.io/github/contributors/weaveworks/policy-agent)](https://github.com/weaveworks/policy-agent/graphs/contributors)
[![Release](https://img.shields.io/github/v/release/weaveworks/policy-agent?include_prereleases)](https://github.com/weaveworks/policy-agent/releases/latest)

# Weave Policy Agent

Weave Policy Agent is a policy-as-code engine built on Open Policy Agent (OPA) that ensures security, compliance, and best practices for Kubernetes applications. Designed for GitOps workflows, especially Flux, it enables fine-grained policies for Flux applications and tenants, ensuring isolation and compliance across Kubernetes deployments.

## Features

#### Prevent violating K8s resources via admission controller
Weave Policy Agent uses the Kubernetes admission controller to monitor any Kubernetes Resource changes and prevent the ones violating the policies from getting deployed.

#### Prevent violating terraform plans via `tf-controller`
If you are using flux's terraform controller ([tf-controller](https://github.com/weaveworks/tf-controller)) to apply and sync your terraform plans, you can use Weave Policy Agent to prevent violating plans from being applied to your cluster.

#### Audit runtime compliance
The agent scans Kubernetes resources on the cluster and reports runtime violations at a configurable frequency.

#### Advanced features for flux
While the agent works natively with Kubernetes resources, Weave Policy Agent has specific features allowing fine-grained policy configurations to flux applications and tenants, as well as alerting integration with flux's `notification-controller`

#### Observability via WeaveGitOps UI
Policies and violations can be displayed on WeaveGitOps Dashboards allowing better observability of the cluster's compliance.

#### Example Policies
Example policies that target K8s and Flux best practices are available [here](policies). Users can as well write their policies in Rego using the agent policy CRD.

## Getting started

To get started, check out this [guide](docs/getting-started.md) on how to install the policy agent to your Kubernetes cluster and explore violations.

## Documentation

Policy agent guides for running the agent in Weave GitOps Enterprise, and leveraging all its capabilities, are available at [docs.gitops.weave.works](https://docs.gitops.weave.works/docs/policy/intro/).

Refer to this [doc](docs/README.md) for documentation on the high-level architecture and the different components that make up the agent.

## Contribution

Need help or want to contribute? Please see the links below.

- Have feature proposals or want to contribute?
- Please create a [Github issue](https://github.com/weaveworks/weave-policy-agent/issues).
- Learn more about contributing [here](./CONTRIBUTING.md).