Gatekeeper
Last updated
Was this helpful?
Last updated
Was this helpful?
Every organization has policies. Some are essential to meet governance and legal requirements. Others help ensure adherence to best practices and institutional conventions. Attempting to ensure compliance manually would be error-prone and frustrating. Automating policy enforcement ensures consistency, lowers development latency through immediate feedback, and helps with agility by allowing developers to operate independently without sacrificing compliance.
Kubernetes allows decoupling policy decisions from the inner workings of the API Server by means of , which are executed whenever a resource is created, updated or deleted. Gatekeeper is a validating and mutating webhook that enforces CRD-based policies executed by , a policy engine for Cloud Native environments hosted by CNCF as a .
In addition to the admission scenario, Gatekeeper's audit functionality allows administrators to see what resources are currently violating any given policy.
Finally, Gatekeeper's engine is designed to be portable, allowing administrators to detect and reject non-compliant commits to an infrastructure-as-code system's source-of-truth, further strengthening compliance efforts and preventing bad state from slowing down the organization.
Please visit Gatekeeper to find a collection of sample policies.
Compared to using (aka Gatekeeper v1.0), Gatekeeper introduces the following functionality:
An extensible, parameterized
Native Kubernetes CRDs for instantiating the policy library (aka "constraints")
Native Kubernetes CRDs for extending the policy library (aka "constraint templates")
Native Kubernetes CRDs for support
Audit functionality
External data support