Helm OPA Plugin

This plugin enables you to check your rendered templates files again Open Policy Agent policies to ensure that they match your policies.

Usage

Define policies inside the policies folder in your Chart. e.g. Pods must run as nonRoot:

deny[msg] {
  input.kind = "Deployment"
  not input.spec.template.spec.securityContext.runAsNonRoot = true
  msg = "Containers must not run as root"
}

Run the policy check:

# helm opa CHART
Processing file deployment.yaml
Violations:
- Containers must not run as root
Processing file ingress.yaml
Processing file service.yaml
===
Result: Chart is not compliant

Install

$ helm plugin install https://github.com/eicnix/helm-opa

License

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Name		Name	Last commit message	Last commit date
Latest commit History 8 Commits
testdata		testdata
.gitignore		.gitignore
Gopkg.lock		Gopkg.lock
Gopkg.toml		Gopkg.toml
LICENSE.txt		LICENSE.txt
Makefile		Makefile
README.md		README.md
circle.yml		circle.yml
install-binary.sh		install-binary.sh
main.go		main.go
plugin.yaml		plugin.yaml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Helm OPA Plugin

Usage

Install

License

About

Releases 1

Packages

Languages

License

eicnix/helm-opa

Folders and files

Latest commit

History

Repository files navigation

Helm OPA Plugin

Usage

Install

License

About

Resources

License

Stars

Watchers

Forks

Releases 1

Packages 0

Languages

Packages