Introduction So far, we have seen about two OPA use cases and their importance. Today, we’re going to look at a policy used to deny unauthorized configmap volumes from being mounted. What is a ConfigMap? Configmaps are similar to Kubernetes Secrets but are used to store non confidential configurations that Read more…
Introduction In this article, we’ll look into the OPA policy to deny host network. The reason is because setting the “hostNetwork: true” allows pods to access the network namespace of the host machine, on which the pod is running. For those who are wondering why a container accessing the host’s Read more…
Introduction In this blog post, we’ll see how and why we need to restrict wildcards in RBACs. How RBAC works? We’ll first look at the components that are needed for delegating access based on roles. Verbs – The verbs are the different actions that can be performed on a resource. Read more…
In this series of blog posts, we will be looking at deploying OPA gatekeeper as the admission controller for our Kubernetes cluster. We will be focusing specifically on creating gatekeeper policies for RBAC (Role Based access controls) in the Kubernetes cluster. If you want to know how the Audit logs Read more…
In this series of blog posts, we will be looking at deploying OPA gatekeeper as the admission controller for our Kubernetes cluster. We will be focusing specifically at creating gatekeeper policies for RBAC (Role Based access controls) in the Kubernetes cluster. If you want to know how the Audit logs Read more…
In this series of blog posts, we will be looking at deploying OPA gatekeeper as the admission controller for our Kubernetes cluster. We will be focusing specifically at creating gatekeeper policies for networking inside the Kubernetes cluster. If you want to know how the Audit logs are sent to EFK, Read more…
In this series of blog posts, we will be looking at deploying OPA gatekeeper as the admission controller for our Kubernetes cluster. We will be focusing specifically at creating gatekeeper policies for networking inside the Kubernetes cluster. This article assumes that you are already familiar with installing OPA gatekeeper as Read more…
In this series of blog posts, we will be looking at deploying OPA gatekeeper as the admission controller for our Kubernetes cluster. We will be focusing specifically on creating gatekeeper Network Policy inside the Kubernetes cluster. If you want to push the gatekeeper Audit logs to EFK, you can read Read more…
Introduction In this article, we’ll see how we can block “latest” image tag, that is, denying the use of images with the “latest” tag. Yes! You read it right. But why block the “latest” tag? We’ll see that below. What’s wrong with the “latest” tag? We’ll understand this with the Read more…
Introduction This post is about the policy that we’ll use to restrict the use of images only from trusted repositories and the reason to require trusted image repos in an organization. Why do we need this policy? One reason to use an image from a trusted repository is because all Read more…