Kubernetes

View a selection of projects and talks about integrating OPA with Kubernetes.

Styra DAS has native support for mutating and validating Kubernetes at admission time via a prebuilt 'system-type', this is documented here.

OPA Gatekeeper integrates with Kubernetes Admission and also uses Custom Resources and the Kubernetes API server to store policy state.

View an example project showing how it's possible to integrate OPA with Kubernetes User Authorization.

Spacelift supports Rego as a language to describe policies for various resource types, including Kubernetes. View the policy documentation for more information.

This example project in OPA contrib uses OPA to enforce admission policy in Kubernetes.

Implements auditing and admission checking of Kubernetes resources using Rego policy using Polaris.

The GKE Policy Automation project provides a set of policies for validating Kubernetes clusters running on GKE. Review the policy library here

KubeShield implements runtime policy for containers in a Kubernetes cluster using eBPF. Follow the tutorial here to get up and running.

Implements the CIS benchmark using Rego for Kubernetes workloads.