-
Notifications
You must be signed in to change notification settings - Fork 70
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Review OPA Gatekeeper as a possible tool for testing #3
Comments
OPA vs K-railsOPA is more rigorous and all inclusive than K-Rails. OPA and Gatekeeper seem to be more configurable and should be able to handle more edge cases than K-Rails. OPA seems to be becoming the standard within the K8s community. OPA has more forks/stars/contributes OPA requires more configuration out of the box. K-rails has a monitor mode that allows default 'violations' to be monitored and reported on. K-rails has default violations/policies that need very little configuration. The violations are stored in a log and can be scraped. This can be useful for testing a cluster for containers that have privileged mode turned on, among other things. |
Open Policy Agent is an open source, general-purpose policy engine that unifies policy enforcement across the stack. OPA Gatekeeper provides first-class integration between OPA and Kubernetes.We can use OPA for at least one CNF Conformance test, and possibly more. The steps for using OPA and OPA Gatekeeper would be as follows:
|
@nickolaev peer review? |
Goal: Review using OPA Gatekeeper validate that CNFs continue to carry traffic when appropriate policies are enforced
Tasks:
ref: s43
The text was updated successfully, but these errors were encountered: