Operator for OPA Gatekeeper
Please see the Gatekeeper Operator design document located at https://docs.google.com/document/d/1Nxw4Agq6nJrPL24fJPiTXtjtLQRsLJtHo9x5urwYB_I/edit?usp=sharing for some background information.
To install the Gatekeeper Operator, you can either run it outside the cluster, for faster iteration during development, or inside the cluster.
But first we require installing the Operator CRD:
make install
Then proceed to the installation method you prefer below.
If you would like to run the Operator outside the cluster, you'll have to set the
WATCH_NAMESPACE
environment variable to the namespace you want the
Operator to monitor:
- Set the WATCH_NAMESPACE environment variable:
export WATCH_NAMESPACE=gatekeeper-system
- You then run the Operator with:
make run
If you would like to run the Operator inside the cluster, you'll need to build a container image. You can use a local private registry, or host it on a public registry service like quay.io.
- Build your image:
make docker-build IMG=<registry>/<imagename>:<tag>
- Push the image:
make docker-push IMG=<registry>/<imagename>:<tag>
- Deploy the Operator:
make deploy IMG=<registry>/<imagename>:<tag>