Home

Awesome

🖥️ 👓 Monitor your OPA Gatekeeper via Grafana Dashboard

Setup Cluster

You can start your local kubernetes cluster via KinD or minikube

$ minikube start

Deploy Gatekeeper via Helm

You can deploy OPA Gatekeeper via plain YAML or Helm chart, in this guide we are going to use Helm to deploy OPA Gatekeeper

$ helm repo add gatekeeper https://open-policy-agent.github.io/gatekeeper/charts
$ helm install gatekeeper gatekeeper/gatekeeper

Install Prometheus Operator via Helm

$ kubectl create namespace monitoring
$ helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
$ helm install kube-prometheus-stack prometheus-community/kube-prometheus-stack --namespace monitoring

Intall ServiceMonitor

You need to scrape gatekeeper metrics, in order to do that you need a resource which is kind ServiceMonitor and you need a new port which is "metrics" in this case to the gatekeeper service like the following:

ports:
- name: https
  port: 443
  targetPort: 8443
- name: metrics                                                                
  port: 8888

After you edit the service , create the ServiceMonitor resource

$ kubectl apply -f monitoring/servicemonitor.yaml

Apply Sample Policies

$ kubectl apply -f policies/privileged-containers-contraints-template.yaml
$ kubectl apply -f policies/privileged-containers-constraint.yaml

Test

$ kubectl apply -f samples/

Open Dashboard

$ kubectl port-forward -n monitoring svc/kube-prometheus-stack-grafana 3000:80
$ open localhost:3000 # username: admin password: prom-operator

After you opened the Grafana in the browser, you need to import the your json file, in order to do that copy your dashoard.json add paste to the import section of the grafana dashboard, then vola !

Credit: https://promcat.io/apps/open-policy-agent

dashboard