Chapter 12: Security and Compliance Using OPA Gatekeeper

In this chapter, we'll cover bringing security and compliance to our Kubernetes clusters using OPA Gatekeeper and why it is needed to manage a cluster at scale. (OPA stands for Open Policy Agent.) With so many different teams deploying their applications on your clusters, enforcing standards in your environment (for example, blocking public image registries and blocking deployments that don't follow the rules, such as setting CPU and memory limits on Pods) becomes extremely hard. We'll also cover Rancher's Center for Internet Security (CIS) scanner, which is required to scan a Kubernetes cluster for known vulnerabilities, along with Rancher's hardening guides applying changes to RKE and ...