Enabling OPA GateKeeper | Shifted to Helm for installing OPA GateKe…

…eper
Archisman-Mridha · Feb 8, 2024 · 8d8891b · 8d8891b
1 parent 3f635d0
commit 8d8891b
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 3 deletions.
diff --git a/kubernetes/manifests/kustomization.yaml b/kubernetes/manifests/kustomization.yaml
@@ -13,5 +13,5 @@ resources:
   - kube-prometheus-stack.application.yaml
   - kubescape.application.yaml
   - microservices.application.yaml
-  # - opa-gatekeeper
+  - opa-gatekeeper.application.yaml
   - strimzi.application.yaml
diff --git a/kubernetes/manifests/opa-gatekeeper.application.yaml b/kubernetes/manifests/opa-gatekeeper.application.yaml
@@ -21,3 +21,5 @@ spec:
     automated:
       prune: true
       selfHeal: true
+    syncOptions:
+      - CreateNamespace=true
diff --git a/kubernetes/manifests/opa-gatekeeper/kustomization.yaml b/kubernetes/manifests/opa-gatekeeper/kustomization.yaml
@@ -1,4 +1,4 @@
-resources:
+helmCharts:
   ## Kubernetes allows decoupling policy decisions from the inner workings of the API Server by
   ## means of Admission Controller Webhooks, which are executed whenever a resource is created,
   ## updated or deleted. OPA Gatekeeper is a validating and mutating webhook that enforces CRD-based
@@ -7,4 +7,10 @@ resources:
   ## resources are currently violating any given policy. Finally, Gatekeeper's engine is designed to
   ## be portable, allowing admins to detect and reject non-compliant commits to an IAC system's
   ## source-of-truth.
-  - https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/deploy/gatekeeper.yaml
+  - repo: https://open-policy-agent.github.io/gatekeeper/charts
+    name: gatekeeper
+    releaseName: gatekeeper
+    namespace: gatekeeper
+    version: 3.15.0
+    valuesInline:
+      replicas: 1