Deploy your constraints

Fury Kubernetes modules are deployed via the furyctl command-line tool.

Packages are then customized with kustomize. It lets you create customized Kubernetes resources based on other Kubernetes resource files, leaving the original YAML untouched. To learn how to create your customization layer with it, please see the kustomize repository.


To deploy the Fury Kubernetes OPA module, you need the following

To deploy OPA gatekeeper you will need to allocate the following minimum resources:

  • Resource limits: 1000m for CPU and 512Mi for memory


Module Version / Kubernetes Version 1.14.X 1.15.X 1.16.X 1.17.X 1.18.X
  • Compatible
  • Has issues
  • Incompatible


To start using Fury Kubernetes OPA, you need to use the furyctl and create a Furyfile.yml with the list of all the packages that you want to download.

You can download the packages for a full opa stack including the enginer and contraints templates using the following Furyfile.yml:

  - name: opa/gatekeeper
    version: "v1.1.0"

and execute

$ furyctl vendor -H

to download the packages under ./vendor/katalog/opa.

See furyctl documentation for details about Furyfile.yml format.

To deploy the packages to your cluster, define a kustomization.yaml with the following content:

- ./vendor/katalog/opa/gatekeeper/core
- ./vendor/katalog/opa/gatekeeper/rules/templates

Then, execute the following command:

$ kustomize build . | kubectl apply -f -

See kustomize documentation for details about kustomization.yaml format.

Available packages


  • gatekeeper: Deploys gatekeeper-core and gatekeeper-rules
  • gatekeeper-core: Deploys only gatekeeper engine without rules.
  • gatekeeper-templates: Deploys only SIGHUP constraints template (no enforcement). Requires gatekeeper-core.
  • gatekeeper-rules: Deploys only SIGHUP constraints template (enforcement). Requires gatekeeper-core.

For further details please refer to the single package directories in our repository.

Last modified 25.06.2020: Updating module references (82f9ca7)