tool

OPA Gatekeeper

OPA Gatekeeper is an open-source policy controller for Kubernetes that enforces custom resource definitions (CRDs) to implement policies and constraints on cluster resources. It leverages the Open Policy Agent (OPA) engine to evaluate policies written in Rego, a declarative query language, ensuring compliance with security, governance, and operational standards. By integrating with Kubernetes admission control, it validates and mutates resource requests before they are persisted in the cluster.

Also known as: Gatekeeper, OPA-Gatekeeper, Kubernetes Gatekeeper, Open Policy Agent Gatekeeper, Gatekeeper for Kubernetes
🧊Why learn OPA Gatekeeper?

Developers should learn OPA Gatekeeper when working in Kubernetes environments to enforce security policies, such as preventing privileged containers or ensuring resource limits, and governance rules, like labeling or annotation requirements. It is particularly useful in multi-tenant clusters, CI/CD pipelines, and regulated industries to automate compliance and reduce manual oversight, helping prevent misconfigurations that could lead to vulnerabilities or operational issues.

Compare OPA Gatekeeper

OPA Gatekeeper vs KyvernoOPA Gatekeeper vs Kube BenchOPA Gatekeeper vs Falco

Learning Resources

📄
OPA Gatekeeper Documentation
docs
🎬
Kubernetes Policy Enforcement with OPA Gatekeeper - Tutorial
video
🎓
OPA Gatekeeper: Policy and Governance for Kubernetes - Course
course
📝
Getting Started with OPA Gatekeeper - Blog Tutorial
tutorial
📚
Mastering Kubernetes Security with OPA Gatekeeper - Book
book

Related Tools

KubernetesOpen Policy AgentRego LanguageAdmission ControllersPolicy As Code

Alternatives to OPA Gatekeeper

KyvernoKube BenchFalco