
gatekeeper
๐ Policy Controller for Kubernetes
The Lens
Gatekeeper brings OPA's policy engine into Kubernetes as an admission controller. It enforces Rego-based policies on everything created in your cluster: require labels, block privileged containers, restrict which registries images can come from. It's the official OPA integration for Kubernetes, a CNCF project, open source and free.
It runs in-cluster and uses a constraint framework: you install a policy template once, then apply constraints that parameterize it, which makes policies reusable across teams. It also audits existing resources, not just new ones, so you can see what already violates a policy before you start blocking. Setup is a Helm install plus the policy library.
Fully free. The real decision is Gatekeeper versus Kyverno. Both do Kubernetes admission control; Gatekeeper uses Rego and inherits OPA's ecosystem and power, Kyverno uses plain YAML and is easier to pick up. If your org already runs OPA elsewhere and wants one policy language, Gatekeeper fits. If Kubernetes is the only target, Kyverno is usually the gentler path.
The catch: you inherit Rego. Gatekeeper's power comes from OPA, and so does its learning curve. For simple policies the constraint templates hide most of it, but anything custom drops you back into writing Rego. That's the trade for the flexibility.
Free vs Self-Hosted vs Paid
fully freeSelf-hosted (free): Gatekeeper under Apache-2.0, a CNCF project. The official OPA integration for Kubernetes admission control. A constraint framework makes Rego policies reusable via templates plus parameterized constraints. Audits existing resources, not just new ones.
Commercial: None.
The call: Gatekeeper versus Kyverno is the real decision. Gatekeeper uses Rego and OPA's ecosystem; Kyverno uses YAML and is easier to learn. Pick Gatekeeper if you already run OPA.
Completely free and open source (CNCF). No paid tier.
Get tools like this every Wednesday
One featured tool, three on the radar. No fluff.
About
- Owner
- Open Policy Agent (Organization)
- Stars
- 4,235
- Forks
- 866
Explore Further
More tools in the directory
openclaw
Your own personal AI assistant. Any OS. Any Platform. The lobster way. ๐ฆ
381.5k โeverything-claude-code
The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.
225.3k โhermes-agent
The agent that grows with you
208.2k โ