GatekeeperKubernetes Setup

Kubernetes Setup

Set up OPA Gatekeeper in your Kubernetes cluster to enforce policies.

Prerequisites

  • Kubernetes cluster v1.16+
  • kubectl access with admin privileges
  • Helm 3.x (recommended)

Installation

helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
helm repo update
 
helm install gatekeeper gatekeeper/gatekeeper \
  -n gatekeeper-system \
  --create-namespace

Verify Installation

kubectl get pods -n gatekeeper-system

You should see:

  • gatekeeper-audit-* - Audits existing resources
  • gatekeeper-controller-manager-* - Enforces policies on new resources

Using Policies in SRExpert

Creating Policy Templates

  1. Go to Security > Policy Management > Policy Templates
  2. Click Create Template
  3. Choose a template from the Policy Examples
  4. Fill in Name, Kind, Description, Category, Severity
  5. Paste the Rego code
  6. Save the template

Applying Policies

  1. Go to Security > Policy Management > Policies
  2. Click Create Policy
  3. Select your template
  4. Choose target clusters
  5. Configure parameters
  6. Set enforcement mode (Warn, Deny, or Dryrun)
  7. Click Create

Compliance Frameworks

These policies can help support requirements from major compliance frameworks:

FrameworkHow policies help
CIS Kubernetes BenchmarkPod security, network policies, and RBAC hardening
NSA/CISA Kubernetes HardeningWorkload isolation, least privilege, and supply-chain controls
NISTContainer isolation, least privilege, and network segmentation
PCI-DSSNetwork segmentation and encryption in transit
SOC 2Access controls and availability controls
ISO 27001Secure development practices and network security
HIPAAAccess control and transmission security

The mapping above is indicative. Always validate specific control coverage against the current revision of each framework for your environment.

References

Next Steps