In this chapter, we explored how to use GateKeeper as a dynamic admission controller to provide additional authorization policies on top of Kubernetes' built-in RBAC capabilities. We looked at how GateKeeper and OPA are architected. Finally, we learned how to build, deploy, and test policies in Rego.
Extending Kubernetes' policies leads to a stronger security profile in your clusters and provides greater confidence in the integrity of the workloads running on your cluster. Using GateKeeper can also help catch previously missed policy violations through its application of continuous audits. Using these capabilities will provide a stronger foundation for your cluster.
This chapter focused on whether or not to launch a
Pod. In the next chapter, we'll learn how to track what
Pods are doing once active.