Thanks to visit codestin.com
Credit goes to github.com

Skip to content

im-devendrasahu/OPA

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
allow-capabilities
allow-capabilities
 
 
allow-httpsonly
allow-httpsonly
 
 
allow-pod-apparmor-profile
allow-pod-apparmor-profile
 
 
allow-privilege-escalation
allow-privilege-escalation
 
 
allowed-flexvolume-drivers
allowed-flexvolume-drivers
 
 
allowed-fsgroup
allowed-fsgroup
 
 
block-endpoint-edit-default-role
block-endpoint-edit-default-role
 
 
block-nodeport-services
block-nodeport-services
 
 
container-limits
container-limits
 
 
container-request-limit-ratio
container-request-limit-ratio
 
 
deny-privileged-containers
deny-privileged-containers
 
 
deny-privileged-pod
deny-privileged-pod
 
 
deny-root-user
deny-root-user
 
 
disallowed-tags
disallowed-tags
 
 
external-ip
external-ip
 
 
forbidden-sysctls
forbidden-sysctls
 
 
host-PID-IPC-namespaces
host-PID-IPC-namespaces
 
 
host-filesystem
host-filesystem
 
 
host-network-ports
host-network-ports
 
 
imagedigests
imagedigests
 
 
must-required-annotations
must-required-annotations
 
 
mutation
mutation
 
 
pod-read-only-root-filesystem
pod-read-only-root-filesystem
 
 
pod-requiredprobes
pod-requiredprobes
 
 
pod-selinux
pod-selinux
 
 
proc-mount
proc-mount
 
 
replicalimits
replicalimits
 
 
requiredlabels
requiredlabels
 
 
seccomp
seccomp
 
 
trusted-repos-pod
trusted-repos-pod
 
 
trusted-repos
trusted-repos
 
 
unique-service-selector
unique-service-selector
 
 
uniqueingresshost
uniqueingresshost
 
 
users
users
 
 
volumes-restriction
volumes-restriction
 
 
.gitlab-ci.yml
.gitlab-ci.yml
 
 
README.md
README.md
 
 
applyPolicy.ksh
applyPolicy.ksh
 
 
file.csv
file.csv
 
 
test_all.sh
test_all.sh
 
 

Repository files navigation

GateKeeper Policies

This project aims at enforcing best practices in kubernetes via gatekeeper profiles. Different of profiles ensure appropriate restrictions based on project maturity.

Policies

There are various aspects in kubernetes which should be taken care of, following are policies which have a higher priority and should be enforced on a cluster

Container Security

  • Trusted Repositories
  • Run as Non-Root
  • Diasllow Privilege Escalation
  • Container Limits and Requests must be defined

Configuration Override

  • Enforce ingress uniqueness
  • Enforce service selector uniqueness

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages