Gatekeeper (Kubernetes)

Gatekeeper policy library for Kubernetes

• https://github.com/open-policy-agent/gatekeeper
• helm install gatekeeper

Errors[edit]

• Internal error occurred: failed calling webhook
• no endpoints available for service

Error: waiting for EKS Add-On (yourcluster:coredns) create: unexpected state 'CREATE_FAILED', wanted target 'ACTIVE'. last error: : 
AdmissionRequestDenied: Internal error occurred: failed calling webhook "check-ignore-label.gatekeeper.sh": failed to call webhook: 
Post 
"https://gatekeeper-webhook-service.gatekeeper-system.svc:443/v1/admitlabel?timeout=3s": no endpoints available for service 
"gatekeeper-webhook-service"
│ 
│   with module.downstream-clusters-EKS.module.eks.aws_eks_addon.this["coredns"],
│   on .terraform/modules/EKS.eks/main.tf line 390, in resource "aws_eks_addon" "this":
│  390: resource "aws_eks_addon" "this" {

Related[edit]

• CustomResourceDefinition (CRD)
• Open Policy Agent (OPA)
• Helm: ResourceQuota, MutatingWebhookConfiguration, ValidatingWebhookConfiguration
• Constraints
• gatekeeper-webhook-service
• Gatekeeper
• Kubernetes Admission Controllers

See also[edit]

• gatekeeper.sh, config.gatekeeper.sh, mutation.gatekeeper.sh, validate.gatekeeper.sh, gatekeeper-webhook-service
• Gatekeeper, installation, XProtect, OPA, gatekeeper.sh, config.gatekeeper.sh, gatekeeper-webhook-service
• Kubernetes policies, policy libraries, OPA, Gatekeeper (Kubernetes)
• Open Policy Agent (OPA), Gatekeeper
• Kubernetes security, OPA, EKS security, PSA, PSS, CKS, SecurityContext, Trivy, KubeBench, Kubernetes Admission Controllers admissionregistration.k8s.io, Hardeneks, Gatekeeper (Kubernetes), kubernetes.io/enforce-mountable-secrets, Auditing