Archived in favour of system-manifests/gatekeeper.
This repository provides Kustomize bases to deploy Open Policy Agent gatekeeper.
The resources are divided into two bases:
cluster
- cluster scoped resourcesnamespaced
- namespaced resources
Reference them in your kustomization.yaml
, like so:
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
bases:
- github.com/utilitywarehouse/gatekeeper-manifests/cluster
- github.com/utilitywarehouse/gatekeeper-manifests/namespaced
Define the gatekeeper configuration suitable for your environment.
Refer to the example/
.
Note that you need to provide the ClusterRoleBinding
for gatekeeper's service
account. This is required in order to keep the base namespace-agnostic.
To update the upstream version, edit HELM_VERSION
in the
Makefile
and run:
make helm
Note: requires helm
v3 and yq
v3.
This will update the files:
Patch changes on top of the upstream in the patches:
go get -u sigs.k8s.io/kustomize
The kustomize build can be tested with make
.
You can also install a pre-push
git hook that will run the tests on push:
$ make install-git-hooks
Our library of ConstraintTemplates
can also be pulled in as a base. See gatekeeper-template-manifests.