kube-mgmt | Sidecar for managing OPA on top of Kubernetes | Continuous Deployment library
kandi X-RAY | kube-mgmt Summary
kandi X-RAY | kube-mgmt Summary
kube-mgmt manages instances of the Open Policy Agent on top of Kubernetes. Use kube-mgmt to:.
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of kube-mgmt
kube-mgmt Key Features
kube-mgmt Examples and Code Snippets
Community Discussions
Trending Discussions on kube-mgmt
QUESTION
In Open Policy Agent (https://www.openpolicyagent.org/)
regarding to Kubernetes, depending which engine is used:
- Gatekeeper: https://github.com/open-policy-agent/gatekeeper
OR
- Plain OPA with kube-mgmt: https://www.openpolicyagent.org/docs/latest/kubernetes-introduction/#how-does-it-work-with-plain-opa-and-kube-mgmt
There are different ways to define validation rules:
In Gatekeeper the
violation
is used. See sample rules here: https://github.com/open-policy-agent/gatekeeper-library/tree/master/library/generalIn plain OPA samples, the
deny
rule, see sample here: https://www.openpolicyagent.org/docs/latest/kubernetes-introduction/#how-does-it-work-with-plain-opa-and-kube-mgmt
It seems to be the OPA constraint framework defines it as violation
:
https://github.com/open-policy-agent/frameworks/tree/master/constraint#rule-schema
So what is the exact "story" behind this, why it is not consistent between the different engines?
Notes:
This doc reflects on this: https://www.openshift.com/blog/better-kubernetes-security-with-open-policy-agent-opa-part-2
Here is mentioned how to support interoperability in the script: https://github.com/open-policy-agent/gatekeeper/issues/1168#issuecomment-794759747
https://github.com/open-policy-agent/gatekeeper/issues/168 In this issue is the migration mentioned, is just because of "dry run" support?.
ANSWER
Answered 2021-May-04 at 20:15Plain OPA has no opinion on how you choose to name your rules. Using deny
is just a convention in the tutorial. The real Kubernetes admission review response is going to look something like this:
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install kube-mgmt
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page