Enforcing workload deployment best practices using OPA Gatekeeper
In this section, we will deploy OPA Gatekeeper using our knowledge from Chapter 11. We will then configure OPA policies to enforce that every deployment has app and version as labels, and all port names have protocol names as a prefix:
- Install OPA Gatekeeper. Deploy it by following the instructions in Chapter 11, in the Automating best practices using OPA Gatekeeper section:
% kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/deploy/gatekeeper.yaml
- After deploying OPA Gatekeeper, you need to configure it to sync namespaces, Pods, services and Istio CRD gateways, virtual services, destination rules, and policy and service role bindings into its cache. We will make use of the configuration file we created in Chapter 11:
$ kubectl apply -f Chapter11/05-GatekeeperConfig.yaml config.config.gatekeeper.sh/config created
- Configure OPA Gatekeeper to apply the constraints. In...
