Kubernetes Setup
Set up OPA Gatekeeper in your Kubernetes cluster to enforce policies.
Prerequisites
- Kubernetes cluster v1.16+
kubectlaccess with admin privileges- Helm 3.x (recommended)
Installation
Using Helm (Recommended)
helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
helm repo update
helm install gatekeeper/gatekeeper \
--name-template=gatekeeper \
--namespace gatekeeper-system \
--create-namespaceVerify Installation
kubectl get pods -n gatekeeper-systemYou should see:
gatekeeper-audit-*- Audits existing resourcesgatekeeper-controller-manager-*- Enforces policies on new resources
Using Policies in SRExpert
Creating Policy Templates
- Go to Security > Gatekeeper > Policy Templates
- Click Create Template
- Choose a template from the Policy Examples
- Fill in Name, Kind, Description, Category, Severity
- Paste the Rego code
- Save the template
Applying Policies
- Go to Security > Gatekeeper > Policies
- Click Create Policy
- Select your template
- Choose target clusters
- Configure parameters
- Set enforcement mode (Warn or Deny)
- Click Create
Compliance Frameworks
These policies help meet requirements from major compliance frameworks:
| Framework | Requirements Covered |
|---|---|
| CIS Kubernetes Benchmark | 5.2 (Pod Security), 5.7 (Network Policies), 4.2 (RBAC) |
| NIST SP 800-190 | Container isolation, least privilege, network segmentation |
| PCI-DSS | Network segmentation (6.6), Encryption in transit (4.1) |
| SOC 2 | CC6.6 (Availability controls), CC6.1 (Access controls) |
| ISO 27001 | A.14.1 (Security in development), A.13.1 (Network security) |
| HIPAA | 164.312(a)(1) (Access control), 164.312(e)(1) (Transmission security) |
References
Next Steps
- Policy Examples - Browse available policies
- Gatekeeper Overview - Learn how to manage policies in SRExpert