Skip to content

Org-wide Dashboards for OPA Gatekeeper

In our recent release in May, we enhanced our turnkey integration with OPA Gatekeeper. In this blog, I describe why we worked on this enhancement.

Many of our customers that operate mission critical applications on Kubernetes clusters have to comply with organizational policies and best practices. These customers depend on and use Rafay's turnkey integration with OPA Gatekeeper in the Rafay Kubernetes Operations platform.

Prior to this release, our customers would use Rafay to

  • Centrally orchestrate and enforce OPA Gatekeeper policies, and
  • Centrally aggregate OPA Gatekeeper violations in the audit logging system

They would then use Rafay's audit log aggregator to push the OPA violations in real time to their corporate SIEM such as Splunk etc.

Since most "Infrastructure and Operations" personnel and "App Developers" are not provided access to the corporate SIEM, they have been asking Rafay to develop dashboards that will help them answer some critical questions related to compliance with policies.

What is my current posture (i.e. summary) and how has my posture evolved over time? (i.e. trend)?

Common OPA Gatekeeper Policies

Customers frequently ask us where they should start with OPA Gatekeeper and our recommendation is that they start with a baseline comprising three simple policies.

  • Security
  • Reliability
  • Operational Efficiency

Here is a screenshot showing an example of these three OPA Gatekeeper policies implemented in a project in a Rafay Org.

Common Gatekeeper Policies

Centralized Dashboards for OPA Gatekeeper

With the enhanced org-wide dashboards for OPA Gatekeeper, Rafay Org Admins are now able to instantly visualize both "summary" and "trends" wrt. OPA Gatekeeper policies across all clusters in their Rafay Orgs.

Projects with OPA Gatekeeper

Are all projects in my Org compliant with my OPA Gatekeeper policies?

In the example shown below, the admin immediately knows that only 50% of the projects have OPA Gatekeeper policies enabled.

Clusters with OPA Gatekeeper

Are all clusters in my Org compliant with my OPA Gatekeeper policies?

In the example shown below, the admin immediately knows that only 50% of the projects have OPA Gatekeeper policies enabled.

What is the trend of OPA Gatekeeper policy violations in my Org?

In the example shown below, the admin immediately realizes that the number of violations has been trending in the wrong direction (i.e. increasing) and action may be needed immediately to resolve the violations.

Org wide Dashboards

In the next blog, we will walk you how organizations can provide their app developers a self-service experience with OPA Gatekeeper dashboards to ensure they proactively address policy violations.

Try It Out

Sign up here for a free trial and try it out yourself. Learn more about Rafay's turnkey integration with OPA Gatekeeper.

Important

Try our curated Get Started Guides for Rafay's turnkey integration with OPA Gatekeeper for organization wide policy management and enforcement

Our sincere appreciation to those who spend time reading our product blogs and provide us with feedback and ideas. Please Contact the Rafay Product Team if you would like us to write about specific features and enhancements.