OPA

Fury's OPA module is based on OPA Gatekeeper, a popular open source constraints engine with OPA as its core. It enables the capacity of writing your constraints applying them to Kubernetes cluster workloads.

SIGHUP provides some base constraints that could be used both as a starting point to apply constraints to your current workloads or to give you an idea about how easy is to implement new rules matching other requirements.

Supported platforms

Fury Kubernetes OPA module can be deployed on the following platforms

  • on-premises or unmanaged cloud clusters
  • Google Kubernetes Engine (GKE)
  • Azure Kubernetes Service (AKS)
  • Amazon Elastic Kubernetes Service (EKS)

Architecture

This module was designed to be deployed as an engine making optional the deployment of constraints. This way you can use SIGHUP suggested rules or use yours with a certified and supported constraints engine.

OPA Stack

The following packages are included in the Fury Kubernetes OPA stack. All the resources listed below are going to be deployed in the gatekeeper-system namespace in your Kubernetes cluster.

Package Description
gatekeeper Gatekeeper is a customizable admission webhook for Kubernetes that enforces policies executed by the Open Policy Agent (OPA), a policy engine for Cloud Native environments hosted by CNCF.
gatekeeper SIGHUP constraints templates Gatekeeper basic constraints templates provided and supported by SIGHUP.

Deploy

Deploy your constraints

Constraint Templates

SIGHUP base constraint templates