Technology Radar
Published : Oct 27, 2021
NOT ON THE CURRENT EDITION
This blip is not on the current edition of the Radar. If it was on one of the last few editions, it is likely that it is still relevant. If the blip is older, it might no longer be relevant and our assessment might be different today. Unfortunately, we simply don't have the bandwidth to continuously review blips from previous editions of the Radar.
Understand more
Oct 2021
Trial
用于Kubernetes的OPA Gatekeeper 是为 Kubernetes 实现的一个可定制的准入 webhook。它可以确保所有的规则都会被 Open Policy Agent (OPA) 执行。我们正在使用 Kubernetes 平台的这个扩展,来为集群添加一个安全层,以便通过提供一个自动化的治理机制,来确保所有的应用都符合定义好的规则。我们的团队喜欢它的可定制化能力。使用 CRD(CustomResourceDefinitions),就可以定义 ConstraintTemplates 和 Constraints。这会使得定义规则和对象(例如 deployments, jobs, cron jobs 等) 以及计算中的命名空间变得容易。
